This system has a very persistent and self-replicating trojan. We have been at it for two weeks. It is past time for a frank and very serious realization.
The ESET online scan shows that the Win32-kryptic.AHES trojan has re-appeared. And as you reported, the "Windows Command Processor" rogue has re-appeared (again).
Please answer each of the following questions in a correspondingly-numbered list in your very next reply (no need to quote this post):
1a. Does the computer-in-question belong to your company or does it belong to you, or a friend/relative?
1b. Did Vista come preinstalled on the computer when you bought it, did you do a clean install of Vista, or did you upgrade from XP to Vista?
2a. Was TrendMicro pre-installed on this system or did you intentionally choose to install it?
2b. In Windows Explorer [WinKey+E], navigate to &
- right-click on C:\Program Files\trend micro <<---this folder
- Select Properties: What is the Created date displayed on the resulting General tab?
2c. What anti-virus application was installed before you got TrendMicro, was your subscription still current, and did you uninstall it before you installed TrendMicro?
3. Has a Norton application or other antivirus application EVER been installed on the computer?
4. Did a Norton free-trial or a McAfee free-trial come preinstalled on the computer when you bought it? (Doesn't matter if you never used or Activated it.)
5. Has this system ever
been without antivirus program installed & active ?
6. Do you have the Windows Vista operating system DVD?
7. Do you have a full image backup of this system from before the trojan infection getting in ?Warning on trojans
This system has some serious backdoor trojans, spyware, and likely, a rookit.
This is a point where you need to decide about whether to make a clean start.
According to the information provided in logs, one or more of the identified infections is a backdoor trojan. This allows hackers to remotely control your computer, steal critical system information, and download and execute files.
You are strongly advised to do the following immediately.
1. Call your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and ask them to put a watch on your accounts or change all your account numbers.
2. From a clean computer, change ALL your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups.
3. Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.These trojans leave a backdoor open on the system that can allow a hacker total and complete access to your computer. (Remote access trojan) Hackers can operate your computer just as if they were sitting in front of it. Hackers can watch everything you are doing on the computer, play tricks, do screenshots, log passwords, start and stop programs.
* Take any other steps you think appropriate for an attempted identity theft.
You should also understand that once a system has been compromised by a Trojan backdoor, it can never really be trusted again unless you completely reformat the hard drives and reinstall Windows fresh. While we usually can successfully remove malware like this, we cannot guarantee that it is totally gone, and that your system is completely safe to use for future financial information and/or transactions. I would recommend that you do a full reformat and reinstall of Windows rather than clean the system.
I suggest that you backup important files and reinstall everything from scratch. There are so many changes that could have been done if that backdoor was used.
Here is some additional information: What Is A Backdoor Trojan? http://www.geekstogo...backdoor-trojan
Danger: Remote Access Trojans http://www.microsoft...o/virusrat.mspx
Consumers – Identity Theft http://www.ftc.gov/b...mers/index.html
When should I re-format? How should I reinstall? http://www.dslreports.com/faq/10063
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? http://www.dslreports.com/faq/10451
Rootkits: The Obscure Hacker Attack http://www.microsoft...tip/st1005.mspx
Help: I Got Hacked. Now What Do I Do? http://www.microsoft...gmt/sm0504.mspx
Help: I Got Hacked. Now What Do I Do? Part II http://www.microsoft...gmt/sm0704.mspx
Microsoft Says Recovery from Malware Becoming Impossible http://www.eweek.com...,1945808,00.aspPlease answer my questions from above, and let me know what you decide.
A complete wipe (nuke) and pave followed by a clean re-install is the safest thing to do.
Should you still decide on trying to cure this infection, I must put a timecap of 2 days before calling a total halt.
We have already been at it for a week. It would have been faster to wipe & re-install earlier.
Only if you still want to keep trying with this saga:
Run the Microsoft Windows Defender Offline. This is an "offline" tool that you boot the pc with and scan your system for malware.
To get started, find a blank CD, DVD, or USB flash drive with at least 250 MB of free space and then download and run the tool—the tool will help you create the removable media.
The basic sequence of steps are
a) Download and SAVE the tool to a unique folder/location on your pc
b) Create the CD/DVD/USB-flash drive with tool
c) Set pc to boot from the offline media
d) Place media in & restart system
e) Run the tool. Have infinite patience & have it scan the entire system. Remove any malware that is found.
Download & info link http://windows.micro...efender-offline
The frequently asked questions for this toolhttp://windows.micro...der-offline-faq
Another How-to article on WDO http://www.sevenforu...er-offline.html