Sudden increase in trojan infections on multiple pc:s

Midianic

Estimable
Aug 24, 2015
6
0
4,510
During two weeks, three pcs without much in common about usage, some in very low usage, all have been infected with a bunch of trojans, ive been trying to find out why this happens, maybe there is a new way to distribute them and what not, any thoughts?

PC #1

Installed fresh windows 7 on a laptop, with a fully working code from the bottom of the machine, left the machine installing updates, suddenly it started showing malfunctioning .exe files like "jglskidajg.exe has stopped working" it is a hidden file in Program Data folder, malwarebytes gets rid of it easily, you can also remove it manually after stopping the process, as far as i know no new infection since purge.

PC #2

Installed fresh windows 7 on a pc, as soon as i got to the desktop i gone to asus website for drivers, after installing drivers, surprise surprise "sjuhuas.exe has stopped working", malwarebytes finds multiple trojans on appdata+program data, a single scan to delete all and now it seems fine.

at this point i thought, they somehow target fresh installed pcs.

24hours later

PC #3

Installed windows 7 over 6 months ago, no viruses, trojans, nothing during this time, suddenly "kjasioja.exe has stopped working" and my own pc had been infected with the same bunch of trojans, this pc has mainly just been on, not doing anything.

I have had pc fixing and stuff as a hobby for over 15 years now with experience of hundreds of pcs and laptops with their problems, and never such a case before, i have used a pc for 2 years with no antivirus software "protecting" with no issues, sometimes scanning with malwarebytes or something else, that at the time didnt have active protection.

IF you bothered to read all of this, have you any thoughts of what this sudden burst of trojans all around is about?

note, i made up all the exe names, but they really are jibberish like that.
 
Solution
There is. There's different variations of Trojans, the only thing they have in common is the affects. Trojans are not destructive the way a virus or worms can be. All Trojans do is performance destruction. They can do it one of 2 basic ways. Either collect your info and send it out on the web, or invite others to come join the party. The latter is seriously performance killing as your ip goes nuts as it's infected with Trojan after Trojan all doing one of the 2. They differ from malware as all malware does is connect to advertisers, with every hit the author makes money, but tends to overdo it and makes a lot of cash in a short time, with massive flooding of ads, pop-ups etc. The worst Trojans are the sleepers. Unlike most, these only...

mdd1963

Distinguished
Sounds like:

Non-original/infected WIndows iso?

Infection spreading from network?

Infected router?

Infections just don't 'come in' to/on freshly nuked and paved systems that have legit WIndows put on them are still pulling in updates....

Either someone is hitting infected websites, or, one system is infecting another, or, router compromised....
 

Math Geek

Estimable
Herald
exactly. a windows install disk from MS and a fresh install still having an infection says it's on the network most likely router.

if the windows is from somewhere else, then it is likely already infected and will be there everytime you do a fresh install.
 

Midianic

Estimable
Aug 24, 2015
6
0
4,510
Sorry i havent gotten back to writing an answer, it is still a mystery, i havent had a pc or an extra hdd to try it out further, these are all good theories, guess well find out if its the dvd ive used, when i next time install windows to a machine, it is still very odd how this can happen.
 

JoshRoss

Estimable
Jul 11, 2017
228
0
5,260
I would strongly recommend getting yourself a new copy of Windows and doing an installation with that. If you have an official version, you will have an activation Key. Generally, this does not happen unless the installation was obtained in illegal ways.
 

Karadjgne

Distinguished
Herald
Fresh installs, so no issues wiping out everything. Download media creation tool directly from Microsoft. Use it to burn a DVD or USB on a pc you trust not to be infected. Unplug every pc from the network. Boot to command prompt and use diskpart-list-number-clean to wipe out the drive. Then reboot to USB and install media. Only when all suspected pc's are clean installed do you hook back up to network.
 

Midianic

Estimable
Aug 24, 2015
6
0
4,510
There was a trojan agent on my flash drive which ive used on each of these computers, i had hidden files enabled on my pc and i noticed a hidden file on the flash drive, scanned and removed, apparently it uploaded when i plugged it in to each of the pcs.

I use the flash drive rarely and even more rarely format it, im hqppy i figured it out.
 

JoshRoss

Estimable
Jul 11, 2017
228
0
5,260
What a weirdly unique issue. Glad you got that sorted out. I wonder what kind of a file or virus that was. Unfortunately, you completely removed it (I don't blame you). If you have any more problems, let us know, and hopefully, we can solve it.
 

Midianic

Estimable
Aug 24, 2015
6
0
4,510
I can look if theres any quarantine logs in malwarebytes, what i can tell it was a single hidden file with a single word name that didnt mean anything, malwarebytes classified it as a trojan, and when it infected a computer, a scan found 4 trojans with different names.

The file was similar what you can find as a hidden file in the Program Data folder that adds a task on your taskmanager with its name.
 

Karadjgne

Distinguished
Herald
There is. There's different variations of Trojans, the only thing they have in common is the affects. Trojans are not destructive the way a virus or worms can be. All Trojans do is performance destruction. They can do it one of 2 basic ways. Either collect your info and send it out on the web, or invite others to come join the party. The latter is seriously performance killing as your ip goes nuts as it's infected with Trojan after Trojan all doing one of the 2. They differ from malware as all malware does is connect to advertisers, with every hit the author makes money, but tends to overdo it and makes a lot of cash in a short time, with massive flooding of ads, pop-ups etc. The worst Trojans are the sleepers. Unlike most, these only go active when you connect to a website, quick flood, then shut down when you do. A variation is the hidden sleepers, pervasive buggers that hide their code in multiple names and places, wipe one out and next time you boot a hidden sleeper checks your pc for the parent, which was killed by your Anti-Malware, and not finding it, downloads a fresh copy as soon as you open up a browser. These are the hardest to get rid of, because you can't fully get rid of them without finding that 1 location containing the hidden sleeper, which usually has deep ties to the registry. This is why you should isolate any/all pcs you are reseting, so it's not under network discovery or access. Miss just one sleeper, and the whole network gets reinfected soon as you open the browser.
 
Solution

JoshRoss

Estimable
Jul 11, 2017
228
0
5,260
Thanks for the heads up. I was thinking about something similar. However, I am aware that such variations exist, I am just curious which one it is. I haven't seen any major ones active for a while now, just concerned :)
 

PeterKendrick

Commendable
Aug 10, 2016
49
0
1,610
Do you have different partitions on your hard drive and formatting a selected volume? What about malicious programs installed on your different program which gets executed once you install it. Do you connect any USB? It might have the virus. Most probably you must be installing windows from the corrupted ISO.
 

Karadjgne

Distinguished
Herald
Should always get Windows directly from Microsoft. It's free after all, and all their ISO contain right at latest updates other than the frequent security updates, which can seriously reduce security risks concerning corrupted ISO and reduce install / update times.