trojan horse BackDoor.Ircbot.FGX

  toofy 08:53 03 Sep 08
Locked

this virus is affecting Windows Explorer (I assume=Internet Explorer)which we use for Internet banking because M Firefox now prevents our bank transactions. Will the free Pctools program or the quickPCsolutions program get rid of the virus 100% or should I send an HJT? to the malwareremoval site?
Windows XP, AVG free,ZoneAlarm,Spywareblaster are all installed, & we use Moz Firefox for browser (except for banking). I have Smitfraudfix downloaded as well but can't think what I used that for! I placed the pest in AVG virus vault & removed/deleted it, but the message about the trojan is still popping up Am not very pc savvy. Guidance appreciated.Thanks.

  GANDALF <|:-)> 08:58 03 Sep 08

Download click here (free version) run it and update. Delete all it finds. then run it again in safe mode...turn on computer and keep tapping the f8 button, select sfae mode. This should do the trick.

G

  toofy 09:53 03 Sep 08

Gandalf-thanks. Have downloaded & am about to, nervously! follow your instructions. Your final one is 'select safe mode'. After I have done that do I shutdown and restart? Sorry but going in to safe mode is not something i can remember doing before.Thanks again.

  brundle 10:04 03 Sep 08

Don't do any more online banking til you've got rid of the problem...

Press F8 when you start the computer, before you see the Windows logo. Choose Safe Mode from the menu that appears.

  hiwatt 10:06 03 Sep 08

To get into safe mode you just continuously tap f8 while the computer is booting up.You will see a list of options.Choose safe mode then run the malwarebytes program.You should also download and run superantispyware click here (free edition)in safe mode too and see what it finds.

  hiwatt 10:06 03 Sep 08

Need to type a bit faster.

  toofy 19:32 03 Sep 08

I have run malwarebytes' program once & then again in safe mode deleting the infected file each time. At the end of the run a list of Rogue files and folders is given, mostly Adaware plus some rogue registry. Should I have zapped all of them? What I have or have not done has not worked. on Start up I get the same warning message telling me the pc has closed the program Windows Explorer... Any idea what I am doing wrong? It takes almost 1.5 hours to run the malwarebytes program.

  MAT ALAN 19:38 03 Sep 08

click here

suggests a free scan, but not sure of you have to subscribe to remove...

  toofy 08:09 04 Sep 08

Have again run malwarebytes program in safemode, quarantined and then deleted all the listed items. On restart the same pop-up appears: "Data Execution Prevention. To help protect your computer windows has closed this program..." It occurs to me now that this warning may be part of the trojan and not a geniuine Microsoft warning. IS IT GENUINE?
MAT ALAN::: when I tried to run SUPERantispyware a message appeared on the screen thus: "The system admin..er has set policies to prevent installation"
(The Ad-aware programs suggested, require registration & payment to achieve removal of the infected items). I hope there is someone who likes a challenge reading this!!!

  hiwatt 10:03 04 Sep 08

Did you run superantispyware in safe mode too?

  hiwatt 10:05 04 Sep 08

Also worth trying an online scan with bitdefender
click here

This thread is now locked and can not be replied to.

Surface Pro (2017) vs Surface Pro 4

20 groundbreaking 3D animation techniques

How to mine Bitcoin on Mac