Trojan.gen activity, slower system?

Status
Not open for further replies.

jtpetch

Honorable
Jan 16, 2014
243
0
10,690
Hi, I've been having a popup from Norton Antivirus (I know, I don't like it much either, but i got it free with comcast) saying "Trojan.gen activity blocked".
Now, I'm not a virus wiz, but I know what a trojan is, relatively. So, I had Norton do a FULL scan (took a few hours). The end result said it had detected 3 issues (All simply labelled "VIRUS"), and resolved two of them.
It said there was one that required my attention, it wanted me to restart. So I did. After restarting, I logged into my windows account again (I'm using 8.1, btw). About 15 seconds after it logged me in, i got the same popup. So I went into the norton security center, and looked at the security history. I found (what I believed to be) the details for the virus. This is what it said.
Now, I haven't been seeing any change (or any noticeable change) in my cpu, disk, and ram usages in task manager, nor do I see any processes that catch my eye as bad. What I have noticed though, is my system seems to be slower than it should be. I get MUCH lower fps in games (maxing out at ~250, to now maxing out at roughly 50-60, which isn't terrible, but in much more intensive games, it knocks it down to 25-30) then i did before this started happening, and even opening up webpages and files is slower.

So, what I'm wondering is, does anyone know what this is, how to fix it, and how to prevent this from happening again? (And BTW, I haven't downloaded ANY files that I didn't already know were not malicious.) Thanks all!
 

jtpetch

Honorable
Jan 16, 2014
243
0
10,690


(Whoops, accidentally already hit pick as best solution -_-)
Anyway, I'll go try that now. This had better not be adware, as I've never heard of it before :|
 
How many versions of java are installed?? If it's installed. You should have one. Or 2 if windows is 64 bit. And you install the 32 and 64 bit version

And it should ALWAYS be the latest version. If Java is installed and previous versions are still installed, uninstall them
 

jtpetch

Honorable
Jan 16, 2014
243
0
10,690


Not entirely sure what Java has to do with anything, but I do have Win 8.1 64 bit. I have the latest Java 64 bit update installed (just did it yesterday actually, Minecraft started complaining :p) I do also have Java 32 bit installed (I did that a while ago for a project of mine), but I'm not sure it's updated. Frankly, i'm not even sure how you can actually have both version installed.
 

jtpetch

Honorable
Jan 16, 2014
243
0
10,690
Ok, so, the scan completed, i saved the log, and restarted as it said to. Before I go any further, something interesting happened after rebooting. So, my PC went to the startup screen as normal (where you can access the BIOS and such), then it went to a screen I've never seen before. All I saw of it was something like "HITMAN PRO 3" in the top left corner of the screen. I know it said more, but I didn't have enough time to catch all of it, it was only on the screen for about 3 seconds. After that, it went to the normal windows startup thing as normal. I logged in, was taken to the desktop as normal, and was met by disappointment: I still got the popup.
In the log, from what I could gather, it did quarantine a few things. Here is the log (I put it in pastebin): http://pastebin.com/jv0UYiy7
 

jtpetch

Honorable
Jan 16, 2014
243
0
10,690
To me, it looks like it may be a firewall alert, as it gives me an ip and such that are "attacking", though, it still says "Trojan", which is bothering me. If my knowledge of viruses is correct, then a Trojan is basically a modern day representation of the attack on Troy. The virus disguises itself as a legitimate file (the wooden horse), or with one, and "infiltrates" the computer (Troy). After which, the attacks can begin. So, yes, it does look like I am being attacked from outside my PC, but this still means that there is a file in my PC allowing them to do this, right?
 
You can get trojan.gen from outdated versions of Java, thats why I said it. And older versions of Java have vulnerabilities.

Even if you install later versions, you can get hacked with older versions of Java if theyre still installed

I dont use Java either. There are no programs on these that need it

You can have 32 and 64 bit Java if youre using a 32 and 64 bit browser. And 64 bit windows.

Since obviously 64 bit Java wont run on a 32 bit browser


 

jtpetch

Honorable
Jan 16, 2014
243
0
10,690


So, I need not do anything else?
Even though it appears like it's being blocked, i think either Norton having to constantly block it, or it itself attacking, is slowing down my pc. And Paul, I'll go make sure that both Java versions are updated.
 

jtpetch

Honorable
Jan 16, 2014
243
0
10,690


The only version of Java i have is "Java7 (64 bit) Version 60
Apparently I uninstalled the 32 bit one a bit ago. I don't actually need it, my browser (Chrome) is 64 bit. (I'm using the beta, 64 bit version. Runs better than 32 for me)
 

jtpetch

Honorable
Jan 16, 2014
243
0
10,690
Also, I was considering going back to a windows restore point, as i thought that may resolve it, but the furthest back one I have is 3 days ago, and I was having the problem before then.
 

jtpetch

Honorable
Jan 16, 2014
243
0
10,690
The only thing I can think of at the moment is the NPE (Norton Power Eraser, which was suggest numerous times by numerous users when I looked for the virus on the Symantec forums). I'm going to do that now
 

jtpetch

Honorable
Jan 16, 2014
243
0
10,690


Ok, I will. And the end results of the NPE scan were as disappointing. As all it located were a few .exe files on my desktop, that I put there myself, and got from trusted sources, HOWEVER, I have not had the popup yet. NPE.
NPE Not only did a quick scan of my pc in key areas, but it also said it did a regsistry scan. Now, it didn't tell me it removed anything there, but it may have.
I'll do the java thing, and monitor it for a while, to see what happens.
 
Download / extract Javara http://singularlabs.com/software/javara/

Run it then update java defs, then click on back. Then remove java runtime. Then next, click on perform removal routine. This will remove older entries.

You may have to close browser/s first. And disable system restore use ccleaner then turn it back on if you want to use it
 

jtpetch

Honorable
Jan 16, 2014
243
0
10,690


Done. Still getting the popup, but now that I look into it more, it does indeed look like it is just an attack from an external location, and Norton seems to be blocking it. I actually don't think there's anything I can do to stop this, as it is the hacker's end that keeps attacking. So, assuming it is indeed getting blocked, would it be safe to just disable notifications for it and continue as normal?
 

jtpetch

Honorable
Jan 16, 2014
243
0
10,690
Actually, now that I think about it, i'm not finished here. Since about a month ago (around the time I saw the first notification, but thought nothing of it, dumb ol me) I've been having game problems. FPS Dropping, and only getting about 15 when recording. I searched around a bit more and found an article. This guy was having the same problems as me, with a very similar rig as mine. He finally found out it was actually a trojan horse virus making his gpu usage go to and stay at 100% most of the time for no reason. He said that after removing it (didn't specify how, though i found another article explaining a few ways) his recording fps shot back up to where it should be (100+). I'm going to try that, and I'll post back here when I'm done.
 
Status
Not open for further replies.