U.S. CitiesCity-Data Forum Index
Go Back   City-Data Forum > General Forums > Science and Technology > Computers
 [Register]
Please register to participate in our discussions with 2 million other members - it's free and quick! Some forums can only be seen by registered members. After you create your account, you'll be able to customize options and access all our 15,000 new posts/day with fewer ads.
View detailed profile (Advanced) or search
site with Google Custom Search

Search Forums  (Advanced)
 
Old 05-07-2013, 10:23 PM
 
43,012 posts, read 93,764,981 times
Reputation: 30430

Advertisements

My son got a this Trojan on his computer. He needs some help, and he's nervous about going to websites that come up in google search about this Trojan because they aren't the typical websites with info like this. I thought I'd post here.

He has detected it with malware bytes. The log file said one file detected. C:/qoobox/quarentine/c/users/(username)/appdata/roaming/trojan.medfos.rre. It said no action taken. He can't find the file. He ran combofix. He initially though combofix quarantined the file because it does say /quarantine. The folder name qoobox he has seen on internet searches has been related to various viruses. There was a random numbered folder that is supposed to be associated with this trojan that is named with 20 numeric characters (that he thinks contained the root kit). He deleted everything he could. He has scanned with 5 different types of virus scans, including a verify signature scan and all other Kapersky's TDSSKiller's options. Nothing can find the files.

He sees on websites that this is a recent threat so he's not sure if the virus scans are up-to-date enough to correct the problem. It's an old virus but a new and recent threat. He also wonders if they can't find it because he quarantined the file.

He can't do a factory reinstall because this HP computer only comes with a recovery point. His recovery point is just 4 days ago, which is before malware bytes knew the signature existed. I have a Geek Squad warranty but I'm not sure how they could help since this particular computer doesn't have a factory reinstall like our Asus since all they ever have done is factory reinstalls in the past.

He is not sure what to do at this point. He wonders if he quarantined the file or if he should turn off his computer until the antivirus softwares catch up.

Any ideas?
Reply With Quote Quick reply to this message

 
Old 05-08-2013, 06:03 AM
 
10,753 posts, read 18,008,790 times
Reputation: 10244
If your HP didn't come with recovery DVD's, you do have an onboard recovery option, take a look at your documentation or HP's support site on how to access it, it's usually the ESC key during POST to bring up the options menu. You may see a notice on the screen when you first turn it on that says hit ESC to access advanced boot options or something similar.

Malwarebytes has a support forum with people that will walk you through cleanup
Malware Removal - HijackThis Logs - Malwarebytes Forum
Reply With Quote Quick reply to this message
 
Old 05-08-2013, 10:21 AM
 
43,012 posts, read 93,764,981 times
Reputation: 30430
Thanks! It seems he got rid of the Trojan, but this information is good to know!
Reply With Quote Quick reply to this message
 
Old 05-08-2013, 12:53 PM
 
43,012 posts, read 93,764,981 times
Reputation: 30430
Quote:
Originally Posted by NHDave View Post
If your HP didn't come with recovery DVD's, you do have an onboard recovery option, take a look at your documentation or HP's support site on how to access it, it's usually the ESC key during POST to bring up the options menu. You may see a notice on the screen when you first turn it on that says hit ESC to access advanced boot options or something similar.
I just wanted to follow-up. He decided to do this. It worked great. Thank you so much!
Reply With Quote Quick reply to this message
 
Old 05-08-2013, 12:56 PM
 
10,753 posts, read 18,008,790 times
Reputation: 10244
Quote:
Originally Posted by Hopes View Post
I just wanted to follow-up. He decided to do this. It worked great. Thank you so much!
This is sometimes the best option when you don't have allot invested as far as installed software or data to be backed up.
Reply With Quote Quick reply to this message
 
Old 05-08-2013, 01:28 PM
 
43,012 posts, read 93,764,981 times
Reputation: 30430
Quote:
Originally Posted by NHDave View Post
This is sometimes the best option when you don't have allot invested as far as installed software or data to be backed up.
He's fortunate because he buys all of his software online. It's all out there in an account to re-download, even stuff he bought over 10 years ago. The biggest loss is his music, but he has most of it on CD and iPod. He downloaded all of the security software that exists. He plans to run a daily scan. When my computer dies, it's a much bigger problem. If I had important data, which I don't these days, I'd be doing scheduled backups on regular basis. Thanks for your help. He was a mess last night over this.
Reply With Quote Quick reply to this message
Please register to post and access all features of our very popular forum. It is free and quick. Over $68,000 in prizes has already been given out to active posters on our forum. Additional giveaways are planned.

Detailed information about all U.S. cities, counties, and zip codes on our site: City-data.com.


Reply
Please update this thread with any new information or opinions. This open thread is still read by thousands of people, so we encourage all additional points of view.

Quick Reply
Message:

Over $104,000 in prizes was already given out to active posters on our forum and additional giveaways are planned!

Go Back   City-Data Forum > General Forums > Science and Technology > Computers
Similar Threads
Follow City-Data.com founder on our Forum or

All times are GMT -6. The time now is 02:46 AM.

© 2005-2019, Advameg, Inc. · Please obey Forum Rules · Terms of Use and Privacy Policy · Bug Bounty

City-Data.com - Archive 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35 - Top