I (Or one of my family members) got another virus on the family computer. Usually we are pretty safe when it comes to E-mails and what websites we go to, in fact, we’ve only had 2 viruses and they both happened this month, is there a reason for this? We never had any before. But anyway…

I turned on my family computer and Windows Defender told me that I had a trojan/virus. Apparently it is called: “TrojanDownloader:Win32/Renos.JM”. Which brings up ads on your computer? Is this dangerous? What does it really do? (Or does it just pop up ads?) Windows Defender says it’s a Level 1 High Risk virus.

Avast! and Windows Defender both told me that I had that virus. I supposedly deleted it with Avast! (Does just hitting “delete” when Avast tells you that you have a virus, actually work?) but not Windows Defender. As I was doing a thorough scan with Avast!, Windows Defender kept telling me that I had that same virus. But last night I “supposedly” got rid of it with Avast!.

Until I logged onto the computer today. Now two ads just popped up about buying a camera, without me being on the Internet, that is from the virus right?

Avast! says I don’t have any viruses, but there is a lot of files it can’t scan. I tried OneCare’s Safety Scanner and it cleaned up most of the viruses/problems but 2 viruses (?) and 1 issue couldn’t be cleaned up. Windows Defender is still giving me warnings about the virus, and everytime I try to quarantine the virus with Windows Defender, it says it was successfully quarantined, but then the warning pops back up about a hour later.

So far, 4 advertisements have popped up. 2 Pop up at a time.

I also heard you can get viruses from other computers using the same network. So I disconnected my other computer (My computer) from the Internet, would this prevent it from getting this same virus? I’m afraid to use my computer (Not the one with the virus) just in case I get this virus. Should my computer be safe if it isn’t connected to the Internet?

Please help.
Thanks in advance!

If your computer is firewalled and does not have permissions set to file share across th network it should be ok.
Did you try MBAM (recommended in your other thread) on this one? Please do so.
This trojan is typically installed when trying to play a movie from the internet that “says” it requires a particular codec or player to play it. When the user clicks “download” or “ok” the malware is installed. It may then download more components (trojans etc), not good.
Here is what the malware centre at MS have to say about it. Quite informative.

You need to make sure the software on all computers is up to date. Try www.secunia.org once this is cleaned up, and perform an online scan. The site will ask to install an ActiveX control; this should be allowed. If preferred, the PSI can be installed instead. Rather than an online scan which only requires an ActiveX, it is a full install program that will constantly monitor software for known vulnerabilities and updates.

You need to make sure the other computer users in the house do not just click “OK” every time the net tells them to do something, without checking first. That’s a toughie. In the end it’s their choice. All you can do is keep your own computer password protected and isolated from the home network.

Deleted: already in Targ57 post…

Thanks for replying guys!
I will be sure to use MBAM like you said. But, how dangerous is this virus?

Mind if I ask one more question?: Is it true that computers can get virused from other computers that use the same network? If so, would disconnecting my computer from the the Internet (Netgear) keep it safe? Oh wait, you kind of said that… How can I isolate my computer from the home network? (My neighbors have used my network too… But only around one time. How can I block my neighbors from using my family’s network?)

Thanks again.

GetConnected - How To - Secure Wireless Router Set Up

http://www.youtube.com/watch?v=9UFh0W_Z3kI&feature=PlayList&p=B5FE761D3AAEE6EE&playnext=1&playnext_from=PL&index=11

http://www.youtube.com/results?search_query=how+to+secure+my++router&search_type=&aq=f

Thank you. I’m watching the first video right now.

Sorry, here’s yet another question: How do I get my computer, “firewalled”. Does that just mean that firewall is turned on? Oh no… Avast just told me about another virus. It’s a “Trojan Horse” called “Win32:Walivun [trj]” What does this do? What should I do? Please help.

EDIT: I moved the new virus into a chest. Is this ok?

