Need to request a remote session and advice

Jack
Jack Posts: 69 Active Engager

I have a virus and am hoping experienced members might be willing to help me.  First I will explain what happened, and then I will ask for help on particular questions I have

 

Yesterday while online, and having about 15 pages opened on Internet Explorer, I got a message from F Secure saying a virus had downloaded and "Virus could not be removed."  It identified the virus as Trojan.HTML.Redirector.U and advised me to contact F Secure.  I tried to connect but apparently it was outside of business hours and nobody was there so I sent an email.

 

I ran the F Secure cleanup tool followed by a complete computer scan and then the cleanup tool again, all three showing no malware found.

 

My email response from F Secure was to recommend that I request a remote session and I was given a phone number to call, but the email came outside of business hours and it is now Saturday and F Secure is closed.  I have not seen anything suspicious on my computer but am not visiting sensitive sites such as banking until I get this resolved.

 

I need to know what hour to call.  I am in the Eastern time zone of the USA, and do not know if the times to call (9 to 16) are GMT and need to be converted to that, or some other time zone.  I am 70 years old and know nothing about computers, so am depending on this community for help and advice.  Thank you for any help on this

Comments

  • Simon
    Simon Posts: 2,667 Superuser

    Hello Jack,

     

    First of all, have you checked your F-Secure Quarantine folder to see if there is anything there?  You'll find it in a link on the Settings > Virus Protection screen (terminology may differ slightly depending on your version of F-Secure).  If it's listed there, then it means that your computer is safe.  The message that F-Secure "couldn't remove" the virus may mean literally that, but it still may have been blocked from running, if that makes sense.

     

    Secondly, I would suggest downloading and running a scan with Malwarebytes and see if that finds anything.  Come back to us when you've done that and let us know how things go.  :)

  • Jack
    Jack Posts: 69 Active Engager

    Thank you Simon.  Do I need to turn off F Secure to run malware bytes?  I hate to turn it off if I don't need to, but I know some security programs won't run with another security program turned on.  Thanks for any reply

  • Simon
    Simon Posts: 2,667 Superuser

    No, Malwarebytes is compatible with F-Secure, and will run happily along side it, so you may want to keep it installed once this is sorted. 

  • Jack
    Jack Posts: 69 Active Engager

    Simon, the installation program for malwarebytes asked to to disable virus and firewall software before installing.  Can I ignore this at this step?  I just want to be sure that nothing's destroyed and that I am protected. 

  • Simon
    Simon Posts: 2,667 Superuser
    I don't remember it doing that, Jack, but it's a while since I installed it. I think it's probably safe to ignore the warning and install.

    Just a thought, but you haven't got any other anti virus software installed as well, have you?
  • Simon
    Simon Posts: 2,667 Superuser
    If Malwarebytes refuses to install, then you can temporarily disable F-Secure in the Tools screen.
  • Jack
    Jack Posts: 69 Active Engager

    No, nothing else installed.  I think I will try to install it without turning off F Secure

  • Jack
    Jack Posts: 69 Active Engager

    Simon, the program installed okay and I ran it and found a bug called RRSavings.A which was in five different places on my computer.  The program cleaned it off okay and I restarted the computer.  I don't know if this is the one F Secure advised me about or not  (at the time I got the F Secure warning, F Secure called it "Trojan.HTML.Redirector.U"

  • Simon
    Simon Posts: 2,667 Superuser
    To be honest, if you've scanned with MWB and it found and removed that, plus you've done full scans with F-Secure (have you also used the Online Scanner?), then I think you should be fairly confident that the machine is clean. There's another one you could try, which is Kaspersky's TDSSKiller, if you feel like it. I would recommend that you keep Malwarebytes installed and running, as it acts as a good second line of protection.

    http://usa.kaspersky.com/downloads/TDSSKiller
  • Simon
    Simon Posts: 2,667 Superuser
    By the way, was there anything in the FS quarantine folder?
  • Jack
    Jack Posts: 69 Active Engager

    No, nothing in Quarantine.  I wonder if I should still request a remote session from F Secure when they open on Monday?

  • Jack
    Jack Posts: 69 Active Engager

    Again, can I run TDSS killer with F Secure running?  And can I install it with F Secure running?  I am not too up on computer things.

  • Simon
    Simon Posts: 2,667 Superuser

    @Jack wrote:

    No, nothing in Quarantine.  I wonder if I should still request a remote session from F Secure when they open on Monday?


    That's entirely up to you, Jack, but if it would give you piece of mind, then it probably won't hurt.  Just make sure you go direct through www.f-secure.com as we had a recent incident where someone got caught out by a rogue support website, and they were charged a substantial fee.  F-Secure support is always free. 

