Talk Talk Trojan
pca_thejammy.b - 22 September 2008 - 9:10pm
Is it possible for an ISP (TalkTalk) to harbour a Trojan in itself. A friend cannot sign into Talk Talk without Spyware Doctor popping up asking for approval to accept a Trojan called "Download.Poper".
I have cleaned his computer of viruses and Trojans, have no difficulty connecting wirelessly to Virgin Media, but when he takes it home and connects to TalkTalk, even before connecting to any website, Spyware Doctor pops up asking to accept or reject the Trojan "Downloader.Poper". If he ticks do not accept, he cannot connect to TalkTalk.
When he clicks accept, he connects to TalkTalk, but then gets redirected to another website, one he doesn't want..
TalkTalk denies they have installed phorm.
It's got me stumped.
Log in to PCAnswers
How to...
Secure your PC with the HOSTS file
TanyaC - 5 September 2008 - 10:14am
Give your PC some added security without paying a penny using the HOSTS file. Tanya Combrinck guides you through the process. ... read more »
Latest PC news from TechRadar
- 5 reasons widgets may be the next big TV trend
- Exclusive: Virgin & ITV: Internet details not yet finalised
- Ballmer's CES keynote - all the details
- Virgin Media seals on-demand deal with ITV
- AMD rolls out much improved Phenom II CPU
- In Depth: Is 45nm silicon enough to save AMD?
- Windows 7 Beta available worldwide Friday
- Sony launches world's lightest 8-inch netbook
Copyright 2006 - 2008 Future Publishing Limited(company registered number 2008885), a company registered in England and Wales
whose registered office is at Beauford Court, 30 Monmouth Street, Bath, BA1 2BW, UK
Trojan poper or popper
Isitme - 23 September 2008 - 7:18pmI very much doubt if this is coming from TalkTalk. It is more likely his PC is infected and each time the internet is called up, the trojan springs to life. He will have to run a full course of AV, Trojan and Spyware programs. He could do worse than start with the free version of http://www.superantispyware.com/
If he is a P2P user there is every chance he has been infected by something he has downloaded from there, but even the most innocent looking programs can harbour trojans.
TomD
I've already cleaned his
pca_thejammy.b - 23 September 2008 - 8:09pmI've already cleaned his machine, using Hi-jackthis. AVG Pro, Sophos's emergency CD, Trojan remover and several other anti-virus and trojan programs. I'm convinced his comp. is clean. I've also reset the System restore point.
It's the fact that when I connect to the internet through Virgin, at my house, I have no pop ups, or problems getting into the websites I want. Yet when he immediately connects to TalkTalk, without going into any website, Spyware Doctor immediately pops up with this trojan warning. If he does not accept that trojan (Download.Poper.) with Spyware Doctor, he simply cannot connect to TalkTalk.
Normally, I would agree it would be a virus or trojan file causing this problem, but in this case I know his comp. is clean beforehand.
Try removing spyware doctor
pca_vampiro - 24 September 2008 - 7:36amTry removing spyware doctor as the editrolial reviews at download.com says "In our trial scans, Spyware Doctor repeatedly flagged several dozen harmless cookies as potential threats, more than any other antispyware product we tested. We were also unable to learn more about each threat or why Spyware Doctor flagged each. Clicking each threat opened our default browser to a generic threat page on the PCTools site."
and i have know it to cause similar problems on other machines.
it maybe attached to the connection settings as well so you could try rebuilding them.
PC specs Athlon 64 3200+ processor, 1024mb DDRam,GeForce 6800GT, DVD-RW Win XP Pro)|| Laptop 800mhz 256mb ram, onboard graphics, CD-RW
Thanks for that info.
pca_thejammy.b - 24 September 2008 - 12:14pmThanks for that info. Unfortunately, Spyware Doctor isn't picking up a false positive or cookie. It's blocking the Trojan "Download.popuper." It's a varient of Spy Sheriff.
As I've said, I've cleaned his machine and run it on Virgin Media,,without problems. When he tries to just connect to TalkTalk, up pops Spyware Doctor asking to accept or deny Downloader.popuper. If he denies it, he can't get connected to TalkTalk. If he accepts, he connects to the internet, but is nearly always re-directed to some other website, much the same as Spy Sheriff.
While I accept it's unlikely TalkTalk would harbour a virus or Trojan, can anyone come up with any other explanation.
Poperuper
Isitme - 24 September 2008 - 3:21pmYou say he accepts it and is then directed to other sites, that means the trojan is active on his system. Does he then go through the procedure to remove it? If not it is still there.
I am thinking that his Hosts file may also be infected, this might account for it only becoming active when he attempts to join TalkTalk.
I would advise downloading and running All Temp Folder Cleaner from http://www.atribune.org/ccount/click.php?id=1 This will clear out all the Temp folders, some of which may be harbouring problems.
Now go to
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?hhTest=1 Download and run it.
Go to http://www.mvps.org/winhelp2002/hosts.htm read the instructions and download the safe file. Read the ReadMe txt and execute the batch file to replace the existing Host file.
I have already recommended Superantispyware, if he has not run this he should do so. It is important to realise that no one program will remove all threats and if Spyware Doctor is finding this and is not able to remove it, it does not say much for the program. I take it this is the paid for version and not the cripled free one?
TomD
Thanks isitme, There
pca_thejammy.b - 24 September 2008 - 3:54pmThanks isitme,
There wasn't a "Reply" on your comment section, so using this one.
I'll certainly try your suggestion. I did use CCleaner and deleted all his cookies & Temp files.
While he has run Spyware Doctor, I haven't heard from him since doing so. He'll no doubt be on the phone tonight!
Thanks again.
Thanks again for that info.
pca_thejammy.b - 25 September 2008 - 7:09amThanks again for that info. Hadn't thought on the Host files, but would still have thought the aiti-virus/trojan programs would've picked anything up. I'll get him to uninstall his TalkTalk files, run your AFT program and come back to you.
Is he using a USB Broadband
pca_Burn-IT - 27 September 2008 - 4:19amIs he using a USB Broadband modem at home.
If so it may be in the drivers for that.
Dave Burnett Microsoft MVP Shell/User (see http//mvp.support.microsoft.com/ )
God doesn't play dice Does that mean I was supposed to be like this??
TalkTalk Trojan?
pca_thejammy.b - 28 September 2008 - 9:27amAny idea why I can't see more than 5 replies. The last one is from Isitme, but Burn-IT should also be showing.
All it says at the bottom is...... Now go to
Can you now? Dave Burnett
pca_Burn-IT - 28 September 2008 - 3:40pmCan you now?
Dave Burnett Microsoft MVP Shell/User (see http//mvp.support.microsoft.com/ )
God doesn't play dice Does that mean I was supposed to be like this??
I have Talk Talk, no problem
Glamdring - 29 September 2008 - 12:22am