Also, why do I keep getting new viruses? Does one virus cause more to get on your computer?
Avast found the location of the virus, and once again, it’s in the temp folders… Would deleting it get rid of the virus?
Sorry about all the questions. But… Would these viruses hurt my computer or corrupt my files?

Password protect your computer at the log on.
Password protect the (hidden) administrator account. here’s how.

Firewall should be on, with no exceptions allowed. Now, I don’t know much about networks, it being there is only one computer at my home and no wireless, but basically, if you can see and browse your computer (any part of it) from another computer on your home network, you need to do something to nail the security down.

Threatexpert info about Walivun.
An Avast forum entry about Walivun.

As for how bad is it, who knows? I wouldn’t trust it as far as I could pee. Uphill and into wind. Any trojan downloader has to be considered a major security risk. If Avast has caught it before it had a chance to run/download anything else/send information out to the master-bot, you should be OK.

Sending it to the chest was totally the correct thing to do.
Just spotted you edits. Unlikely the trojan would corrupt your files. A file infector like Sality or Vitro/Virut would.
What the risk is, is that any sensitive info (passwords, bank account numbers, candid photos,even, etc) could end up in the hands of someone you don’t want to know. Since Avast has stopped it, this is probably unlikely in your case.

You need to look at your home security. Here
is a pretty good example of a tutorial for securing an operating system. Such tutorials exist around the net. Here is another one.
Check here or at another trusted support site for which sites/applications are good (or not) before following them/installing anything.

The links to Youtube above are a good intro to wireless security. There are also tutorials around the web for this. (Hint: WPA 2 would be a good protocol to use.)
Don’t forget Microsoft have a huge knowledgebase abd tutorials/info about this subject, too. I know a lot of folk around are a bit anti-MS, but it’s their OS, they should know about how to configure it. You could do a lot worse.

Thank you for your help! But my post is going crazy back and forth. Why is this?
Should I change my passwords? But if I change them on this computer would the virus be able to get them. Ok, getting rid of the quote fixed my “crazy post” thing… Anyway…

One of my family members went to their bank account on this computer, should they change their password ASAP? Or am I safe? What should I do with the virus in the Avast’s Chest? If I change the passwords with another computer will that other computer get a virus?

Another thing:
I backed up my most important files just in case, with DVD+R’s. The virus can be on the DVD+R’s though, can’t they? Or only if the files I backed up are corrupt? I scanned the discs with Avast! and it said that “Disk D: Boot Record” (Whatever it is) couldn’t be scanned. What does this mean?
Would it be safe to use the discs on another computer?

I hope I’m ok. Sorry about any typo’s, but my post is acting up again.
Hope can I really get rid of this problem?

Sorry, I can be just so worried about my computer problems, and I really don’t want anything bad to happen. I’m virus-stupid and these are some of the first viruses I’ve ever had… So I’m totally lost.

EDIT: I tried to change my Avast forum password, and I’m almost postive I pasted the right password in to change my password, but it kept saying it was the wrong password. Why is this? I hope this isn’t because of the virus.

Sorry for being so desperate.
(Sorry for any typo’s)
EDIT: I couldn’t login to this website. It said I had the wrong password. I had to set a new one. I’m getting afraid that this is the viruses.
I also got a massage that I had a new virus called “HTML:Iframe-inf”. Why do I keep getting more viruses? I’m getting worried. I put the new virus in the chest.

I might have given you too much info at one time.
You need to be methodical.

Install, update, and run MBAM on all the computers on the home network.Once MBAM is updated, disconnect the computer/s affected from the internet. Do that first. Post the scan report/s here.

Worry about how to prevent malware and securing your network next. (Like tomorrow, or tonight. We need to make sure the computers are not downloading malware etc in the meantime.)

General comments:

I don’t know what you mean by “post jumping back and forth.”
It is a waste of time changing any password until the computer is cleaned up.
I don’t know how serious a security breach this is, and am therefore proceeding on a “almost worst case scenario”, which may not be the case here.
That means that absolutely the bank should be informed, and any credit card that has been used, and after the cleanup, then passwords can be changed. And should be. (It may not be necessary, but why take the chance? I don’t know what the malware writer’s intention was when this malware was written and released.)

