Darn pesky kids have trojaned my pc.

Page may contain affiliate links. Please see terms for details.
OP
OP
C

Crackle

..
No Malwarebytes (thanks Yenners for the recommendation), seems to have cleaned it up in safe mode. I'm just running a command line virus scan, followed by a defrag. I Will then go back and check out all the programs, a few seem to have been corrupted. I also noticed a few processes running a bit raggedy, which I don't think are anything to do with the Trojan but I want to find out more on them and see if I can tune them.

My computer doesn't have user accts. and the kids have their own computers. They run like dogs and they are beginning to realize that my advice is grounded in experience. They are not normally allowed on my pc but the eldest has broken his and decided to use mine: We've had words.

All my data is backed up on other discs and using online software so that's never in danger. So far I've never needed malware software just used a firewall and virus software. My PC is pretty complex as I've software on it for video, photo and music editing. I don't do re-builds, I only do recovery now and tuning.

Thanks for everyone's advice, I shall look at malware removal programs in more detail now, might post separately about a few processes, in particular about csrss.exe and what it does and how it can be tuned and it is a legit program not a Trojan which is running.
 
G

Ghost Donkey

Guest
Bongman said:
I wont repeat the instructions above, but I will say this :

You should not let your kids have/use an administrator account. If you do, this will happen again and again.

If you had only given your kids normal user rights (as recommended by Microsoft) this most likely would not have happened.
Click to expand...

Both me and my wife use a user account for general use also. When the kids get bigger I'll lock the computer down like a barsteward.
 
P

peanut

Guest
If I were you I would try to use restore to restore your PC back to yesterday. If the trogan will let you do it you'll be back to before you got infected.

To use System Restore to restore Windows XP to a previous state, follow these steps:
  1. Log on to Windows as Administrator.
  2. Click Start, point to All Programs, point to Accessories, point to System Tools, and then click System Restore. System Restore starts.
  3. On the Welcome to System Restore page, click Restore my computer to an earlier time (if it is not already selected), and then click Next.
  4. On the Select a Restore Point page, click the most recent system restore point in the On this list, click a restore point list, and then click Next.

    Note A System Restore message may appear that lists configuration changes that System Restore will make. Click OK.
  5. On the Confirm Restore Point Selection page, click Next. System Restore restores the previous Windows XP configuration, and then restarts the computer.
  6. Log on to the computer as Administrator. The System Restore Restoration Complete page is displayed.
  7. Click OK.
If you successfully restored your computer to a previous state, and the computer is performing as it should be, you are finished.
 
OP
OP
C

Crackle

..
Too late for system restore and would that actually work with a Trojan, though noted for future reference. Right now I'm getting the Trojan popping up in the Windows restore files. Now I have had this before with a previous infection and I did cure it, can't remember how.

Everything seems to be fine now. I don't suspect a rootkit as I have inspected the processes running with a process monitor from Microsoft which shows them individualy and as part of a process tree.

4 programs failed:-

4 on demand
Picaso
Instant CD/DVD
Explorer

In addition Firefox, which I downloaded, fails on browsing. I've tried repairs on these without success and have now uninstalled them. There's obviously some file/registry commonality here but which and how, I don't know. IE is back up and I will re-install the others. I suspect they'll work after that but I will be non the wiser why.

Once it's all working, I'll create a restore point.

Technology, who needs it. My phone went bananas today as well. It seemed to lose the earpiece speaker. Eventually I realized it still thought it had a jack in. Re-inserting the headphone jack and taking it back out cured it: Weird.
 
P

peanut

Guest
Crackle said:
Too late for system restore and would that actually work with a Trojan,
Click to expand...

well you won't know until you try it will you ? :biggrin:
it should have been the first thing you did really instead of fiddling .
have you been into the bios and turned of writing to bios changes ?might save you further grief on rebooting.

Why not create a new user for the kids with non admin rights when its sorted?
 
OP
OP
C

Crackle

..
Because they're not supposed to be on it :biggrin:

I don't use system restore because it rarely works for anything other than software installs or hardware changes. I suspect it wouldn't work on a virus and problems tend to develop in a way which makes pinpointing a restore point in time difficult or because a hardware fault has manifested itself. What I should really do is image the whole PC, that might be next on the list. I will give it a whirl next time though.
 
P

peanut

Guest
Crackle said:
What I should really do is image the whole PC, that might be next on the list. I will give it a whirl next time though.
Click to expand...

I always use Nortons Ghost to clone all my hard drives.It didn't save me the last time though as the clone managed to fail also.:biggrin:

If you want a floppy version let me have your email addy
 
OP
OP
C

Crackle

..
Oh that took a bit of time. I did go for your suggestion of a restore Peanut but it didn't work this time. Everytime I fixed IE and then downloaded Picasa both corrupted and crashed. It turned out to be a corrupted Google toolbar which once removed stopped the others erroring.
 
Carwash

Carwash

Señor Member
Location
Visby
Crackle said:
I suspect information exchanged hands: Their mother is being questioned......:ohmy:
Click to expand...

<gasp!> Be prepared for the possibility that they may have bought her silence with cake. :eek:
 
You must log in or register to reply here.

Similar threads

wakemalcolm
Friday: where have you been all my week?
Replies
5
Drago
R.I.P. PC Trevor Lock
Replies
2
Pinno718
Wednesday - Icarus shouted "I should have used grab adhesive"
Replies
16
D
No wonder I have trust issues!
Replies
20
Top Bottom