Found a trojan, but entered cc info

[str2tnr]

I just did a system scan yesterday and found that i have some kind of trojan virus bla.exe
and wmplayer.exe

its real names are Downloader.small.12.bj and Downloader.small.15.a

But before realizing this i entered personal and cc info at blockbuster.com and a couple other sites.
What should I do? Am i ok since these sites are "secure" or do i now have to go cancel my cc and all the other stuff?

 

[mechBgon]

Call your CC company right away and put a freeze on the account for now, if there's any possibility that a keystroke-logging program picked off the keystrokes that you typed your CC info with.

 

[mechBgon]

Nextly, could you give these infos:

1. What version of Windows you have
2. What service pack your Windows has (such as Service Pack 2 for WinXP, Service Pack 4 for Win2000... you can find out by Start > Run > winver)
3. What antivirus program you have (be specific, such as "Norton 2004," not just "Norton"), and how up-to-date are its virus definitions
4. Do you have a hardware firewall (a router)
5. Do you have a software firewall (Windows Firewall, Sygate, ZoneAlarm, etc)
6. Do you have any "risk factors" that would elevate your risks (eg a file-sharing/P2P program, warez, or 0ther stuff?)

 

[str2tnr]

1. I have Win XP Pro
2. Version 5.1 (Build 2600.xpsp.1.020828-1902: Service Pack 1)
3. I didnt have one before, but now im using AVG 7.0 trial I used to use the free virus scan at trendmicro
4. I have a wireless router
5. I had sygate but yesterday it was not running properly and was missing that gave me a the red flag someone else had seemed to logged on to my other account
6. I dont have any file sharing programs.

 

[mechBgon]

Is there anyone else within range of your wireless router?

 

[str2tnr]

The trojan was found at C:\bla.exe and it was also on C:\System_volume

the other one was found in wmpplayer.exe in C:\program\windows media player\

 

[str2tnr]

i don't know much about routers, only my sister's computer is in range

 

[mechBgon]

Dang it. If her security measures aren't any better than yours, she probably has it too, then.

What I would really recommend, if you can, is to download some resources that you'll need, burn them to a CD, and then shut down the computer, remove the wireless card from it, and reformat the hard drive and reinstall Windows. If you want a detailed routine, including links to what you'll need to download & burn, and how to get the computer secured better this next time, I would be happy to help with that

If you'd rather try to overcome it instead, I can help with that too. Which do you prefer?

 

[str2tnr]

Could I have gotten it from her computer? i don't know what she does on her computer.

Reformatting is the safest choice. Since i lost my norton systemworks cd i have to go out and buy a new virus scan software.

Thanks for the helping me

 

[mechBgon]

Yeah, your computer could've caught it from hers. Some types of viruses will try to connect to your computer's "administrative shares" using commonly-used passwords or a blank password. If they can get in the door, they'll try to infect your computer.

So I am going to make up a list of stuff you would want to have on hand and I'll post it with suggestions when I'm done typing it up. The key concept is to get the system as tight as possible before before before connecting it to the network. Shields up, weapons loaded.

One of the items, you probably have it already: the Grisoft AVG installer and the license key to it (I'm thinking of the AVG Free Edition which I use too). If you have those both, that's one down

Also, could you give some info about your computer. Is it a pre-built (Gateway, Dell, HP, etc) or is it your own build (and if so, what motherboard, video card and wireless card so I can find the drivers)?

 

[str2tnr]

my computer was built by my uncle, so it's not a computer that was pre-built im not sure about the motherboard i'll try and find out now.

 

[str2tnr]

the motherboard is an abit IS7 P4 version

 

[mechBgon]

Originally posted by: str2tnr
the motherboard is an abit IS7 P4 version

Ok, this could be interesting Could you look inside and confirm that it has a regular ATA hard drive and not Serial ATA? A regular ATA drive will have a flat, wide, 80-wire ribbon cable like this picture. And can you find out what kind of video card and wireless card it has, the Device Manager ought to tell you that.

 

[Schadenfroh]

One of the items, you probably have it already: the Grisoft AVG installer and the license key to it (I'm thinking of the AVG Free Edition which I use too). If you have those both, that's one down

just fyi,

Spywareinfo's test found AVG to be poor against trojans when compared to other solutions. link (you have to be logged in to view this, BTW) antivir is ahead of it in this department. But sadly has no autoupdate feature.

 

[Appledrop]

this trojan was got from a website using the Iframes exploit. your only option is to install SP2, as all sp1 is vulnerable.

i don't THINK it is a keylogger just FYI

 

[str2tnr]

ok its a ata harddrive maxtor 2F040Jo 40gb
the video card is ati 9800 pro, wireless card i don't know it didnt say, but my computer is plugs directly to the wireless router, the router is plugged into the cable modem. My sisters computer is using a usb wireless card.

 

[mechBgon]

I'm going to post what I've composed so far. I don't know what wireless card, so hopefully the driver CD is there. Schadenfroh is the chief virus-buster around here, so listen to his advice too.

<-- Schadenfroh

First, locate the WindowsXP CD-ROM and make sure you have your license key. It would usually be on a Microsoft sticker on the rear or side of the computer case.

Things you will want pre-downloaded and available on CD or whatever:

• Intel Chipset Installation Utility, aka "motherboard drivers"
• Abit 3Com 940 driver, the driver for one of the board's onboard network controllers.
• Abit's audio drivers for the IS7's onboard audio.
• Realtek 81xx network driver for the other onboard network controller.
  
