S.O.S. Trojan virus or 'False Positive'?
 

Hi All

Bit panicky here - will try and keep it short.
Laptop with Windows 7, Running AVG free version as main scheduled antivirus with Malwarebytes as alternative. Last 3 days AVG has started reporting IRP Hook Rootkit Trojan (9 entries). Run removal each time but next day same IRP Hook files reappear.

Have searched online etc for how to fix. Come up with varying info: either these are false positives generated by AVG or a problem with driver, or a really nasty, potentially system destroying Trojan. If latter the fixes are very complex and don't always seem successful and how do you trust that those suggesting the fixes are above board.

So thought I'd ask here as you folk haven't steered me wrong yet. So if any one has any recommendations of sites they know can be trusted or suggestions it would be appreciated.

I know I could take it to repair shop but just 3 wks ago I took it in because it was slow on start-up - they said it was an unrepairable corrupt hard drive - new hard drive was $275.00. They cloned my old hard drive on to the new one - now I'm beginning to wonder if the Trojan was hidden on the old hard drive & causing the problem. Only other thing I changed was removed AVG 2014 and downloaded the 2015 version shortly before this started happening.

I'm too scared to even start up my laptop at the moment until I can either find a fix or figure out if this is an AVG bug. (Fired up a second-hand I-pad to do this).

Thanks for reading.

Have you tried scanning in safe mode with malwarebytes?

There were a lot of places on google search but some were difficult to follow and complicated.

This one seemed more straightforward.

http://www.im-infected.com/trojan/ir...it-trojan.html

Hi Lara
Thanks for getting back so quick. Malwarebytes doesn't detect it - as many of the others who had the same problem found. I'll try that link you provided then I think I'll leave it for tonite - bit of a mental overload right now.

Have a good evening.

I looked for a while before posting.
I'm on a mac these days so have forgotten a lot of what to do I'm sorry.

If I find anything less complicated I'll post it.

take care there. Must be cold too.

Just read that link Lara. It's much clearer than most of the others I found and I do recognise some of the names there eg Symantec. Will bookmark it and try it tomorrow.

Thanks for finding it - I'll sleep easier tonite. :)

Sleep well. By tomorrow someone else may have some ideas as well.
talk later

Hi bluesfan

Adding to the link which Lara provided (which looks good to me) this one might also help in zapping the Trojan; http://www.antivirusgateway.com/how-...emoval-guides/ .

A LOT of the search results I found are marked as not safe by WOT.. (web of trust)
I would only get programs from well known anti virus sites in this case..

Have you tried Hijack this?
http://sourceforge.net/projects/hjt/
how to use it-
http://www.wikihow.com/Use-HiJackThis
http://www.bleepingcomputer.com/tuto...se-hijackthis/

other free tools-
http://free.antivirus.com/us/#cleanup-and-prevention
http://usa.kaspersky.com/downloads/TDSSKiller

Thanks for this kiwi33 - read through it and although for a non geek like me it's quite complicated I think I may be able to follow it.

Thanks Jo*mar
Is WOT a program I can download onto my laptop - does it review sites before they're downloaded?
Thanks for the other sites - I had read some of the Bleeping Computer forum & info. I'll look at the various options later today and figure out which of them might be manageable for me to attempt.

It's times like these I get really frustrated with computer manufacturers. They've well & truly forgotten the K.I.S.S principle when it comes to making computers for non-technical customers.

[WOT is a free add-on for your browser

You can download the WOT add-on for Firefox, Chrome, Internet Explorer, Opera, and Safari browsers. It does not slow down your browsing experience, it is easy to use and free. Just click “Download”, and you are ready to go!]
https://www.mywot.com/

I've used it for years ...

How are you getting on with all this??

Hi Lara
Thanks for asking. Have found a local geek - uni student recommended to me - who's going to take a look at the laptop later today. Have been checking out the links everyone posted (thanks) and don't feel I have enough tech skills to deal with this alone. Also into day 3 of bad headache so struggling to deal with stuff -throw in second day of frozen water pipes and I'm just about ready to move to Brissie! Will post back later how I get on today.

Great idea to get someone to help.
Don't move here this week. They reckon it is going to snow a little out west this week in Qld. :eek: True story but it's rather funny as I'm still in bare feet and I always say that there'll be something seriously wrong with the planet if it snows here. [p.s. if it snows out in the granite belt, we'll be taking a day trip so my daughter can see snow for the first time in her life. Doubt it will happen though.]
Sorry to make light of your freezing weather. Keep warm and I hope you're feeling better fast and have that computer clean as a whistle very soon.

