INTRUST GROUP - Managed Services Provider

Technical Blog

A Solution for Stopping a Trojan Virus and Restoring Your PC

05
Jan 2012
05 Jan 2012

Recently, I had a user with a nasty Trojan virus on our network. It populated the screen with large amounts of pop-ups and errors requesting the user to run scans. To make matters worse, Task Manager was disabled, Malwarebytes was being closed, and the problem persisted to other logins on the computer.

That wasn’t all.

All the desktop icons were gone, the right-click context menus for the desktop didn’t work, the start menu was empty and the system icons on the right of the start menu were disabled.

I remoted in and ran Microsoft Forefront. It found the infection and removed the Trojan.

I rebooted and began restoring the computer back to normal. I was able to find a way to enable the task manager and to re-enable the desktop.

I found the files moved by the virus by searching for files modified the day the Trojan attacked. Since they were all hidden and missing for the user previously, he wouldn’t have been able to modify them, so it would have to have been the Trojan. They were located in %profilepath%\Local Settings\Temp\smtmp\* and I moved those back to the start menu.

Finally, from the start menu, I ran:

cmd
cd\
C:\>attrib -s -h -r /s /d

All his files and folders were then back to normal. I also checked IE to verify he didn’t have a proxy enabled.

These steps restored the PC back to normal.

Pat Gorden

Pat Gorden

back to top

Latest Blogs

Newsletter Archives

View All of Our Newsletters
INTRUST GROUP All rights reserved.