Firefox paw bite by trojan

Anders Brundell · From: Falun, Sweden

Now my pc has gotten infected by Trojan-PSW.Win32.LdPinch.axb via Firefox,and the antivirus F-Secure can't get rid of it. I use Firefox because I thought that it would be safer than Explorer, but that's seemingly not always the case.
Any advices on how to get rid of this virus? It's in C:\SYSTEM VOLUME INFORMATION\_RESTORE{619781AC-CF96-4B2F-8E58-2353903809FC}\RP283\A0083442.EXE.
Virus: Trojan-PSW.Win32.LdPinch.axb
I can't even open SYSTEM VOLUME INFORMATION to try to delete this by hand.

Anders

Joseph Barcus · From: Volga West Virginia

stop sign is a wonderful product and it will fix all your troubles. the scan is free and to join is only 5.00 per month/ stopsign.com

Bob Lawrence · From: Beaver Bank, Nova Scotia, Canada

If you go to the Computer Help section of my website there may be software that can help you. The Microsoft Antispyware is real good.
http://steelguitartech.ca/

Wiz Feinberg · From: Mid-Michigan, USA

Wiz Feinberg · From: Mid-Michigan, USA

Bob recommended "The Microsoft Antispyware is real good"

Microsoft AntiSpyware is no more. If you have it on your computer you may as well uninstall it now (via Control Panel > Add/Remove Programs), because it is no longer actively protecting your computer. It has not been updated since July, 2006. It expired on July 31, 2006, and was officially withdrawn from the Microsoft Downloads site and replaced by Windows Defender on August 1, 2006. You must have a valid license for Windows XP to download and install this tool. It needs to be updated before scanning and it checks for updates every night.

------------------
Bob "Wiz" Feinberg
Moderator of the SGF Computers Forum
Visit my Wiztunes Steel Guitar website at: http://www.wiztunes.com/
or my computer troubleshooting website: Wizcrafts Computer Services,
or my Webmaster Services webpage.
Learn about current computer virus and security threats here.
Read Wiz's Blog for security news and update notices

Anders Brundell · From: Falun, Sweden

Thanks everybody for all advices!
I tried Wiz' method of turning off the system restore and running the clean up programs twice with a reboot in between, and that seemes to have helped.
Windows defender didn't find this trojan, but F-Secure did but couldn't remove it. For a while I could display the System volume information map (that was nearly empty), but now access is denied again, and I don't understand why.
Anyhow; the pc is clean again and I'm gonna use Explorer and not Firefox. Firefox seemes to be more vulnerable - or is it?

Anders

Wiz Feinberg · From: Mid-Michigan, USA

Anders;
Why do you think your virus came in through Firefox??? Internet Explorer is much less secure than Firefox. Is it possible that you have not installed all available critical Windows patches and updates that have been released this summer? Is it possible you have not updated Flash Player to the new version? There is a critical vulnerability in all versions of Flash Player prior to v 9.0.16.0. See this post for more information.

Another question is "are you using a firewall on that computer?"

------------------
Bob "Wiz" Feinberg
Moderator of the SGF Computers Forum
Visit my Wiztunes Steel Guitar website at: http://www.wiztunes.com/
or my computer troubleshooting website: Wizcrafts Computer Services,
or my Webmaster Services webpage.
Learn about current computer virus and security threats here.
Read Wiz's Blog for security news and update notices

Anders Brundell · From: Falun, Sweden

Wiz;
I suspected Firefox 'cause that's the program I've surfed the web with for a long time now. I have a whole battery of defense programs on this pc - telia's Secure Surf package (updates itself automatically; uses F-Secure antivirus and several other protectives and is operator compulsory; every telia customer must have it) firewall (WLinks MB 400 S), Windows defender, Ad-Aware SE Plus, Ad-Watch SE Plus and SpyWare Blaster, and I'm a rabid up-dater!
I've now tried to install the latest Flash Player but the installation seemes to stop after a brief initial activity. Flash is listed amongst installed programs but lacks data on size and date of installation, and I guess that that means that it's not installed properly. I've tried several times and can't understand why the installation fails. The file install_flash_player.exe is downloaded (version9.0.16.0).

An old Flash Player might very well be the explanation of the virus attack - I haven't been aware of the necessity to update it and don't even know where to look for updates. I thought all my defense programs made it safe to surf. Maybe I need to be paranoid from now on and not just suspicious.
I check for Windows updates everytime I start the pc so I really am serious with all security matters that I know of.

Anders

[This message was edited by Anders Brundell on 14 September 2006 at 03:23 AM.]

[This message was edited by Anders Brundell on 14 September 2006 at 03:38 AM.]

Dave Potter · From: Texas

I had Flash8 something or other installed, and managed to get it uninstalled using the Windows Add/Remove Programs utility. I managed to get Flash9, the new version, installed and working, and I now note that it's not even listed in the Add/Remove Programs list. So, that's a significant change, IMO. Uninstalling it, if I wanted to, wouldn't be nearly as simple.

In the upgrade process, I ran across this page which may help with the issues you might be having. It refers to both a manual registry change and a Flash uninstaller application to help get rid of older Flash components, and maybe even damaged new components.

I wish Adobe would stick to Photoshop; they seem to have problems sometimes when they try to do other things.

[This message was edited by Dave Potter on 14 September 2006 at 06:42 AM.]

Wiz Feinberg · From: Mid-Michigan, USA

Anders;
You have done much to protect your computer from external threats, but there is one more step you need to take, to become fully protected against threats that exploit your applications (e.g. Flash, Quicktime, FF, Word, Publisher, etc). This is possibly the biggest baby step you will take, but believe me when I tell you that this is for your own good and is workable.

Stop operating as an Administrator!

To learn about how operating with reduced user privileges protects you from virtually all malware threats, and how to deal with the hassles involved with not being an Administrator, read my articles on using limited user privileges, here and here.

I operate in Power User mode, under Windows XP Professional, but have also successfully operated as a Limited User, which is the best option available to XP Home Edition users.

------------------
Bob "Wiz" Feinberg
Moderator of the SGF Computers Forum
Visit my Wiztunes Steel Guitar website at: http://www.wiztunes.com/
or my computer troubleshooting website: Wizcrafts Computer Services,
or my Webmaster Services webpage.
Learn about current computer virus and security threats here.
Read Wiz's Blog for security news and update notices

[This message was edited by Wiz Feinberg on 14 September 2006 at 08:48 AM.]

Anders Brundell · From: Falun, Sweden

Done.
Now I hope that this will be sufficient all together.
But I just can't install Flash Player. Hope that that doesn't mean that a back door is left open by a partially performed installation, 'cause I can't unistall it either.

Thanks for all advises!

Anders

Forum Index > Computers		Next oldest topic :: Next newest topic

All times are GMT - 8 Hours	Jump to: