Hello,
I noticed my computer running very slow. So I scanned it with avast. It found nothing. I then ran a scan at boot that found JS: Agent - die Trj. It was in my Firefox settings. I am wondering if there is a way to tell when the infection happened. I just made a backup of my hard disk with macrium 2 days ago and I want to know if it and or my hard drive is infected. Also is there a way to see what the Trojan did or if it was able to install malware or copy files?
I then ran a scan at boot that found JS: Agent - die Trjin your firefox cache/temp folder i guess .... most likely a leftover from a infected website
Taking forever to finish I’ll upload asap.
Well this time there will be three files. However I don’t know how to get them to display.
Is there any way to figure our what files were accessed or uploaded?
Hi this is something new
I may need to take several runs at this
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
CreateRestorePoint: Unlock: C:\WINDOWS\System32\drivers\cdsmxbdr.sys Unlock: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dcqixu DisableService: dcqixu AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm C:\ProgramData\MakeMarkerFile.exe C:\WINDOWS\System32\drivers\cdsmxbdr.sys EmptyTemp: CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
I am totally glad you are trying to help me fix this issue. But can you please let me know if there is a way to see what was accessed if anything. Do I need to change all of my passwords? I never type them in I used a password utility. I do type my master password in that. Also were my files messed with?
The computer its self is going to get wiped and reinstalled either with my backup or my installation disc.
I doubt that the system will need to be wiped. Essexboy has almost resolved all issue realting to Trojans/Viruses without the need for wiping the HDD clean.
Do I need to change all of my passwords?
It never hurts to change your passwords every month or so. It’ll only help you. So, yes.
Well the fix has been running for a few hours now.
OK stop FRST, there should be a fixlog on the desktop could you post that and then run the following programme:
Download AVZ tool from here to your desktop
Unzip all files to a folder on your desktop
Open the folder and double click the AVZ icon
https://dl.dropboxusercontent.com/u/73555776/avz.JPG
When the tool opens select “File” > “Standards scripts”
https://dl.dropboxusercontent.com/u/73555776/avz1.jpg
Place a tick in :
3. Advanced System Analysis with malware removal mode enabled
5. Update signature database
Then press “Execute selected scripts”
https://dl.dropboxusercontent.com/u/73555776/avz2.JPG
There will be several warnings, OK them all and the system will reboot on completion of the analysis
After the reboot look in the folder AVZ4 on your desktop
Open the LOG folder
Place the zip file in your dropbox public folder and post the sharing link in your next post KL_syscure.zip
Well I thank all of you for your help but my computer crashed and I have to get my computer up and running because I have homework due tomorrow. So i am just going to re-image my drive and hope the issue happened after my backup was done. I assume I can just use Avast and Malware bytes to do a scan of the fresh install and find anything that may be an issue. Would you guys do anything else? I would have liked to resolve this issue with out the wipe but my homework can not wait.
Not a problem with re-imaging. I t was the quickest option
Aye Avast and MBAM should suffice
Can you guys recommend a forum about personal security to prevent this from happening? Should I start running things in a sandbox?
To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe 