Jump to content

[Solved] TROJAN HORSE HIDER.MPR

keppy2013
 Share

Recommended Posts

keppy2013 Newbie

keppy2013

Posted
Posted

Hello,

 

A friend is notified by AVG eveytime he boots up of a threat > Trojan Horse HIDER.MPR..... The option to place in the vault does not work.

 

Running a full AVG scan says it is complete after only one second, so scan is ineffective .Neither will it allow an AVG update.

 

So i assume the Trojan is compromising his pc.

 

He can get into some websites via Internet explorer but not all he wishes to.

 

He / myself are not great teckies....

 

1. Would going back to a previous restore point help, assuming one has been created ?

 

1. If the threat allows would downloading KASPERSKEY FREE REMOVAL TOOL be of any use ?

Would it work if an AVG scan doesnt work ?

 

2. Can you advise any other procedure that may help.

 

He thinks this problem occurred when he accessed a free live soccer website approx a week ago .

 

Your advice would be appreciated.

 

Kep

  • Replies 8
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Plastic Nev Newbie

Plastic Nev

Posted
Posted

Hi Kep,

If at all possible it would be best if your friend were to register and join us, that way our security advisor's can work directly with the affected computer. If not can you bring it and work can be done from your address.

 

In the mean time get him to follow this, its at the top of this malware forum any way:-

 

http://extremetechsupport.com/threads/10689-Before-posting-for-Malware-Removal-help.

 

Nev.

Need help with your computer problems? Then why not join Free PC Help. Register here.

If Free PC Help has helped you then please consider a donation. Click here

 We are all members helping other members. Please return here where you may be able to help someone else.  

After all, no one knows everything and you may have the answer that someone needs.

--------------------------------------------------------------------

I have installed Windows, now how do I install the curtains? 😄

image.png

keppy2013 Newbie

keppy2013

Posted
  • Author
Posted

Thanks for your reply.

I shall visit him and log in using my username etc.

Not sure when it will be.

What is the best time of day when you guys are around ?

I will try the adviceyou listed first.

Many thanks

Kep

Starbuck Newbie

Starbuck

Posted
Posted

Hi keppy

 

If your friends system is Winxp, Vista or Win7 get him to run this first: ( this program won't run on Win8 yet)

 

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

 

Link 1

Link 2

 

http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_FF.gif

 

 

http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_rename.gif

 

This is an example, you may rename ComboFix to anything you want.

 

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with the running of ComboFix.
    For more information read:
    How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
     
    Then:
     
    Double click on Combo-Fix.exe & follow the prompts.
     
    Vista/Win7 users should right click on the icon and select Run as Administrator.
     
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
     
    If running Vista/Win7, you will not see the recovery console screens as they are Win XP related
     
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

 

http://img.photobucket.com/albums/v708/starbuck50/cf1.png

 

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

 

http://img.photobucket.com/albums/v706/ried7/whatnext.png

 

Click on Yes, to continue scanning for malware.

 

Note:

Do not mouseclick combofix's window while it's running. That may cause it to stall

 

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

 

Then run the programs from the link that Plastic Nev gave you.

 

Please post the reports from all the scans.

Combofix.txt

Mbam scan report

both reports from OTL.

 

You may need to post these over 2 or 3 posts depending on how large they are.

 

Thanks

Member of:

UNITE

keppy2013 Newbie

keppy2013

Posted
  • Author
Posted (edited)

THANKS , I will try those downloads asap.... will they be ok in normal mode or should i try and download in safemode.

He is on Win XP , and Internet Explorer ( not sure which version ).

Regards

Kep

Edited by keppy2013
Starbuck Newbie

Starbuck

Posted
Posted

Hi keppy,

 

By all means try to download them and run them in normal mode.

They are more effective in normal mode.

Download using Safe Mode with Networking and run in Safe Mode as a last resort.

Member of:

UNITE

keppy2013 Newbie

keppy2013

Posted
  • Author
Posted

Hi I think i have managed to clear the problem this evening on my friends pc.

Not sure what was the actual cure but this is what i did :-

If you remember he was getting a warning of A TROJAN named Hider each time he booted up, Avg would not update or run a scan, and internet explorer would open 50% of sites seached. .

 

So :-

1. I uninstalled Avg.

2. I restored system to a point 14 days earlier using the restore option.

3. The pc then allowed me to download Chrome , free version of Avast, and free version of Malwarebytes.

 

Immediately all web pages became available in Chrome.

A full scan of MalwareBytes found and trapped two Trojans.

A quick scan of Avast found two more trojans of very low threat.

 

Friend is going to do another full scan on Avast tomorrow.

So at the moment his pc is running faster and looks reasonably clean.

 

By no means am i a teckie , i am guessing the problem lurked in Internet EXplorer ( i may be wrong).

The combination of the above hopefully has improved matters considerably.

Friend says he looks forward to running scans on a regular basis.

If he gets any problems in the future i will certainly return to this forum.

 

Just one question now remains......... he likes Chrome , he uses Google for his search engine........... Would it make sense to un-install Internet Explorer, or should i leave it sitting on his pc ?

 

Regards

Kep

Starbuck Newbie

Starbuck

Posted
Posted
Would it make sense to un-install Internet Explorer, or should i leave it sitting on his pc ?

Just leave it there.

Trying to remove it will cause more problems than it will cure.

Member of:

UNITE

keppy2013 Newbie

keppy2013

Posted
  • Author
Posted

Final Update i hope >>>

Friends pc continues to work normally.

Appreciate all the help given in this forum .

This thread can now be closed please .

THANKS

Kep

Guest
This topic is now closed to further replies.
 Share
Go to topic listing
×
×
  • Create New...