  • Jack
    Jack Posts: 69 Active Engager

    Okay, downloaded it, ran it, no threats found.  Thank you very much for helping me Simon, I feel much better.  Still worried about doing online banking, they asked me to download something but I haven't responded for a few days since getting the F Secure warning

  • Simon
    Simon Posts: 2,667 Superuser

    @Jack wrote:

    Again, can I run TDSS killer with F Secure running?  And can I install it with F Secure running?  I am not too up on computer things.


    I think you can run the scan with FS running, but if it complains, try temporarily disabling FS in Tools.  This one is only a scanner and you don't need to leave it installed once the scan is complete.  

  • Simon
    Simon Posts: 2,667 Superuser

    @Jack wrote:

    Okay, downloaded it, ran it, no threats found.  Thank you very much for helping me Simon, I feel much better.  Still worried about doing online banking, they asked me to download something but I haven't responded for a few days since getting the F Secure warning


    Can I ask what it was they asked you to download?  If it's Trusteer Rapport, I'd advise you to avoid it as it may not work with FS.  

  • Jack
    Jack Posts: 69 Active Engager

    I downloaded tdsskiller and it is on my system as tdsskiller.exe now

  • Simon
    Simon Posts: 2,667 Superuser

    That's just the launcher for the program.  It's not doing anything, so you can delete it, or hide it somewhere in case you need it again.  :)

  • Jack
    Jack Posts: 69 Active Engager

    It seemed to run okay and advised me I had no malware

  • Ukko
    Ukko Posts: 3,770 Superuser

    Hello,

     

    Sorry for my reply.

    But when F-Secure prompted about current detection (about trojan.html-redirector)?

    Does it's just as pop-up during idle for system and by real-time scanning (background).

    Or comes as "result of manual scan" (full scan).

    Or during use a browser?

     

    Anyway... if Quarantine not helpful. Can it's be that else one place have information about "detection"?

    I mean -> main user-interface of F-Secure (AV/Computer Security). Settings. Part about manual scan or real-time scanning.. and there will open "History of removal spyware and viruses" (Removal history list). There can be information about ?! this notifications. such as it's can be marked that "mistake" during action.

    Such as.. it's anyway should be placed under some of?!?! (if it's not placed under log-report as result of scan).

    Also with "pop-up/notification" should be also information about "file" - where is it... and how it called. ?!

     

    With current information (where and which file triggered deteection) you can to understand what is it.

    It's can be, for example, part of zipped archive. And it's not available to be removed automatically. But you can to do manually.

    And it's mean you system can be safe, but just "static" file with "malicious signature". Or something else.

     

    If it's happened during browsing.. so.. maybe trouble with page.. which trying to use something as "exploit".

  • Jack
    Jack Posts: 69 Active Engager

    Thank you Ukko.  It came up during browsing with Internet Explorer.  It said "failed."  I think Simon's help may have got it, although F Secure identified the virus as "Trojan.HTML.REDIRECTOR.U" and the one I found with Simon's help was called "RRSavings.A"  I am assuming they are the same thing?  Anyhow, that one is cleaned

  • NikK
    NikK Posts: 903 Forum Champion

    Jack, I see you already received good help but I don't think anyone has informed you about this yet, to ease your mind:

     

    "When an F-Secure security product reports anything malicious on your computer it has already detected and stopped it, preventing it from causing any harm to your system or your data. Our security software  will not remove infected files under some circumstances, they will however do no more harm than wasting your disk space and cause additional virus warnings whenever you or a system process is accessing that file."

    From: Viruses were found but were not automatically cleaned. What can I do?

     

    RRSavings.A is not malware but adware, and is classified as a PUP - Potentially Unwanted Program. It display ads typically not associated with the sites you are visiting.

     

    An F-Secure search for "Trojan.HTML.Redirector.U" results in this page: https://www.f-secure.com/v-descs/trojan_js_redirector_i.shtml

    Description of what it does: users navigating to a particular website are redirected to a pornographic website

     

    If malware is detected in the Temporary Internet files folder F-Secure recommends that you delete all the files in the folder. Because the files are only cached copies, no actual data is lost.

    To delete the files in Windows Vista, 7 and 8:

     

    1. Do one of the following:
      • Click Start > Control Panel > Internet Options and, on the General tab under Browsing history, click the Delete... button.
      • Open Internet Explorer and click Tools > Internet Options and, on the General tab under Browsing history, click the Delete... button.
      • Open Internet Explorer and click Safety > Delete Browsing History.
      The Delete Browsing History dialog box opens:

      Delete Browsing History

    2. Select the Temporary Internet files checkbox and click the Delete button to delete the temporary Internet files.

    From: Cleaning temporary Internet files in Internet Explorer

     

    Even if you don't know where this "virus" file is/was, there's no harm in following the above instructions to clear the cache and browsing history of Internet Explorer.

This discussion has been closed.
Feedback on New Design