Re: Recovering from a Trojan

long story short:

infections usually
corrupt system files.

so even though the
infection has been
removed,

the corrupted system
files require replacement
with genuine ones from
a genuine xp cd or from
a backup if you had one
made.


short solution:

initiate a "repair
installation" with
a winxp cd.

you may need to
uninstall sp3 via
add/remove if you
do not have a xp
sp3 cd or a cd
streamed with xp
and sp3 on it.


--

db·´¯`·...¸><)))º>
DatabaseBen, Retired Professional
- Systems Analyst
- Database Developer
- Accountancy
- Veteran of the Armed Forces
- @hotmail.com
"share the nirvana" - dbZen

~~~~~~~~~~~~~~~~~~



"Frog" <frog@xxxxxxxx> wrote in message news:uw5cB0zyJHA.5032@xxxxxxxxxxxxxxxxxxxxxxx
Windows XP SP3

Here is a long story that I hope I can keep short. On April 29, there suddenly appeared on screen a window that indicated that some form of a virus or malware was present on my system and wanted to know whether it was okay to scan for this critter(s). Since I did not recognize the window and had learned from earlier newsgroup exchanges that such could be dangerous, I attempted to click this window of the system...it would not let me take that action. I then from the start button turned the system off. That seemed to make everything work as normal. The next morning, I received a message from my CA Anti Virus software that it had two trojan items deleted from my system. The two items were:

4/30/2009 0:08:11 AM File Infection: C:\Documents and Settings\Frog\Local Settings\Application Data\Mozilla\Profiles\Frog-SeaM\Cache\4160AC69d01 is Win32/FakeAlert.AHW trojan. Deleted
4/30/2009 0:08:11 AM File Infection: C:\Docume~1\Frog~1\Locals~1\Temp\omfa4cOp.exe is Win32/FakeAlert.AHW trojan. Deleted

Well, as soon as this happened, I did a complete virus scan of my system---nothing found. I next did a complete Malwarebytes' scan of my system---nothing was found. I then did a complete Windows Defender scan of my system---nothing was found. I next did a dis clean-up, deleting all temp files and removed everything from the recycle bin. I also did a sfc /scannow, CHKDSK C: /F /R, and a defrag. My system continues at this point to be acting normal.

Today, I decided to see what if anything is being reflected in the Event Viewer. New things are appearing in this log as follows:

Application (The same entry has appeared three times since April 30)
Type...Date...Time...Source...Category...Event...User...Computer
Error...5/1/2009...2:00:02 PM...MPSampleSubmission...None...5000...n/A...Frog-ADF6F864
Discription: Event Type mptelemetry, P1 8024400e, P2 endsearch, P3 search, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.

System (The same entry has appeared 31 times since April 30)
Type...Date...Time...Source...Category...Event...User...Computer
Warning...5/2/2009...9:34:47 AM...WinDefend...None...3004...N/A...Frog-ADF6F864
Description:Windows Defender Real-Time Protection agent has detectede changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow.

The bottom line---the only software change that was made to my system in recent times involved updates...upgrading to Internet Explorer 8, CA Anti Virus updates, Malwarebytes' software updates, and Windows Defender updates. Thus, I don't have a clue as to what software changes were made that caused problems with Windows Defender.

Well, there is my situation (please let me know if I need to provide any additional information). Do I need to take any action regarding the above? If so, in easy to understand guidance, what action should I take? Is there something in the firewall that needs to be checked in order to prevent unwanted things like the Trojan items from getting on my system?

Thanks in advance for anything sent my way.


Frog

.