Sign in with
Sign up | Sign in
Your question
Solved

Trojan.gen activity, slower system?

Tags:
  • Trojan
  • Norton
  • Antivirus
Last response: in Antivirus / Security / Privacy
Share
October 7, 2014 2:19:23 PM

Hi, I've been having a popup from Norton Antivirus (I know, I don't like it much either, but i got it free with comcast) saying "Trojan.gen activity blocked".
Now, I'm not a virus wiz, but I know what a trojan is, relatively. So, I had Norton do a FULL scan (took a few hours). The end result said it had detected 3 issues (All simply labelled "VIRUS"), and resolved two of them.
It said there was one that required my attention, it wanted me to restart. So I did. After restarting, I logged into my windows account again (I'm using 8.1, btw). About 15 seconds after it logged me in, i got the same popup. So I went into the norton security center, and looked at the security history. I found (what I believed to be) the details for the virus. This is what it said.
Now, I haven't been seeing any change (or any noticeable change) in my cpu, disk, and ram usages in task manager, nor do I see any processes that catch my eye as bad. What I have noticed though, is my system seems to be slower than it should be. I get MUCH lower fps in games (maxing out at ~250, to now maxing out at roughly 50-60, which isn't terrible, but in much more intensive games, it knocks it down to 25-30) then i did before this started happening, and even opening up webpages and files is slower.

So, what I'm wondering is, does anyone know what this is, how to fix it, and how to prevent this from happening again? (And BTW, I haven't downloaded ANY files that I didn't already know were not malicious.) Thanks all!

More about : trojan gen activity slower system

Best solution

a b è Antivirus
October 7, 2014 2:35:11 PM

http://www.surfright.nl/en/hitmanpro

Run Hitman Pro to make sure Norton removed all of it.
Share
October 7, 2014 2:38:48 PM

SR-71 Blackbird said:
http://www.surfright.nl/en/hitmanpro

Run Hitman Pro to make sure Norton removed all of it.


(Whoops, accidentally already hit pick as best solution -_-)
Anyway, I'll go try that now. This had better not be adware, as I've never heard of it before :|
m
0
l
Related resources
October 7, 2014 2:38:58 PM

How many versions of java are installed?? If it's installed. You should have one. Or 2 if windows is 64 bit. And you install the 32 and 64 bit version

And it should ALWAYS be the latest version. If Java is installed and previous versions are still installed, uninstall them
m
0
l
a b è Antivirus
October 7, 2014 2:40:44 PM

It's not adware , it's free for 30 days , it uses scanning engines , from 3 to 4 Antivirus vendors to check for leftovers.
m
0
l
October 7, 2014 2:41:54 PM

Paul NZ said:
How many versions of java are installed?? If it's installed. You should have one. Or 2 if windows is 64 bit. And you install the 32 and 64 bit version

And it should ALWAYS be the latest version. If Java is installed and previous versions are still installed, uninstall them


Not entirely sure what Java has to do with anything, but I do have Win 8.1 64 bit. I have the latest Java 64 bit update installed (just did it yesterday actually, Minecraft started complaining :p ) I do also have Java 32 bit installed (I did that a while ago for a project of mine), but I'm not sure it's updated. Frankly, i'm not even sure how you can actually have both version installed.
m
0
l
a b è Antivirus
October 7, 2014 2:43:42 PM

I never have Java installed , I don't need it.
m
0
l
October 7, 2014 2:47:00 PM

Did a default scan with HMP 3, it's at about 20% right now, i'lll post the results when it's done
m
0
l
a b è Antivirus
October 7, 2014 2:55:42 PM

Sounds good , I have the paid version , I run a scan once a week.
m
0
l
October 7, 2014 3:00:26 PM

Ok, so, the scan completed, i saved the log, and restarted as it said to. Before I go any further, something interesting happened after rebooting. So, my PC went to the startup screen as normal (where you can access the BIOS and such), then it went to a screen I've never seen before. All I saw of it was something like "HITMAN PRO 3" in the top left corner of the screen. I know it said more, but I didn't have enough time to catch all of it, it was only on the screen for about 3 seconds. After that, it went to the normal windows startup thing as normal. I logged in, was taken to the desktop as normal, and was met by disappointment: I still got the popup.
In the log, from what I could gather, it did quarantine a few things. Here is the log (I put it in pastebin): http://pastebin.com/jv0UYiy7
m
0
l
a b è Antivirus
October 7, 2014 3:06:19 PM

You can disable Hitman from running at startup in the settings menu.

Is the pop up a firewall alert . looks like it.

m
0
l
October 7, 2014 3:11:38 PM

To me, it looks like it may be a firewall alert, as it gives me an ip and such that are "attacking", though, it still says "Trojan", which is bothering me. If my knowledge of viruses is correct, then a Trojan is basically a modern day representation of the attack on Troy. The virus disguises itself as a legitimate file (the wooden horse), or with one, and "infiltrates" the computer (Troy). After which, the attacks can begin. So, yes, it does look like I am being attacked from outside my PC, but this still means that there is a file in my PC allowing them to do this, right?
m
0
l
a b è Antivirus
October 7, 2014 3:12:49 PM

Sometimes that's how it works , it's blocking the attack , that's why it states no action required.
m
0
l
October 7, 2014 3:13:59 PM

You can get trojan.gen from outdated versions of Java, thats why I said it. And older versions of Java have vulnerabilities.

Even if you install later versions, you can get hacked with older versions of Java if theyre still installed

I dont use Java either. There are no programs on these that need it

You can have 32 and 64 bit Java if youre using a 32 and 64 bit browser. And 64 bit windows.

Since obviously 64 bit Java wont run on a 32 bit browser


m
0
l
October 7, 2014 3:27:31 PM

SR-71 Blackbird said:
Sometimes that's how it works , it's blocking the attack , that's why it states no action required.


So, I need not do anything else?
Even though it appears like it's being blocked, i think either Norton having to constantly block it, or it itself attacking, is slowing down my pc. And Paul, I'll go make sure that both Java versions are updated.
m
0
l
October 7, 2014 3:32:08 PM

And make sure any other / older version besides the latest versions have been uninstalled
m
0
l
October 7, 2014 3:34:35 PM

Paul NZ said:
And make sure any other / older version besides the latest versions have been uninstalled


The only version of Java i have is "Java7 (64 bit) Version 60
Apparently I uninstalled the 32 bit one a bit ago. I don't actually need it, my browser (Chrome) is 64 bit. (I'm using the beta, 64 bit version. Runs better than 32 for me)
m
0
l
October 7, 2014 3:36:41 PM

Also, I was considering going back to a windows restore point, as i thought that may resolve it, but the furthest back one I have is 3 days ago, and I was having the problem before then.
m
0
l
October 7, 2014 3:39:42 PM

The only thing I can think of at the moment is the NPE (Norton Power Eraser, which was suggest numerous times by numerous users when I looked for the virus on the Symantec forums). I'm going to do that now
m
0
l
October 7, 2014 3:41:05 PM

Its out of date its up to update 67. So I would uninstall 60 then install 67

Then use something like ccleaner to remove the temp files etc

m
0
l
October 7, 2014 3:54:11 PM

Paul NZ said:
Its out of date its up to update 67. So I would uninstall 60 then install 67

Then use something like ccleaner to remove the temp files etc



Ok, I will. And the end results of the NPE scan were as disappointing. As all it located were a few .exe files on my desktop, that I put there myself, and got from trusted sources, HOWEVER, I have not had the popup yet. NPE.
NPE Not only did a quick scan of my pc in key areas, but it also said it did a regsistry scan. Now, it didn't tell me it removed anything there, but it may have.
I'll do the java thing, and monitor it for a while, to see what happens.
m
0
l
October 7, 2014 3:58:52 PM

Spoke too soon, just got the popup again. -_-
m
0
l
October 7, 2014 4:04:07 PM

Download / extract Javara http://singularlabs.com/software/javara/

Run it then update java defs, then click on back. Then remove java runtime. Then next, click on perform removal routine. This will remove older entries.

You may have to close browser/s first. And disable system restore use ccleaner then turn it back on if you want to use it
m
0
l
October 7, 2014 4:23:41 PM

Paul NZ said:
Download / extract Javara http://singularlabs.com/software/javara/

Run it then update java defs, then click on back. Then remove java runtime. Then next, click on perform removal routine. This will remove older entries.

You may have to close browser/s first. And disable system restore use ccleaner then turn it back on if you want to use it


Done. Still getting the popup, but now that I look into it more, it does indeed look like it is just an attack from an external location, and Norton seems to be blocking it. I actually don't think there's anything I can do to stop this, as it is the hacker's end that keeps attacking. So, assuming it is indeed getting blocked, would it be safe to just disable notifications for it and continue as normal?
m
0
l
October 7, 2014 4:33:31 PM

Actually, now that I think about it, i'm not finished here. Since about a month ago (around the time I saw the first notification, but thought nothing of it, dumb ol me) I've been having game problems. FPS Dropping, and only getting about 15 when recording. I searched around a bit more and found an article. This guy was having the same problems as me, with a very similar rig as mine. He finally found out it was actually a trojan horse virus making his gpu usage go to and stay at 100% most of the time for no reason. He said that after removing it (didn't specify how, though i found another article explaining a few ways) his recording fps shot back up to where it should be (100+). I'm going to try that, and I'll post back here when I'm done.
m
0
l
October 7, 2014 4:38:57 PM

Get trojan remover, update it then click on scan. See if it finds anything like a trojan

http://simplysup.com/
m
0
l
October 7, 2014 5:14:01 PM

Paul NZ said:
Get trojan remover, update it then click on scan. See if it finds anything like a trojan

http://simplysup.com/


I just tried Malwarebytes. It found and removed 19 items. Restarted. Still. Getting. Popup. I'll try the one you suggested now.
m
0
l
October 7, 2014 5:16:55 PM

Well, I would try it, but simplysup.com seems to be down.
m
0
l
October 7, 2014 5:46:31 PM

Paul NZ said:
Its not down I went there


Try a direct link then http://simplysup.co.uk/download/dl/trjsetup691.exe

Did you remove what malwarebytes found?


Downloaded that, ran it, it didn't find anything.
I also tried a few things from bleepingcomputer.com, still nothing.
And yes, I had MWBytes remove what it found.
As of now, I also posted a thread about this on the Symantec forums, as I have seen similar problems there as well.
Just want to get maximum help, I suppose
m
0
l
October 7, 2014 5:48:13 PM

Run everything under utils in trojan remover. It'll reset everything just in case something is there
m
0
l
October 7, 2014 6:01:42 PM

Done. Haven't got the popup again, yet, but it does come at random times. I'll post back if it does, and in an hour, if it hasn't, I'll assume it's finally gone, and I'll go on with life :|
m
0
l
October 7, 2014 6:27:25 PM

Nope, nope, still happening -_-
m
0
l
October 7, 2014 6:36:26 PM

Well if u want chuck teamviewer on this www.teamviewer.com i could check it out from here..thats if you can get to the site

If you install this give me the ID and password in a PM. Dont worry you'll see what I'm doing
m
0
l
October 7, 2014 6:43:59 PM

I just had an idea, and i believe it worked. I went into windows firewall, and directly blocked the ip that the attacks were coming from.
m
0
l
!