If it’s not one thing it’s the next. I’m writing this blog on my old laptop. Why? After almost getting on top of my hard drive issues my PC has been infected by at least one serious trojan infection.
I went to a site I normally visit using Opera and there was a popup which I closed. Suddenly my Windows Firewall turned off – not a good sign. I didn’t have time to investigate as I was just going out.
When I got back to my PC it has frozen. Upon restart a utility I have installed warned me that a very suspect b.exe was trying to add itself to my startup items. I clicked a button which normally launches my browser and the PC froze up again.
I ran a virus scan in Safe Mode and detected several issues, most worryingly a trojan called Alureon. Even though I thought Avast had managed to remove it, it appeared again in different files upon restarting the PC.
I’d also discovered something called a UAC*.sys infection. A page on the Internet suggested looking for a rogue entry in the Device Manager which I found and removed.
It then occured to me that there might be a dodgy Windows service running which kept reinfecting different parts of the PC. When I looked there was a very suspicous service with a random selection of characters making up it’s name and description. Needless to say it’s now disabled!
Since then I’ve been running several full scans in The Microsoft Windows Malicious Software Removal Tool, Avast!, SpyBot, Ad-Aware and currently Malwarebytes. Each tool finds different problems which always leaves the thought, “are there any other malware programs/viruses which haven’t been found?”
I wonder if the latest version of Opera has fixed the security hole that allowed this trojan to infect my PC? Either way, I’ll keep my browsers more up-to-date in future (probably mainly Chrome from now on) and run them in a sand box application. Also, I think I’ll have to look for another alternative to Windows Firewall for general security.
Hopefully I’ll get away without having to do a full reinstall of Windows and without losing any data. Fingers crossed.
Sorry to learn about your trojan trouble but you seem to have it under control.
I wonder why you’ve pinned the problem down to an Opera security hole. Is it correct to infer that your PC runs Vista and no residential router is used?
TrojanHunter might help in your circumstances.
> Upon restart a utility I have installed warned me that a very suspect b.exe was trying to add itself to my startup items. <
Which utility is this?
I’m running Firefox 3.5 (with noScript plug-in) and AVG Free Anti-Virus and it seems to be working pretty well. Never had a virus/trojan on my PC in the last 7 years. I could’ve been just lucky. :p
Do you have any ideas how the trojan may have gotten in?
I’m still not sure whether it’s been permanently removed the same trojan keeps being picked up by different tools even though each one claims to removing it and other issues.
I think it was Opera because of the pop-up and sudden shut down of Windows Firewall. Following that I left the PC while I went out so I’m pretty sure this was the root cause.
Thanks, I’ll look up TrojanHunter. The utility I use is SpyBot-SD – I recommend it as it saves you having to constantly purge down your start up items and gives you more control over what programs are doing to your start up config.
Yeah, I have been pretty fortunate up until this point but I’ve learnt my lesson!
I mention in my post how I think the trojan got into the system.
If you keep getting the same virus pop up time and time again, turn off the XP or Vista system restore function. Any DLL files or system files the OS thinks are important it will copy, if they go missing, the OS will replace them. Even if they are virus infected.
Turn off system restore, run a full virus scan, turn back on system restore if you want to continue to use it.
Good tip thanks. Yes, that could well have been happening.
I’ve already turned off System Restore which wiped all my restore points and one of the tools I was using did manage to search the System Restore files and locate the trojan.
As for your firewall bro. zone alarm pro always worked well for me.
Hi Fouad. I used to use Zone Alarm but stopped using it for some reason or another. I may try it again if I don’t get on well with Comodo which I’ve just installed.