• the full Service Pack 2 installer for WinXP. This also incorporates DirectX 9.0C.
• AVG Free Edition installer and the license key they email to you, if you don't have those already.
• Microsoft Baseline Security Analyzer, kind of a local Windows Update scan on steroids.
• This image shows how to enable Data Execution Prevention for all programs (right-click My Computer and follow that).
• This image shows how to set up the Resident Shield scanner for max protection on Grisoft AVG 7.

Ok here we go:

1. Remove the wireless card.
   
2. Boot from your WinXP CD-ROM and begin Windows Setup. Delete all the existing partitions on the hard drive, and now press the F3 key twice to exit Windows Setup. (why? so you don't end up with a silly menu at boot-up, asking which of two WinXP installs you want to boot from)
   
3. Now begin Windows Setup again, make partitions as desired, format with NTFS, and carry on
   with the WinXP stuff.
   
4. After WinXP Setup is completed, install Service Pack 2 and reboot.
   
5. Enable the Windows Firewall. Set it to not allow ANY exceptions, since at this point we view
   your sister's computer as a possible threat.
   
6. Enable Data Execution Prevention for all programs like that one image shows.
   
7. Disable System Restore completely and leave it disabled (how?). This is a major hiding place for viruses, why even let them have it in the first place? Some would disagree, though.
   
8. Restart in Safe Mode by pressing the F8 key when you know the first WinXP boot screen is about to show up. You'll notice the Administrator account now shows up on the Welcome screen. Log in with your regular user account, go to Control Panel > User Accounts and set strong passwords on both your own account and the Administrator account. A strong password might be nov1rusThx!, which incoroprates numerals, symbols, caps and lower-case, and is not a dictionary word. This is important, don't neglect this step. Besides thwarting an attempt to connect to your system's administrtive shares from outside, it'll thwart stuff trying to self-install using the same technique on your own computer under a Limited account.
   
9. Now install your motherboard drivers and reboot.
   
10. Next, install your video-card drivers and reboot.
    
11. Install your Grisoft AVG and configure it like that image I gave above.
    
12. Take a snack break while you run Disk Defragmenter
    
13. Now you have firewall and antivirus protection, the administrative passwords are hardened up, you have Data Execution Prevention and all the known wormholes plugged. So shut down, install your wireless card, fire it up and install your drivers for that.
    
14. Get your antivirus software updated and then hit Windows Update. I would enable Automatic Updates too.
    
15. Install Microsoft Baseline Security Analyzer and scan for any overlooked stuff. MBSA looks beyond what Windows Update does.
    
16. Lastly, I suggest that you re-name your initial account to Admin and create a new Limited account to be your actual daily-driver account. Limited accounts will thwart the installation of software (bad or good) and that is a real stumbling block to spyware, adware, certain Trojans and viruses. For them, it's like trying to kill someone with a Nerf football I know this is not a common measure for home users but I sure do suggest it.

 

[mechBgon]

Originally posted by: str2tnr
ok its a ata harddrive maxtor 2F040Jo 40gb
the video card is ati 9800 pro, wireless card i don't know it didnt say, but my computer is plugs directly to the wireless router, the router is plugged into the cable modem. My sisters computer is using a usb wireless card.

Ok excellent. Carry on with what I just posted above then, except make sure to leave the computer unplugged from the router to keep it from getting attacked before it's got its game on.


EDIT: and here are your video drivers: http://www.ati.com/support/driver.html

 

[str2tnr]

Originally posted by: Schadenfroh

One of the items, you probably have it already: the Grisoft AVG installer and the license key to it (I'm thinking of the AVG Free Edition which I use too). If you have those both, that's one down

just fyi,

Spywareinfo's test found AVG to be poor against trojans when compared to other solutions. link (you have to be logged in to view this, BTW) antivir is ahead of it in this department. But sadly has no autoupdate feature.

What other alternatives are there that maybe better than avg or antivir? And is good against antivirus/trojan/spyware?

 

[str2tnr]

Originally posted by: Azzy64
this trojan was got from a website using the Iframes exploit. your only option is to install SP2, as all sp1 is vulnerable.

i don't THINK it is a keylogger just FYI

But i thought trojans can steal your info and take over your computer

 

[str2tnr]

Originally posted by: mechBgon

Originally posted by: str2tnr
ok its a ata harddrive maxtor 2F040Jo 40gb
the video card is ati 9800 pro, wireless card i don't know it didnt say, but my computer is plugs directly to the wireless router, the router is plugged into the cable modem. My sisters computer is using a usb wireless card.

Ok excellent. Carry on with what I just posted above then, except make sure to leave the computer unplugged from the router to keep it from getting attacked before it's got its game on.


EDIT: and here are your video drivers: http://www.ati.com/support/driver.html

Thanks a lot mechbgon your help very much appreciated

 

[Schadenfroh]

Originally posted by: str2tnr

Originally posted by: Schadenfroh

One of the items, you probably have it already: the Grisoft AVG installer and the license key to it (I'm thinking of the AVG Free Edition which I use too). If you have those both, that's one down

just fyi,

Spywareinfo's test found AVG to be poor against trojans when compared to other solutions. link (you have to be logged in to view this, BTW) antivir is ahead of it in this department. But sadly has no autoupdate feature.

What other alternatives are there that maybe better than avg or antivir? And is good against antivirus/trojan/spyware?

See my Review of 11 Antivirus Products