How can I get on the internet after a Trojan infection?

Gail May 19, 2011
Pinterest Stumbleupon Whatsapp

My computer was hit by a Trojan virus. Now it won’t let me enable my Firewall on Avast or my Windows Defender. I cannot get on the internet. What do I do?

  1. FIDELIS
    May 21, 2011 at 12:01 am

    Hello, The first step you have to take is to clean the infection on your computer.  By following the next steps you will be able to clean your computer from your infection.   

    Go to the following site and download Rkill.  Rkill is a tool specifically coded to stop the malware executable files from working.  When you run Rkill and it finishes shutting down the malware files, you can use your computer normally until the next restart.   

    http://www.bleepingcomputer.com/download/anti-virus/rkill

    If you are using a different computer, try to download the iExplore.exe version to a flash drive and run it from there by double clicking on the file.  If you are using the infected computer, downloaded to your desktop.  This version of the program is almost never stopped from running by malware because it imitates the explorer.exe file on your computer.  Once the program is on flash drive, plug your flashdrive and run the program by double clicking on the file.  Let the program do its thing and you will know that it stopped the malware when you see no icons on your desktop and your computer is behaving normally.

    Ok, after you run Rkill, malware will not stop you from downloading antivirus updates or antivirus programs.  Take advantage of this, and go to http://www.malwarebytes.org/ and download the free version to your desktop or a flash drive.  Also go to http://www.superantispyware.com/portablescanner.html?tag=SAS_HOMEPAGE and download the portable version of the file.  It should have a .com extension.  Malwarebytes and SuperAntiSpyware are two of the best antimalware tools available nowadays and best of all, the free versions are more than enough to fix malware problems.

    Now, in order for you to completely clean your computer, it is better if you disable the system restore and its restore points.  It is important you do this because if not, malware might reinstall next time you restart your computer.  Remember that if you use
    rkill, you will have no icons on your desktop, you will have to use the task manager to access programs.  In order for you to access system restore, follow the next steps:

    -- press Ctrl + Alt +Del to launch Task Manager or Ctrl + Shift + Esc
    -- on menu, click on File
    -- select new Task
    -- enter the following command:

              %systemroot%system32restorerstrui.exe

    -- click on Ok
    -- click on System Restore Settings
    -- put a checkmark on Turn off System Restore on all drives
    -- click on ok

    When the steps above are done, restart your computer and access safemode.  It would be optimal to select safemode with networking because then you will be able to update your antivirus software and SuperAntiSpyware.  Here is a link explaining different ways of reaching safemode:

    http://bertk.mvps.org/html/safemode.html

    Once you are on safemode with networking you can either, copy the programs you downloaded from your flashdrive to your computer, or run the programs from your flashdrive.  Double click on the SuperAntiSpyware program, select updates, and then run a full scan.   When program is finished scanning delete any entries found and if asked to restart computer, choose no.

    Now, execute the Malwarebytes program, check for updates and run a complete scan.  When scan is finished, delete any entries found.  By now, your computer should be clean or almost clean.  To make sure, update your antivirus if you have one installed, and/or download a antivirus program and run a full scan.  Here are two good free options:
    avast free:  http://www.avast.com/en-ca/free-antivirus-download
    security essentials: http://www.microsoft.com/security/pc-security/mse.aspx

    After you run all the complete scans for the softwares mentioned above, and your system is reported clean, restart computer on normal mode and to make sure, run complete scans of the two spyware fighting softwares and also a complete scan with your antivirus software.  If nothing is found and system is clean, go back to system restore and enable it.  Make sure that you create a system restore when system is clean.  Hope it helps;

     

  2. metahawk
    May 20, 2011 at 10:23 am

    Window Defender... so this is either XP of Vista then. I would suggest that you boot up into safe mode. This should then allow you to run your antivirus before the trojan is active.