PDA

View Full Version : re-infection



NZHawk
02-07-2008, 09:30 AM
computer was infected w/trojans
ran avast
ran ccleaner
installed, updated scanned BitDefender 2 times (once in safe modem, once in normal): came up clean

returned to customer

customer plugs in & is getting warnings from Spybot residential shield & BitDefender of infections.

The computer is connected to two other computers but neither of the other computers were on.

How is this infection happening when I returned the computer clean?

nofam
02-07-2008, 09:43 AM
Did you disable system restore before you scanned Hawk?

If not, the trojan is possibly resurrecting itself from there.

Also, is the customer reconnecting an external drive etc that could have the source of the infection on it?

NZHawk
02-07-2008, 11:02 AM
Yes the system restore was disabled.
No there is not any external hard drive.

wainuitech
02-07-2008, 11:18 AM
The programs used looks like they have missed cleaning out the Trojans - the ones listed are not enough these days, you need several to get a PC completely clean.

Download all the antispyware programs from my sig install/update and run, as well as one Pctek uses - Spyware terminator (http://www.spywareterminator.com/) <---- been using that myself lately, and its damn good. You can also install Spyware Doctor Starter (http://www.download.com/Spyware-Doctor-Starter-Edition/3000-8022_4-10704508.html) - It has a habit of changing to the paid one after a while, but it still usually works after the first update as the free one and removes spyware it catches. look for speedys sig as well , and get Trojan remover - run it.

NZHawk
02-07-2008, 11:21 AM
Thank you.
Will do and report back.

pctek
02-07-2008, 11:26 AM
Pctek uses - Spyware terminator (http://www.spywareterminator.com/)

Pctek uses Counterspy among others.
Pctek installs Spybot, Superantispyware and Spyware Terminator on customer PCs, unless they ask for something specific.

They get 3 unless they are on dialup in which case they get 2.
Some get more.

I also leave in a folder on their PC - all my other checkers and fixes, inc HJT.

nofam
02-07-2008, 11:33 AM
Wouldn't hurt to post a Hijackthis log here either for Speedy to cast an eagle eye over!!

NZHawk
02-07-2008, 11:33 AM
PcTech: thankyou - excellent suggestion - I will follow suit.

Hawk

NZHawk
02-07-2008, 11:43 AM
I'll have to hold off on Hijackthis log as the customer has the computer.

Pancake
02-07-2008, 12:11 PM
Why dont you get your customer to post here on a one to one rather than through a third person ?

tweak'e
02-07-2008, 12:28 PM
computer was infected w/trojans
ran avast
ran ccleaner
installed, updated scanned BitDefender 2 times (once in safe modem, once in normal): came up clean

returned to customer

customer plugs in & is getting warnings from Spybot residential shield & BitDefender of infections.

The computer is connected to two other computers but neither of the other computers were on.

How is this infection happening when I returned the computer clean?

could be in restore or the installer is still on the pc somewhere. pays to delete any temp files.

also the cust could be reinfecting themselves by installing their favorite program or visting a site.
i've had legit looking kids sites that shove spyware onto the pc, naturally most people will click yes especially if useing IE which will download the spyware and ask to install every time they go to it :(

NZHawk
02-07-2008, 01:12 PM
-could be in restore or the installer is still on the pc somewhere.
turned off system restore
- pays to delete any temp files
did this as well