BleepingComputer.com: Trojan Horse Generic10.bhes

Hello, and thank you for the help in anticipation!

I am in the process of running a scan of my computer at this very moment with the free version of AVG 8.0.138, and the first item that has come up is the above Trojan horse Generic10.BHES. Further information is:

C:\Documents and Settings\User\Application\Data\Adobe\Acrobat\7.0\Updater\AdbeRdr709_en\US.exe

My computer is a Dell Precision M50 Mobile Intel[R] Pentium[R] 4 - M CPU 2.00GHz 1.99 GHz, 1.00 GB of Ram. The System is Microsoft WindowsXP Professional Version 2002 Service Pack 2

I have Spybot on my computer, but I do not use it as I tend to rely on AVG sorting everything out.

The rest of the scan is bringing up tracking cookies (YieldManger, Overture and Questionmarket). It is now scanning

I use a wireless connection most of the time (library), but on other occasions it is a dial-up connection, that is when my SO uses it in the evenings.

I am not in any way a computer expert!

Thank you again.

A

Hello and welcome.
Did it quaratine or delete that malware?

If you would please run a scan with this very good program.
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

• Make sure you are connected to the Internet.
  
• Double-click on mbam-setup.exe to install the application.
  
• When the installation begins, follow the prompts and do not make any changes to default settings.
  
• When installation has finished, make sure you leave both of these checked:
  • Update Malwarebytes' Anti-Malware
    
  • Launch Malwarebytes' Anti-Malware
  
  
• Then click Finish.
  
• MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  
• On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
    
  • Then click on the Scan button.
  
  
• If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  
• The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  
• When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  
• Click OK to close the message box and continue with the removal process.
  
• Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When removal is completed, a log report will open in Notepad.
  
• The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  
• Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Reagardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Hi, i dont mean to hijack this thread, but i do also have avg free 8.0.138 and it detected the same file on my computer as the same trojan. maybe it could be a coincident or a false positive from an recent avg update? thanks

Vince86, on Jul 24 2008, 08:20 AM, said:

I don't want to do a "me too" post but I have avg free 8.0.138 and it detected the same file on my computer as the same trojan.

Virus Database Version was 270.5.5/1569

Showed it as a trojan.

Upgraded to database 270.5.5/1570.

It was clean.

It seems to me that this Trojan Horse is just the language pack of Adobe Acrobat, and doubt they have meant it to be a virus.
I've detected the same threat, but in 5 different languages. Hehe. I will have to do a better research to figure if it actually is a dangerous Trojan, but as I said before that I doubt it is a threat since it occurse to be just the languages you install to don't have to open Adobe in other language than what you are used to.
I'll post more to this forum once I get to figure out more =)

Thank you for the help.

I downloaded Malwarebytes Anti-Malware and the results follow. AVG quarantined the result yesterday. Should I remove Malwarebytes now as I have Spybot? Appreciate help very much.

A


Malwarebytes' Anti-Malware 1.23
Database version: 986
Windows 5.1.2600 Service Pack 2

1:34:36 PM 7/24/2008
mbam-log-7-24-2008 (13-34-36).txt

Scan type: Quick Scan
Objects scanned: 40543
Time elapsed: 13 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I am also having same issue and ran MBAM...here's my log (I had it remove the issues & am waiting to see if the issue comes up again at next AVG scan
****************************************************************************************************************************
Malwarebytes' Anti-Malware 1.23
Database version: 985
Windows 5.1.2600 Service Pack 2

7:20:41 AM 7/24/2008
mbam-log-7-24-2008 (07-20-41).txt

Scan type: Quick Scan
Objects scanned: 65237
Time elapsed: 43 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Weather Services (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls\wxfw.dll (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Angeline how is your computer running now? I recommend you keep MBAM and use it as part of your anti-malware toolkit. Spybot S&D is not enough.

Welcome to BC OldEggs

If you have an issue or problem you would like to discuss, please start your own topic. Doing that will help to avoid the confusion that often occurs when trying to help two or more members in the same thread with different problems. Even if your problem is similar to the original poster's problem, the solution could be different based on the kind of hardware, software, system requirements, etc. you are using and the presence of other malware. Further, posting for assistance in someone else's topic is not considered proper forum etiquette.

Thanks for your cooperation.

Then post in the Am I infected? What do I do? forum.

Sorry, first time posting, I will start a new one...apologies to Angeline