Trojan Horse Generic10.bhes

Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

BleepingComputer.com > Security > Am I infected? What do I do?

When posting your problem, do not run and post a ComboFix logs. ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored.

To receive help, you should instead provide a detailed description of your problem, detailed word-for-word error messages that you are receiving, screenshots of strange behaviour, and your operating system. This information is much more useful to our helpers than a ComboFix log.

Trojan Horse Generic10.bhes

Options

Angeline View Member Profile	Jul 23 2008, 01:04 PM Post #1
New Member Group: Members Posts: 3 Joined: 23-July 08 Member No.: 224,622	Hello, and thank you for the help in anticipation! I am in the process of running a scan of my computer at this very moment with the free version of AVG 8.0.138, and the first item that has come up is the above Trojan horse Generic10.BHES. Further information is: C:\Documents and Settings\User\Application\Data\Adobe\Acrobat\7.0\Updater\AdbeRdr709_en\US.exe My computer is a Dell Precision M50 Mobile Intel[R] Pentium[R] 4 - M CPU 2.00GHz 1.99 GHz, 1.00 GB of Ram. The System is Microsoft WindowsXP Professional Version 2002 Service Pack 2 I have Spybot on my computer, but I do not use it as I tend to rely on AVG sorting everything out. The rest of the scan is bringing up tracking cookies (YieldManger, Overture and Questionmarket). It is now scanning I use a wireless connection most of the time (library), but on other occasions it is a dial-up connection, that is when my SO uses it in the evenings. I am not in any way a computer expert! Thank you again. A

boopme View Member Profile	Jul 23 2008, 05:11 PM Post #2
To INSANITY and BEYOND !! Group: Moderator Posts: 8,712 Joined: 10-September 04 From: NJ USA Member No.: 2,608	Hello and welcome. Did it quaratine or delete that malware? If you would please run a scan with this very good program. Please download Malwarebytes Anti-Malware and save it to your desktop. alternate download link 1 alternate download link 2 Make sure you are connected to the Internet. Double-click on mbam-setup.exe to install the application. When the installation begins, follow the prompts and do not make any changes to default settings. When installation has finished, make sure you leave both of these checked: Update Malwarebytes' Anti-Malware Launch Malwarebytes' Anti-Malware Then click Finish. MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. On the Scanner tab: Make sure the "Perform Quick Scan" option is selected. Then click on the Scan button. If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient. When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found". Click OK to close the message box and continue with the removal process. Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found. Make sure that *everything is checked, and click Remove Selected. When removal is completed, a log report will open in Notepad. The log is automatically saved and can be viewed by clicking the Logs* tab in MBAM. Copy and paste the contents of that report in your next reply and exit MBAM. Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Reagardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. -------------------- Can you spare some PC cycles to help FIND A CURE .. BC FOLDING TEAM Click me /info.. ThoughtVent a goodplace to discuss.<<>>>Staying Updated Calendar of Updates. For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....

Vince86 View Member Profile	Jul 24 2008, 02:20 AM Post #3
Member Group: Members Posts: 84 Joined: 19-August 05 Member No.: 31,677	Hi, i dont mean to hijack this thread, but i do also have avg free 8.0.138 and it detected the same file on my computer as the same trojan. maybe it could be a coincident or a false positive from an recent avg update? thanks

wiztwas View Member Profile	Jul 24 2008, 04:12 AM Post #4
New Member Group: Members Posts: 1 Joined: 24-July 08 Member No.: 224,805	QUOTE(Vince86 @ Jul 24 2008, 08:20 AM) Hi, i dont mean to hijack this thread, but i do also have avg free 8.0.138 and it detected the same file on my computer as the same trojan. maybe it could be a coincident or a false positive from an recent avg update? thanks I don't want to do a "me too" post but I have avg free 8.0.138 and it detected the same file on my computer as the same trojan. Virus Database Version was 270.5.5/1569 Showed it as a trojan. Upgraded to database 270.5.5/1570. It was clean.

Sigfadir View Member Profile	Jul 24 2008, 04:32 AM Post #5
New Member Group: Members Posts: 1 Joined: 24-July 08 Member No.: 224,809	It seems to me that this Trojan Horse is just the language pack of Adobe Acrobat, and doubt they have meant it to be a virus. I've detected the same threat, but in 5 different languages. Hehe. I will have to do a better research to figure if it actually is a dangerous Trojan, but as I said before that I doubt it is a threat since it occurse to be just the languages you install to don't have to open Adobe in other language than what you are used to. I'll post more to this forum once I get to figure out more =)

Angeline View Member Profile	Jul 24 2008, 12:45 PM Post #6
New Member Group: Members Posts: 3 Joined: 23-July 08 Member No.: 224,622	Thank you for the help. I downloaded Malwarebytes Anti-Malware and the results follow. AVG quarantined the result yesterday. Should I remove Malwarebytes now as I have Spybot? Appreciate help very much. A Malwarebytes' Anti-Malware 1.23 Database version: 986 Windows 5.1.2600 Service Pack 2 1:34:36 PM 7/24/2008 mbam-log-7-24-2008 (13-34-36).txt Scan type: Quick Scan Objects scanned: 40543 Time elapsed: 13 minute(s), 28 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

OldEggs View Member Profile	Jul 24 2008, 01:22 PM Post #7
New Member Group: Members Posts: 2 Joined: 24-July 08 Member No.: 224,822	I am also having same issue and ran MBAM...here's my log (I had it remove the issues & am waiting to see if the issue comes up again at next AVG scan ****************************************************************************** ****************************************** Malwarebytes' Anti-Malware 1.23 Database version: 985 Windows 5.1.2600 Service Pack 2 7:20:41 AM 7/24/2008 mbam-log-7-24-2008 (07-20-41).txt Scan type: Quick Scan Objects scanned: 65237 Time elapsed: 43 minute(s), 37 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Weather Services (Adware.Hotbar) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls\wxfw.dll (Adware.Hotbar) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

quietman7 View Member Profile	Jul 24 2008, 01:40 PM Post #8
Bleepin' Janitor Group: Global Moderator Posts: 13,112 Joined: 9-July 05 From: Virginia, USA Member No.: 26,513	Angeline how is your computer running now? I recommend you keep MBAM and use it as part of your anti-malware toolkit. Spybot S&D is not enough. Welcome to BC OldEggs If you have an issue or problem you would like to discuss, please start your own topic. Doing that will help to avoid the confusion that often occurs when trying to help two or more members in the same thread with different problems. Even if your problem is similar to the original poster's problem, the solution could be different based on the kind of hardware, software, system requirements, etc. you are using and the presence of other malware. Further, posting for assistance in someone else's topic is not considered proper forum etiquette. Thanks for your cooperation. Then post in the Am I infected? What do I do? forum. -------------------- "THE BAD GUYS DON'T NEED A SEARCH WARRANT. ARE YOU PROTECTED?" Microsoft MVP - Windows Security 2007-2008

OldEggs View Member Profile	Jul 24 2008, 02:51 PM Post #9
New Member Group: Members Posts: 2 Joined: 24-July 08 Member No.: 224,822	Sorry, first time posting, I will start a new one...apologies to Angeline

« Next Oldest · Am I infected? What do I do? · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version

Time is now: 11th October 2008 - 09:54 AM

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials \| Uninstall List
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database \| Malware Removal Guides