Hey guys....running a Dell 2400 series desktop, 512mb ram, 320 Hd, pentium 4 2.66ghz,AVG free, Spybot SD and ZA firewall on stealth.
I bought a Micro Innovations wireless keyboard and mouse. It seems to be working fine but avg alerted me to a "Wireless.exe Trojan Horse" which I healed. The attachment is a screenshot of the alert finding along with the detail window of the found infection. Before coming here I tried to research support at AVG and Micro Innovations for information the the file named Trojan horse downloader Zlob.Rfd and could not find anything on this exact file. Noting the Rfd at the end of the file description the only similar file found was one listed as a Trojan horse downloader Zlob.AFd.
the file remains in the AVG Virus Vault and things seem to be ok but I do periodically get alert windows from AVG saying the file named wireless.exe tried to gain access and was denied. Thought I should get someone else to help investigate this because like I said I cannot find anything on this particular filename. Thanks
Mikepin

well I do not see a way to attach screenshot anymore so if you need it you'll have to let me know how to go about doing that one.

(Moderator edit: post moved to more appropriate forum. jgweed)

having just run a 'check' on my own XP with the new avg 8.0 thingi and had flag up a lot of stuff I know is ' wrong'

can you kindly clarify which version OF avg you are running
and your windows version too please!!

windows xpsp3 (updated to it 3 days ago) and running AVG free 7.5....have to purchase the 8.0 version which I have no intention of doing at the moment

http://www.bleepingcomputer.com/forums/ind...mp;#entry811062

run this scan and fix and post the log

Will do...see ya with results later...thanks!

NOPE you dont

http://free.grisoft.com/ try the link on the LEFT for the FREE version; it has limited function but IS an antivirus protection ;I have it on my XP at present


if the 7.5 verson has flagged up these objects you do need to run the scans in the link given

I would suggest avira as a replacement

Hey guys ok here's the jist of it because the log is so long it will not let me post it.
Malwarebytes' Anti-Malware 1.12
Database version: 739

Scan type: Quick Scan
Objects scanned: 34486
Time elapsed: 30 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 26
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 32
Files Infected: 1602

Going to Install 8.0 AVG...should I run a full system scan with Malwarebytes after AVG install/restart?

I would definitely not try to install an AV right now, you could damage windows in it's present state


run this scanner next

http://www.bleepingcomputer.com/forums/ind...st&p=820997

let's try for a full log

Ok, going to install this scanner and do as forum instruts...back soon

this sounds like a P2P malware infection filling a shared folder

Ok I did the SuperAntiSpyware scan....got a couple of adware tracking cookies..
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/11/2008 at 02:48 PM

Application Version : 4.0.1154

Core Rules Database Version : 3458
Trace Rules Database Version: 1449

Scan type : Complete Scan
Total Scan Time : 00:37:06

Memory items scanned : 345
Memory threats detected : 0
Registry items scanned : 4906
Registry threats detected : 0
File items scanned : 23351
File threats detected : 2

Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\owner@specificclick[2].txt
C:\Documents and Settings\Owner\Cookies\owner@msnportal.112.2o7[1].txt

Please download ATF Cleaner by Atribune & save it to your desktop.
Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.
If you use Firefox browser click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.


http://www.atribune.org/ccount/click.php?id=1

and then run MBAM again and post the log

looking good

Will do thanks for all the help Chewy!
Mikepin

Ok did the ATF cleaner and another Malware bytes scan...Found a couple more entries here's log.
Malwarebytes' Anti-Malware 1.12
Database version: 739

Scan type: Full Scan (C:\|)
Objects scanned: 129817
Time elapsed: 53 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{BE581FA3-C51D-45D0-BA25-08CF9A3C2799}\RP42\A0014339.dll (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{BE581FA3-C51D-45D0-BA25-08CF9A3C2799}\RP88\A0030267.exe (Malware.Tool) -> No action taken.

I removed selected....How's it looking now? Mikepin

Well MBAM is getting better when they start cleaning up system restore, but I prefer the manual way myself

http://www.bleepingcomputer.com/forums/ind...st&p=822377

just to be safe let's do the manual method

looks good

surf safe

Awesome, I'll do that and thanks again for the help! Mikepin

You are welcome on behalf of the Bleeping community