Hi
Well I am at my wits end with this...

I keep getting a pop up window now and again from Firefox (also happened from explorer when i checked)

I've run AVG, Ad-Aware, Spybot Search and destroy, Window washer, CC cleaner, Malwarebytes

Ad watch live keeps "blocking" my machine from attempts to connect to a "malicious site":confused2:

At some point i noticed adloader trojan on one of my scans but only 2 of the 4 infections could be cleared.

I've tested and retested so many times now....including removing the "restore" functions.


Is there anyone who knows of a definite, good (free:shrug:) way to get rid of adloader or any other bug that might have gotten in?

No, I cant recall exactly what started it alll

Any good free software i should use or is there a clear specific way to go into the registry etc
Im happy to try if someone knows the way

thanks
frank

Try SuperAntiSpyware (http://www.superantispyware.com/).

Thanks Robin,
Downloading right now
will let you know what it finds
cheers
frank

Thanks again
it reports 106 tracking cookies
cleaned them up etc
Thanks again

Will repost if pop up still occurring
cheers
frank

Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam.php)

You might find downloading/installing any of the trojan removers fails with the trojan killing installers it recognises. If the download fails, do the download on a clean computer and copy the installer across - preferably on read only media like a CD. If there is an update file put it on the media too. Malwarebytes has one on the download page under "Recent Updates in Anti-spyware".

If the installer dies, renaming it and rerunning usually works. It is not uncommon to have to run the cleaner once, reboot, run again and reboot. Keep rerunning until you get a couple of clean passes and reboots.

You might also find running a couple of different removers find different things.

Thanks Andrew,
yep ran this one already no luck

Incidentally, the pop up is still happening...
Ill retry again and again...
thanks
frank

If you are running Firefox you can grab "NoScript" add-on which allows you to choose which websites use scripting. This add-on will let you see what website are being accessed by Firefox. If you are able to find out which url the "malicious site" is then we may be able to pinpoint which malware is affecting your pc.

Something else you could try is grabbing "hijack this" at http://free.antivirus.com/hijackthis/ and letting it run a scan on your PC. It may show you what is being loaded up at boot time that might be erroneous.

Thanks everyone

Its "Trojan Horse Adload_r.AKC"

According to AVG

I can remove 3 infections but 3 that seem to reside in "memory" (presumably that's the restore setup??) could not be accessed

I'll keep re-running AVG with restore off and rebooting to see if that catches it

thanks again

frank

Hi Frank, I had similar problems in the past with PC Cillin not removing the Trojan and continually getting the pop up notifying of the Trojan. I tried Stopzilla, free at first and that fixed the problem. I then purchased Stopzilla.

All the best.

make sure you update Spybot and then run it in "Safe Mode" Frank

see how that goes

geoff

Folks,
Thanks for all the input
I tried all recommendations (including running software in SAFE mode)

In the end it seems (i say seems) resolved. What finally appears to have removed (hopefully not just masked...) the trojans is a small software called tdsskiller from kapersky.

it removed something OTHER than the AVG reported adload trojan but a subsequent scan with AVG finally shows no infection.

Fo what its worth i read in some forums that some anti virus software dont see the trojan at all, AVG seems always reported as able to see the adload trojan but unable to remove it.


An no I'm not affiliated with either kapersky or AVG.

if you have pop ups or your machine is running suspiciously slow then at least try AVG to see if it picks up adload trojan, if it does tdsskiller seems to remove it.


Now if anybody can get me a picture and the address of the little cherub who wrote this virus....

frank

Hi Frank, antivirus are good at preventing infections but not really good at cleaning them. Unfortunately it is harder to clean an infected system than blocking the nasties in the first place.

Problem is most viruses will load in memory. So it doesn't matter how many times you clean your drive, they'll drop back down on the HD at shutdown, then you're back to square one at reboot.

The real nasty ones will write in the master boot record and if that happens you're pretty much screwed, but you can get rid of most these days by booting from a CD so you don't load the OS or even going into safe mode. 99% of the work is identifying the bugger and download a specific removal tool. Symantec has a good online security scanner that you can run from IE as an active X. This will not clean your HD but it will pinpoint the infected files and more importantly the name/designation of the virus(es). Then you can run the corresponding removal tool once you have identified it (each). There is a step by step procedure to follow that may differ for each type but it usually works very well. HTH.

Glad you managed to kill the wee bugga, they can be really persistent. If you get another download McAfee Stinger. They create several versions dependent on your particular nasty and you burn to CD or USB and boot from that.
Most AV's will pick up the installed active component of the Trojan or Hack as you found but the original installer will be buried in the Windows system folder with a random name generated by the original downloader. Some heuristic scanners can find these and kill them. I think Kapersky works that way if I remember correctly.

Thanks for that advice
so far does seem to have been removed :thumbsup:
it was really starting to get to me!
frank