So get MBAM up and running first.

As to why you are getting viruses now, for the first time, I don’t know. But the proliferation of malware is at an all time high. I have read a stat (originally read it on this forum) that every 16.5 seconds a new website is infected. Something like that.
So what may have been considered safe a month or a year ago just isn’t, any more. And probably never was; it’s just the chance of getting infected is so much higher now, that with a shoddy security policy (including out of date software and no encryption - which won’t let malware in but is indicative of the household attitude) it was your time to get infected.

This affects everyone. Everyone needs to take responsibility for this, it’s as basic (but more complicated) as washing your hands after using the toilet. It’s that simple, I’m afraid.

I’m using a scan with MBAM right now.

By my post “jumping back and forth”, I mean… Everytime I type, it goes up to the top or middle of the post, then goes back down to the bottom, and does that very fastly.

So I need to run a scan with MBAM and then disconnect the virused computer from the internet?
My computer had virus problems as well, and I disconnected it from the internet as well. Could my older computer get viruses from this one? I’m kind of afraid of updating MBAM on my computer because I DID disconnect my computer from the net and I don’t want to get the virus this computer has.

In my history, there’s a lot of websites I haven’t visited before.

Ok, MBAM is done scanning. It found 9 objects. The results are:

Trojan.FakeAlert - Registry Key
Trojan.FakeAlert - Registry Key
Trojan.FakeAlert - File
Trojan.Downloader - File
Trojan.Agent - File
Trojan.Agent - Memory Process
Trojan.Downloader - File
Trojan.FakeAlert - Registry Key
Trojan.Dropper - File

Malwarebytes’ Anti-Malware 1.42
Database version: 3396
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18865

12/20/2009 1:27:37 AM
mbam-log-2009-12-20 (01-27-22).txt

Scan type: Full Scan (C:|)
Objects scanned: 269590
Time elapsed: 1 hour(s), 26 minute(s), 27 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
C:\Windows\msa.exe (Trojan.Agent) → No action taken.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\ZagrebLand (Trojan.FakeAlert) → No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) → No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\zagrebland (Trojan.FakeAlert) → No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users[my name]\AppData\Local\Temp\b.exe (Trojan.FakeAlert) → No action taken.
C:\Windows\Tasks{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) → No action taken.
C:\Windows\msa.exe (Trojan.Agent) → No action taken.
C:\Windows\Tasks{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) → No action taken.
C:\Users[my name]\AppData\Local\Temp\a.exe (Trojan.Dropper) → No action taken.

What should I do? Click on the MBAM’s button that says “Remove Selected”… Right?

And sorry for asking again, but I really want know this: would the DVD+R backup files that I created be infected by these viruses?

I’m just really confused and kind of afraid. What am I supposed to do to secure my network? Change the password that pops up right before the computer comes on? Etc…
Thanks.

EDIT: I clicked on “remove selected” and MBAM said that some of the viruses couldn’t be deleted, so it asked me to reboot. I did, and then Windows Defender popped up saying that it blocked some programs… And MBAM was one of them!

I went into MBAM and clicked on “Quarantine” tab and picked “Delete All” … It got rid of all the viruses in the list. (Not that kind of removed, I mean that it just made the words disappear, not the actual viruses) Does that mean that I have to scan again to be able to do something to the viruses again?
Is there any way that can allow me to just get rid of the viruses and be sure of it? (I know this is asking for a lot)

When I got a virus on my computer, I found the location of the virus, and just deleted it and the adult picturse with it, manually. And it seemed to actually work. (Hopefully, I don’t want another virus on my computer…) Would deleting those files work too? (I doubt it)

Sorry for all the questions. But I’m worried. Windows Defender just popped up and asked me if I wanted to continue with… Something.

In the end of it all: I am virus-stupid, and I can’t do anything. I don’t know what to do, and I don’t understand much about this kind of stuff. But, will my accounts be hacked? Hackers wouldn’t want to hack a forum account, would they?
I’m really getting worried.
Sorry for any typo’s and for being so whiney.

