Total Security has taken over

Hi

Unfortunately, your log shows a dangerous trojan is residing on your computer which has a backdoor functionality. It is possible that a remote attacker has already breached your computer. If you do any banking or other financial transactions on the computer, or if it contains any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would
be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, your computer is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the Operating System.

Visit the following sites for more information on internet theft and when to reformat!
How Do I Handle Possible Identity Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

Should you decide not to follow that advice, we will of course do our best to clean the computer of any infections that we can see but, as I already stated, we can in no way guarantee it to be trustworthy.

If you have any questions before making a final decision, please feel free to ask.

Please let me know if you would like to continue with trying to clean your computer.

Instead, if you decide to format and reinstall, please disconnect your computer from the Internet immediately.

My husband is using this computer. He had problems with his old computer in April with Win32/Nugel and Geek Police got it back up and running. He again started having problems with that computer (security popups again)and so grabbed this computer from my son who is away at college (u can see all the games on it) to replace that old computer.
I spent all last evening running McAffree ( found only 1 PUP) , the malaware program you guys recomended doing quick scans and then full scans and removed all the infections. Starting and restarting each time.

He goes on the internet, his work(commodity trading order entry system - supposedly on a T4 line?????) reads lots of newspapers, political blogs, is what he uses it for. I took your advice and unplugged it from the comcast router.

What trojan is it this time? Is it a keylogger? He is going to change his banking codes but how can I tell if my computer is safe to do that on. I just ran full scan on the malaware and McAffree again myself yesterday because I am always nervous.

Should I run the Combo fix or Hijack this on mine to verify it is clean ???

Sounds like we should reformat it. What do I need to get together to do that? Computer is from Dell and still under warranty. Do I go through them to reformat it? Or post another thread?

Hi

Here is a tutorial on reformatting and reinstalling: http://forums.whatthetech.com/How_Reformat_Reinstall_your_Operating_System_t91962.html

Only the computer mentioned in this topic should be reformatted and reinstalled. For the other computer you mention, please post a new topic and copy & paste the address of this thread to it, along with a HijackThis log. Do not run ComboFix or any other special tools.

Sorry - I have been out of town for the weekend. Actually at UD for parents weekend.

Is Total Security the big threat that I should be worried about. What is the name of this Trojan the computer has with backdoor functionality??? Where do you get it and if I reformat the computer how do I not get this particular trojan again? What software / strategies will prevent it in the future. You see my husband only goes on very specific sites ( newspapers, political blogs, Rivals (ND blog) and these habits will not change. So after I reformat - how do I be sure the computer is protected so I dont have to keep doing this?

What is the name of this TROJAN and what specifically will block this TROJAN and others????????


And who is this Megmeg posting on this thread? Could you please review my combofix results post and be sure there is not some confusion on what MY computer has and what needs to be done. Reformatting is a lot of work!


Thanks !

Hi

I did not catch MEGMEG, so I have now erased that comment I made afterwards.

It is called SDBot. Since this bot has been hard to remove, we will use a classic tool to remove the bot. This bot is known for stealing personal data and hijacking passwords, etc.

Since you have requested to clean rather than reformat, please do the following:

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

• Restart your computer
  
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  
• Instead of Windows loading as normal, the Advanced Options Menu should appear;
  
• Select the first option, to run Windows in Safe Mode, then press Enter.
  
• Choose your usual account.
  
• Open the extracted SDFix folder and double click RunThis.bat to start the script.
  
• Type Y to begin the cleanup process.
  
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  
• Press any Key and it will restart the PC.
  
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
  (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  
• Finally paste the contents of the Report.txt back on the forum.