Kind of OT, Trojan removal

[11290slk]

Wife got this while on FedEx, printing a receipt. Can't find a fix anywhere to actually remove it. Gets quarantined in MS Security Essentials and MalwareBytes can find it but won't remove it.

Trojan:JS/Medfox.B

Preparing for the worst, reformat and reload if nothing found soon as I'm tired of trying to get rid of it. Done a lot of google search and tried Kaspersky but it didn't even find it.

WinXP Pro Op System

[David M]

Did you try running Malwarebytes in safe mode?

I found this which describes how to remove it with Kaspersky, Malwarebytes and some other anti-malware software.
http://malwaretips.com/blogs/remove-medfos-trojan/

[11290slk]

Tried all of that/those (except rougekiller) last night. Malwarebytes found it, said it removed it but keeps coming up in Security Essentials. Kaspersky TDSSKiller didn't even find it. Trying RougeKiller, will see if it does anything good.

[11290slk]

Well maybe spoke too soon. RogueKiller, the only one of the group within that link that I didn't try, seems to have worked, at least for now. It deleted and changed a couple of registry entries and I'm not getting any popups now from Security Essentials now. Will check it out over the next day or so and see what happens.

[11290slk]

Been running about a day now since using "roguekiller". Threat not showing anymore in Microsoft Security Essentials repeatedly as before. Have run multiple scans and no threats showing up.

One of a couple of things possible. Roguekiller fixed/disabled the threat within the registry entries, or, it fixed a registry entry to not allow it to be seen by malware detection software, and it's now hidden and still there. Sort of suspect the latter as MalwareBtyes now opens very slowly compared to before and also getting some "redirects" when trying to open some links. Know way of telling for sure, but I think there is something still there.

Going to assume at least for the time being, that it is an inactive threat. Going to be away from my desktop for about 6 weeks although my wife will be using it from time to time and will probably just reformat when I get back home just to be sure. Don't have enough time to do it before I need to leave.

[David M]

I was thinking the same...reformat. Zero out the drive though using Boot and Nuke. Sorry it comes down to wiping the drive. It feels like the dirt bags won when you have to do that.

[11290slk]

Quote:

Originally Posted by David M I was thinking the same...reformat. Zero out the drive though using Boot and Nuke. Sorry it comes down to wiping the drive. It feels like the dirt bags won when you have to do that.

Probably just going to put a new drive in. This ones been in about 4 1/2 years so I imagine it's about at the end of it's service life. I've reformatted it a couple of times and was actually thinking about doing it several weeks ago (before all this happened (was running out of room on my "C" partition and had to steal some space from one of the other partitions on the drive).

Spent a few minutes getting all my discs together this past weekend and printing BelArc data but I'm leaving sometime Wednesday to go to Orlando FL (about 850 miles away-live in Indiana) for about 6 weeks and just don't want to spend the time between now and then to do it. Wife uses her Ipad now for most of her stuff so the desktop won't be used that much other than printing some coupons or such.

[rjfvillarosa]

I have found Emsisoft to be a good tool for removing a stubborn nasty. The good thing about emsisoft is that you can run it from a USB stick. Install it on your machine and update it, then "copy" the now updated app to a USB stick and run it on the infected machine direct from the USB stick.

Emsisoft Anti-Malware - Best antivirus and firewall to protect from viruses, bots, spyware, keyloggers, trojans, scareware and rootkits