Remove them all! Only a keylogger and some trojans can record what you tipe. I recommend using spybot too since one of its features is to block dangerous sites.

Looks like we’re on the right track.
Select everything that MBAM finds, select “remove selected”.
MBAM will almost certainly prompt for a restart to finish the removal. When it does, please restart promptly. The memory process will be deleted on reboot.
After that, run a quick scan again, please, and post the scan report.

Do this for all the machines on the home network. We will deal with the security of your home network later, please don’t be afraid. (Just be a little bit nervous. ;))

Did clicking on “Remove Selected” and rebooting actually work? I haven’t really had a virus warning so far after that.

EDIT: Ok, I’m going to go do another scan. Thank you so much for your help!

IT WORKED!!
I think… I did a MBAM full scan on all the computers (Even though my computer’s MBAM wasn’t updated… Maybe it was… I don’t know…) and both computers turned out clean… I should be ok… Right?

Since I do have some websites on my history that I shouldn’t have, I’m going to clean out my history, cookies and other things. Also, the forums post thing is still messing up, but this may be a forum issue… I don’t really know.
Thank you so much for your help! If this may have not worked, feel free to say something, I need to get rid of stuff like this…

So is it gone…? Or not? Heh.

P.S. Avast still has the two viruses it detected in the chest. And it can still detect those viruses when I click on “Scan” in the chest. Is this just because I had a virus BEFORE I got rid of them, or does this mean I still have the viruses? But so far, so good. No pop-ups about viruses or ads, or anything.

Thanks again.

P.S. Avast still has the two viruses it detected in the chest. And it can still detect those viruses when I click on "Scan" in the chest. Is this just because I had a virus BEFORE I got rid of them, or does this mean I still have the viruses? But so far, so good. No pop-ups about viruses or ads, or anything.

QUOTE: Avast user guide

Virus Chest

The Virus Chest can be thought of as a folder on your disk drive, having special
properties that make it a safe, isolated place suitable for storing potentially harmful
files. You can work with the files in the Chest, though with some security restrictions.

The main properties of the Virus Chest are complete isolation from the rest of the
operating system. No outside process, such as a virus, may access the files inside,
and the fact that the files inside the Chest may not be run means there is no danger
in storing viruses there. For more information, see page 48.

Oh! God, I had this problem but I could solve it without any type of problem, it is very simple any time you know that to do, I lowered this trojan and sent it to analysis three days ago and avast! was detecting it at: Win32:FakeAV.AAJ (if you have this problem is because you execute the trojan manually)

If you use Windows Defender in advanced mode, you will never have any type of problem. (related with trojans and spywares)

Procedure to eliminate TrojanDownloader:Win32/Renos. JM

1. clean the temp files (start/control panel/system maintenance/free up disk space

*choose all the options related to temp files

2. open Task Manager

3. go to processes, and search for msa.exe (locate it on the disc and erase it)

4. go to services and look for the components: a.exe, b.exe, c.exe, locate them and erase them

5. uses Windows Defender in advanced mode, so that you could eliminate his actions and stop completing the process of elimination of keeping on going out emergent windows

6. Completed

• I did all this and managed to eliminate it completely, any doubt they can allow me to know. Using Windows Defender in advance mode, is the best antispyware that you can use

Thank you all for your help!

@Pondus:
So leaving the viruses in the chest forever will do? That’s a nice tool that Avast has. ;D

@Llanziel:
I’m virus-stupid/retarded/clueless… You name it. Haha. So, how do I put Windows Defender in Advanced mode? (I’ll go check now to see if I can find it myself…)

If I find out that I still have the virus “TrojanDownloader:Win32/Renos. JM” (Somehow… Not really sure how I can figure out if I still have the virus or not…) I’ll be sure to try out what you did (Once I figure out how to put Windows Defender in Advanced mode :P)

Anyway, how can I be sure (Or at least pretty sure) that my family’s computer no longer has these viruses? Or is it likely that I don’t have them anymore?
Sorry for all the questions. But thank you all so much for your help!

