WHOA! did I get attacked ??? what happened?

[97tbird]

ok, i was browsing at a familiar site (FF 3.5) when all of a sudden, windows security shield thing popped up and said "you may be at risk; click this balloon" : so i did, and it says windows firewall has been turned off, and recommended turning it back on; I did.

a few seconds later AVG free resident shield pops up and says "Threat detected", and i click on it and it shows 2 trojan horse infections; i removed both of them virus vault;
I could hardly finish doing that, a BLUE screen pops up (whole screen) and says something like "windows has detected a threat and will be shutting down the laptop to protect..." bla bla, i couldn't even read more than 4 lines, (there was more bla bla on the screen) the laptop shuts off, and restarts ..

restarted normal, and gave me the message "the system has recovered from a serious threat (or was it "error"?); want to send error report..?" etc etc ...

Now all works as normal; I went to AVG and emptied the virus vault just now.

doing a manual AVG free scan now.

what was this? is there anything else i should do?

Thanks...

PS: now that i think of it, just before all this took place, i had done a search in google, clicked on one of the links, and noticed that it wasn't loading...and then just clicked on some other link from the search...

 

[greenaccord02]

See if anything comes up from the AVG scan. I'd bet you're OK.

 

[GrtArtiste]

Might be a good idea to rerun your scan in safe mode, also any anti-malware you might have. I use Superantispyware and Malwarebytes. If after that you think you might still have a problem, there are several good antivirus programs that will give a free 30 trial of their full version (F-prot-Avira-Kaspersky-ESET Nod32 to name a few). Pick one and remember to disable AVG b4 you install it. Maybe it'll find something AVG did not.

 

[simple_gifts]

Quote:

what was this?


An OS handling a security event, badly.

I assume you do regular patching....

 

[97tbird]

OK:
AVG scan already showing something under "threats found":

Trojan Horse Clicker.AAJC
C:\windows\system32\net.net

what the h is this? i hope I can delete/quarantine when AVG stops scanning...

EDIT: now it's 2 more:
trojan horse agent2.NLB and trojan horse agent2.NLB dropper

 

[OVERKILL]

Run a scan with Avira.

As well as an on-line NOD32 scan at eset.com

 

[Crustacean]

Originally Posted By: 97tbird
OK:
AVG scan already showing something under "threats found":

Trojan Horse Clicker.AAJC
C:\windows\system32\net.net

what the h is this? i hope I can delete/quarantine when AVG stops scanning...
Anything different about Windows, I had an event 2 days ago, a screen popped up about a security threat it had the windows shield, I dint trust it since the Russian mall-ware virus looked like that, I shut it down and after reboot I found my task bar icons were smaller than normal. I cant get them back to normal size so now I live with it.

 

[aquariuscsm]

"you may be at risk; click this balloon"

^^NEVER EVER do that. That`s the way you get hacked,spyware,adware,etc. Anytime you get a message like that,push ctl/alt/delete and bring up your task manager,then click "end program" on the list it pulls up.

Anytime you get a rogue pop-up like that never click yes,no,or even the x in the corner of the pop-up. Always engage your task manager.

 

[aquariuscsm]

Originally Posted By: Crustacean
Originally Posted By: 97tbird
OK:
AVG scan already showing something under "threats found":

Trojan Horse Clicker.AAJC
C:\windows\system32\net.net

what the h is this? i hope I can delete/quarantine when AVG stops scanning...
Anything different about Windows, I had an event 2 days ago, a screen popped up about a security threat it had the windows shield, I dint trust it since the Russian mall-ware virus looked like that, I shut it down and after reboot I found my task bar icons were smaller than normal. I cant get them back to normal size so now I live with it.


If your antivirus can`t get rid of it,boot your computer in safe mode,put the name of the virus in the search bar to find its location on your hard drive,then manually delete it. Then reboot your computer in normal mode and the virus should be gone.

 

[OVERKILL]

Originally Posted By: aquariuscsm
Originally Posted By: Crustacean
Originally Posted By: 97tbird
OK:
AVG scan already showing something under "threats found":

Trojan Horse Clicker.AAJC
C:\windows\system32\net.net

what the h is this? i hope I can delete/quarantine when AVG stops scanning...
Anything different about Windows, I had an event 2 days ago, a screen popped up about a security threat it had the windows shield, I dint trust it since the Russian mall-ware virus looked like that, I shut it down and after reboot I found my task bar icons were smaller than normal. I cant get them back to normal size so now I live with it.


If your antivirus can`t get rid of it,boot your computer in safe mode,put the name of the virus in the search bar to find its location on your hard drive,then manually delete it. Then reboot your computer in normal mode and the virus should be gone.


I will add:

TURN OFF System Restore when doing the above. Or the computer can simply re-infect itself.

 

[97tbird]

so ok;
what shall i do? after running and hopefully deleting these 3 with adaware, shall i start in safe mode and just do malware bytes and superantispyaware?

some also suggest turning system restore "off" before doing this.

gonna look at nod-32 and avira too, but is it overkill if AVG deletes the trojans?

 

[97tbird]

still running AVG:
plan:
try to delete with AVG; turn system restore off, boot in safe mode, run Malware Bytes and SAS in safe mode.
will report after doing that.

Can I run MWB and SAS at the same time in safe mode?

 

[flacoman]

Another good utility to have is Killbox .
Will manually kill a file and insert a dummy in its place, and unregister a dll.
There's a new wave of malware making the rounds and Super and MWB are now just catching up.
HTH & report back
Jorge

 

[Pablo]

Find and run a-squared. Then superantispyware.

 

[97tbird]

ok...thanks. downloading a^2 now...
can i run those things at the same time in safe mode? (MWB, SAS, A-sq)? or shall i run them one @ a time?

 

[97tbird]

OK AVG finished (not in safe mode). 5 trojans were found and removed to virus vault; emptied virus vault.

Now gonna run in safe mode and do MWB, A-sq, and SAS.

 

[OVERKILL]

Don't forget to turn off system restore.

 

[97tbird]

thanks; overkill; i did turn SR off.

posting this using wife's laptop.

ran MWB in safe mode: found 10 threats, mostly trojans; got rid of them, MWB needed a restart to complete the deletion, did one, turned laptop off, booted again in safe mode, now running SAS, (still) and has found 2 threats so far, but the usual stuff: tracking cookies, etc.

EDIT: sas now showing 1 rootkit...

Next up is a - squared; i have to update it b4 running it though...

should i run AVG free again, this time in safe mode?

EDIT: sas found 5 things ... removed all of them, and to complete removal, rebooting now...

 

[97tbird]

rebooted again in safe mode, and scanning with A-squared...seems to be finding a lot of small stuff ... so far... we'll see..
I selected the deep scan option...

 

[97tbird]

EDIT:
and deep it is : after 20 min it has scanned 4%