Spent an hour yesterday with the computer geek – who looked all of 16 yrs old, but is actually in his 2nd year of a computer science degree – and has his own website design/hosting company to fund his way through uni. Fortunately I found him back at home in our small town on a break from studies.

He put my laptop into safe mode, ran several scans, reviewed the source code of the supposed threats, checked the registry system etc. No threats were found by any other scan programs. His conclusion was that the trojan threats reported by AVG were 'false positives' generated when I installed the 2015 version of AVG. On the AVG website forum there are other users discussing the same problem. I can't help but wonder if these IRP Hook Rootkit threats are a 'scare' to get free AVG users to upgrade to the premium or maybe they are just a bug in AVG's anti-virus program?

He checked my security and said that it was up to date and adequate and recommended not to change anything, but to monitor the AVG scans, and to keep running regular Malwarebytes scans and see if anything changes. (Other users have reported that the threats sometimes just disappear after a while). Here's hoping!

For all this help he only wanted to charge me $25.00 – if I'd taken it to the repair shop it would have been $50 minimum - and I wouldn't have learnt anything myself. We've also arranged to do some tutoring sessions at a later date on essential computer 'housekeeping' - I can remember the basics but due to illness have forgotten details learnt years ago and there's so much new stuff.

However he did also tell me that at the tender age of 5 years my laptop is officially 'old' - the new hard drive will extend it's life but to expect other things to start breaking down.
Time to start saving for an Apple me thinks. :rolleyes:

PS: Did it snow Lara?

Well that was really a very good $25 investment. :)
Good news for now.

No snow in Qld as far as I know. Not really cold enough although there's a gale blowing. Not long awake but checked the weather bureau and only warnings for Qld are for the safety of lambs and sheep. :) True story, so they must be expecting sleet or something out there in the west. Time will tell.

Glad to hear that you had it all checked out and that you can use your computer safely again.

Keep warm there.

Yeah thanks Lara
He really was a good kid - I'd heard that when he was in high school he used to help "technically challenged" older ladies with computer problems just for a donation. (although I hate to admit it I think I fall into that category :p )

You have lambs and sheep in Qld? - and here's me thinking it was all kangaroos and alligators. :D

We've another frosty morning but I solved the frozen water pipe problem by leaving a tap dripping overnite - as the pressure gradually falls the water pump kicks in automatically and water's pushed through the pipe. One nice thing about the frosts is an incredibly beautiful fine day after - not a cloud in the sky yesterday - still only got to 10 C though.

Ha Ha! A nation built on wheat and sheep. Gone are those days.
No alligators but lots of crocs. ;) Not the ones people wear on their feet either.

I've heard about that running water through the pipes to stop them freezing from my friends here at NT who live in frozen places each winter.

brrrrr, shivering just thinking about it.
Sun is out and clear day here too ... for now.
People out there surfing as usual I see. Ocean is much warmer than the ground temp.

They were praying for snow, hail, rain… anything in Cardiff, but it didn't come:D

Dave.

LOL Dave. :)

You win some, you lose some.
As long as everyone plays fair, that's all that matters.... isn't it? Not sure. ;)

Just an update on the computer.

As of yesterday the IRP Hook Rootkit Trojan virus seems to have disappeared from the AVG scans - as others with the same problem found.
Here's hoping it really was just a 'false positive' and isn't lurking hidden on my computer.

This is the first potentially serious threat I've had (only been on broadband since Feb 2014) so I'm probably being a bit paranoid so thanks everyone for helping out. I can't afford to continually pay someone else to disinfect my computer - and a stuffed computer means no NT - now that really would be serious.

One can buy heating tape to wrap around the pipes where they
get exposed to the most cold. You plug it into electricity.

We have to use 2 each winter, and a heater downstairs besides!

Leaving a tap dribbling helps, but only "so much"... sometimes you need the heating tapes.

Thanks MrsD - I hadn't heard of heating tape.
Unfortunately my water pipe's buried underground where it runs from the water pump shed into the house - only a distance of about 4 yds but enough to freeze. Normally happens only a few days each winter - it's unusual to have 6 days in a row with sub-zero temps as we've had this past week (warmer but wetter today). The above ground section of pipe is insulated with lite density foam wrap.