EDIT: I couldn’t find “msa.exe” in the Task Manager’s processes. Does that mean I got rid of it? Or not?
(Also my posts are working normally now… )
Thanks again.

1. join WD (windows defender) with an advance membership (open WD/tools/microsoft spynet/choose advance membership)

To know if your computer frees this one of viruses, you must have at least a program antivirus and antispyware updated (example: avast! free/pro) and realize one scanned I complete of the system.

Also we can know if it is infected observing the behavior of the computer, programs, Internet, browsers, etc.

If you observe rare programs or things that you do not find installed by if same, we can infer that something walks badly. examples of Trojans are: Svchost.exe, svchost32.exe, schost.exe, a.exe, b.exe and a lot of more options. and we all can observe the these ones in Task Manager, be already in the field of processes or services. Also we can infer that it is infected across messages of error. (related to program, memory, boot, etc.) and also when it is slower of the normal thing or you cannot access to security web pages in Internet.

It looks like the computer is clean, to me, as far as it’s possible to tell.
What I’d do now is have a look at, maybe bookmark This tutorial on securing a home wireless network.Microsoft have an article also. There are plenty around.

Go to www.secunia.org and at least perform an online scan for software vulnerabilities.(OSI). This will help ensure that you know what needs patching. Chances are that there are some apps that are out of date on the family computer, and maybe yours, too.
Personally I downloaded/installed the PSI from secunia. Set/forget it, and from time to time, react to a vulnerability report. (Like an out of date flash player, or old Java version present.)

Have a general look at the prevention tutorials I linked in reply #6. And consider the suggestions at the top of that reply, regarding setting passwords. It’s a good idea for users to have their own limited user accounts, and just leave the admin account for installing software/updates etc, but that can get complicated, and be a bit of a PITA for ordinary users. It’s probably more appropriate for just the young “click-happy” users to have to have their own accounts (limited user) and that way infections are limited in what they can do, and easier to clean up. (The infection can not progress beyond the users’ profile to the heart of the operating system, normally.) See “user accounts” in the control panel.

Just remember, you can do anything you want on your own computer, but remember to seek approval for any changes made to the home computer, which might mean having read and understood the articles well enough that you can basically explain the reasons for doing so to a layman. That’s actually not too hard. It’s all pretty commonsense stuff, really, just when you buy a computer, the vendor doesn’t tell about how to maintain or secure it beyond the basics. (If you’re lucky.)

Regarding the infected file in the chest: They can stay there. After a time (a few days, maybe a couple of weeks) re-scan them from within the chest. If they are still infected they can be deleted from the chest. But there is no hurry nor need to do this. As Pondus said, they’re safe there.

MBAM has a similar quarantine function. It also is a secure area. Most security programs have a similaraly protected quarantine. Only user action can release the captives.

The term “virus” is used by most people to describe any infection that occurs. A more correct generic term is “Malware” (malicious software). It includes virus, spyware, adware, trojans, worms, etc. Each category of malware has it’s own way of infecting and behaving, and the cleanup protocol can be different for each. What you have had is a trojan. These programs typically install in response to a vulnerability on the computer, or user action (downloading a codec to play a movie, for example, some of these are fake.), and immediately after they install (milliseconds) download a cargo of other malicious content. The content might be used to try and scare the user into buying a rogue antivirus program, or to give the author access to the computer, or they may try and remain silent, symptom-free, and scan the computer documents for passwords, credit card info etc, to send to the criminal gang that created it. It’s big business. Billion dollar business.

Mind if I ask one final question on here?:

If I used a flashdrive/memory stick (Their the same thing… Aren’t they?) to try to backup data on my computer when it had malware on it, but I didn’t put anything on the flashdrive… Could it have the malware I recently had, on it? And that would apply to DVD’s and CD’s… Too? I’m just curious.
Thanks!