Virus Removal Guide / Assistance.

Over-Dose

Over-Dose

Well-Known Member
Joined
Mar 15, 2010
Messages
223
Reaction score
2
Location
Cape Town
Virus Removal Guide / Assistance. [SOLVED]

I have a friend who is being held hostage by a Trojan Horse worm that (for the life of me I can't understand how) has infected his Windows PC. He's running Windows 7 Ultimate 64 bit, and had AVG Internet Security 2012 previously (now expired), which he converted to AVG Free.

The specific Trojan is called "Trojan Horse Agent3.CPCF"

Now he is trying by all means to avoid having to do a clean re-install of Windows, due to not having enough space on his external to backup all his info that's on the machine to his external HDD.

I've gotten him to install Malwarebyte and it installed, it updated, and did a quick scan (no infections found) and the full scan keeps freezing (not responding) and he has to reboot the machine.

I got him to try running Malwarebytes in Safe Mode as well, and it didn't find anything, but after trying that, when he booted into Windows normally, the machine seemed to be worse off than before (i.e. slow startup & slow responding, erratic behaviour & some software doesn't work at all). So clearly it is still on the machine.

Being the one who is a little bit more tech savvy than he is, I have searched for solutions online, and have found a few sites that I can trust that offer up some solutions (2 in fact - BleepingComputer & MajorGeeks) but the majority look extremely suspect as they offer up "removal tools" whereas the sites that I trust mention nothing of these tools.

Any advice on how to go about getting rid of this thing? :confused:
 
Last edited:
Option 1: Take the hard drive out of his PC and scan it completely in another (clean) PC using several different tools.

Option 2: If you are going to do a re-install, you have to completely delete the previous partition and create a new partition and then format.
 
GreGorGy said:
http://bit.ly/WI8VD5

:D
Click to expand...

Thanks for nothing Greg. Just cos you run a MAC doesn't mean we can't help a PC guy in need. And in case you missed it, I have been on Google and have been met with a whole bunch of USELESS sites in search results. I only came here because I trust this forum and the advice given here. But after your response, I am beginning to wonder... :p

PS. I hope your OSX crashes! :D

Garyvdh said:
Option 1: Take the hard drive out of his PC and scan it completely in another (clean) PC using several different tools.

Option 2: If you are going to do a re-install, you have to completely delete the previous partition and create a new partition and then format.
Click to expand...

Thanks Gary, I'll have to get to his place and try and scan it from my laptop which is clean. Very USEFUL suggestions, unlike SOME PEOPLE **peers over at Greg**


Seriously said:
i will try this first

http://blog.teesupport.com/your-avg...t-rid-of-the-virus-manually-step-by-step-now/
Click to expand...

Thanks Seriously, I've been to this site and was about to get to this when I get to his place later this evening, as this was one of the places that offered some sort of sensible solution. I'll do this before I get to Gary's USEFUL suggestion.
 
Home user advice…

Personally in my opinion, avoid AVG… I believe in data provided by Prevx, http://www.prevx.com/avgraph/1/AVG.html

Use Microsoft Security Essentials instead, does the work superbly in home network environment. The updated Windows Defender also does good Malware protection.

Try these (internet connection required to update database):

Panda SafeCD
http://www.pandasecurity.com/homeus...d=2&Ref=WW-EN-SAFECDFREEPAGE-1009&track=96464

Kaspersky Rescue Disk
https://support.kaspersky.com/4162
 
Iirc You can also download a Linux pen drive distro with clamav & fsutils which boots into ram so you don't have to remove the hdd. I remember using this in the past:
www.ubcd4win.com
 
Im no expert but if your friend doesnt mind paying for an anti virus then id def go with the new BitDefender Im sure it will definetly clean up and protect his PC in the future.

If he wants something free and legal then the Comodo trio - anti virus, internet security and firewall is a good option. I use this and I have never had any virus problems. I know some people say its not very effective etc etc but for a free product it certainly kept my PC clean for a long time and I download a lot. So maybe it'll work for him?

The combination of the Comodo trio, malware bytes and peer block is quite an effective free security combination, but ofcourse the best form of PC security is the user.

Goodluck man, hope you remove that nasty trojan!
 
Last edited:
@ Fulcrum29 & juBa - Thanks for the input, but I have already installed Microsoft Security Essentials since the infection (too late I know) but now the main thing is getting the Trojan off the machine, so he can default to MSE & Malwarebytes as his protection.

This thread was merely trying to find out if anyone has any alternate advice to some of the sites I found, like Gary's or Murray's suggestions.

So I just want to prevent the thread from becoming advice on a suitable anti-virus or similar, as opposed to the subject at hand.

@ MurrayBiscuit - Will have a look at that option as well. But removing the drive is pretty quick & easy and doesn't involve learning any additional software (or worse - risk deleting or corrupting his main system drive). Thank anyway.
 
My friend's PC has been cleaned and is running as the owner recalls it to be running.

Took me just over an hour to solve it, as it was booting fine, but would hang about 2 minutes into booting up normally.

I basically combined advice from Major Geeks and Bleeping Computer.

Steps I used to (what appears to) remove "Trojan Horse Agent3.CPFC" :

Step 1 - Booted into Safe Mode (with Networking) to try and initiate a manual removal. Failed, as none of the listed processes were running.
Step 2 - Restarted machine and booted into Safe Mode and commenced with the tools I read were used on the two sites I mentioned.
Step 3 - Ran "Defogger.exe" - Shuts down any CD emulation software / drivers (these can interfere with virus removal process)
Step 4 - Ran "RKill.exe" - Utility developed by the Bleeping Computer site to diagnose and fix malware infections.
Step 5 - Ran "RogueKill.exe" - Utility also used to diagnose PC and detect any malware that does not belong on system.
Step 6 - Ran "AdwCleaner.exe - Also diagnoses a whole host of malware infections and removes them.
Step 7 - Finally Ran "ComboFixer.exe" - The final malware removal tool that was listed.

Once all the above were done scanning, detecting and deleting in Safe Mode, I rebooted machine and logged in normally into windows.

Step 8 - Installed Revo Uninstaller and removed any software I know is not needed on the machine, including the AVG trial which was about to expire anyway and cleaned up leftover files.
Step 9 - Installed CCleaner and removed any excess files (browser history, temp etc. - 1GB worth in this run) and then also did a Registry clean with the same tool and fixed whatever issues it found.
Step 10 - Rebooted PC and logged into windows normally (by now machine had stopped being sluggish and having 100% CPU usage in its idle state)
Step 11 - Ran Steps 4 to 7 again while booted in windows normally and restarted PC.
Step 12 - Logged in normally and ran "Defogger.exe" to re-enable the CD emulation drivers / software.

At this point I let the PC stand to check if any processes started up by themselves, which started the 100% CPU usage slow down. PC was fine in idle state, wit CPU at no more than 10% while dipping up and down.

Step 13 - Re-enabled all system security software that had been disabled by the Trojan (i.e. Windows Firewall, Windows Defender etc.) and then performed updates on all installed (KNOWN) anti-virus / malware protection software.

At this point, the machine was purring like a kitten, with no visible signs of any processes running themselves.

Step 14 - Performed a quick scan with Malwarebytes and it returned nothing.

Machine was done.

I advised him that he need to do FULL scans with all security software he has. I also informed him to do system Deftrag when done with the full scan.

And that's that.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X