When I woke up this morning and turned on the computer, I sorta noticed Zone Alarm hadn't booted up as usual, but seeing as I didn't really go to any malicious sites nor used certain programs like Kazaa [not anymore, anyway], I gave a mental shrug and moved on.

Later that day, my FiOs Verizon DSL would crap out on me for no apparent reason while I was busting heads in Guildwars. After an hour on the phone with the techs [who were completely baffled by the problem], we noticed that although I had restarted the computer multiple times, Zone Alarm, as well as a number of other programs like McAffee Virus Scan, Quicktime, Meeya Popup Blocker never booted up like they normally would.

Stranger would be that even now, I am unable to open said programs AT ALL. Seriously, I have even tried going into those individual directories and opening them up individually. There are no error messages. Just a little hang-time....and nothing. Other programs like Microsoft Word, Guildwars, and IE works.

I am, at this moment, trying to bring up Trend Micro, but am unable to update!

What the hell?

Could be malware stopping them. Do you use Spybot or Adaware?

Yeah, that'd be my guess as well. Lately I've been trying to kill off a pretty damn nasty trojan I somehow acquired. It did the same sort of thing, where some programs wouldn't run, among other things.

Thy's got the right idea, methinks.

Okay, that is really sounding familiar...

About two weeks ago, something happened while my F-Secure Anti-Virus was updating itself; there was an incomprehnsible error message, and since then it won't auto-update (for new virus def'ns) and clicking on 'update now' does nothing. I was waiting for today (the first weekend I've had off since - might need a couple of days effort to sort this out) to dig in.

Yesterday, I booted, and F-Secure never started. Manually running it did nothing either; the little icon wouldn't appear in the systray.

Also Dancer's PC had a little tooltip appear over the AV app in systray about a new virus/exploit/etc about a week after my AV 'isolated itself'; presumably while HERS was updating...

However, the icon's back after boot up TODAY, but regardless I'm gonna d/l the trial app again, and disconnect my pc from the 'net before uninstalling, spybotting, and reinstalling.

The most probable diagnosis has already been mentioned (nicely done, guys ).



The funny thing is, Dancer's got EXACTLY the same setup (OS, security apps, etc) but for her using Firefox and me using 'Internet Exploiter' (I'm lazy, and may actually want to access poorly-written websites that don't follow W3 protocols - IE's much less snobby about that ). This is the turning point; anyone know how to migrate yer favourites/bookmark list from IE to FF after you've already installed the latter and used that 'copy fav' feature during the install?

Simple, use the import feature on Firefox. That browser is quit user friendly.

Yup, it's under the File tab on your toolbar. Just click on import and follow the steps.

I have both Adaware SE and Spybot, but neither could be updated for a while.

Neither program found anything....except CDilla which I seem to remember as a MW thing.

Yeah, CDilla comes with the MS MechPacks. Lately the thing residing on my system seems to be pretty quiet. I'm hoping I got it. For a while there it was spawning off copies of itself like mad. Some things still aren't right, tho. I figure I'm gonna just deal with it 'til I get a burner and can back up some data, then I'll just nuke the hard drive and re-install the OS.

Ok, I just redownloaded Grisoft's AVG free edition, and so far it's found 44 infected files. Among them are, yep, Zone Alarm and McAffee are among them. Yeah, thanks a lot.

I see a Trojan horse Downloader.Agent.ETX and a Trojan horse Downloader.ETV

The worrying thing is I haven't been able to update AVG to the newest version yet, as it claims I have no Internet Connection. Grr.

Edit: Ok, 72 infected files. All of them are different versions of the trojans mentioned above. Problem is, now I've got about 22 files sitting in my quarantine box, INCLUDING Zone Alarm client, several files from McAfee, printer software, scanner software, Acrobat Reader, and a whole slew of other less identifiable files. Obviously, these files are important, so those programs are missing key files and are still prevented from starting, this time with very loud complaints.

Apparently, they couldn't be "healed" like the rest, and so AVG deleted them. I could restore them I think, but that wouldn't fix the problem...... advise?

Reload them, system restore usaully gets infected by the things.

So how does one pick up a trojan like this? Just from browsing the web or do I have to actively d/l something?

I can't really say where I picked it up really. I only took notice when my internet connection went down.

I haven't really visited any "unusual" sites for some time, except maybe Youtube....

good thing I only go there from work!

Thanks Sandman I hope you get fully functional again...

Yeah, so now I'm using Firefox, and I have to say, it is rather shiny.

There are little nagging things that still bother me, like why these tabs keep opening to different pages even though I haven't clicked on them....

But it's still pretty neat.

Do you guys recommend any particular Extensions to download?

I have Torrent Search Bar, Fox Forecast, Gmail Notifier, Video Down-loader extensions and Aspell spell checker installed right now. The Pop-up control is in tools-options.

That about covers it... but you left out no script.

I like the Colo(u)rful tabs extension - makes the browser a little rainbow-brite, but also makes it easy to look through the tabs if you have a few (and since switching to FF way back when, I've gradually evolved a parallel surfing style of reading several things at once, and opening *all* interesting links in new tabs for later reading.

Also good is DownThemAll - particularly useful for media slurping - downloading all the videos/images/whatever-filetype-you-specify linked from a page, or even embedded in a page.


A useful tool to bear in mind for future infections is HijackThis, which is useful for spotting all kinds of unpleasantness loading itself. Fair warning: it's not a fire-and-forget - you need to do some digging and some thinking, but it can help when you can't get any of the normal apps to run because some horrible piece of malware is in the way.