BleepingComputer.com: Trojan horse Generic18.BNYJ

What do you do when AVG finds a Trojan and won't remove it because it's inaccessible?


"Object name";"C:\Windows\System32\svchost.exe (3860):\memory_06d40000"

"Detection name";"Trojan horse Generic18.BNYJ"

"Object type";"file"

"SDK Type";"Core"

"Result";"Object is inaccessible."

I had run scans a couple days ago and found nothing after the computer seemed slow, I couldn't get online, and the 'r' key didn't work right. But today in the regularly scheduled scan, it found this and another trojan. It removed the other one but says this one is inaccessible. I'm the only one who uses the computer and it doesn't go to bad sites and I haven't recently installed anything.

It's an Inspiron 1721 with Windows 7, 3 GB RAM, 250 GB HDD with an AMD Athlon 64x2 Dual Core Processor. I use AVG paid version, SuperAntispyware, CCleaner, SpywareBlaster, and Defraggler to keep it clean.

Can someone advise, please.

Thanks!
S.

This post has been edited by HomesickInTexas: 16 October 2010 - 02:34 AM

same here.i upgraded to avg 2011 yesterday and first scan was clean.scheduled scan showed same as you.hope somone can help.please

This post has been edited by wr67: 16 October 2010 - 03:17 AM

this may be a false positive caused by running avg scan whilst windows defender is turned on.from hectorII on another forum

disabled windows defender and reschuled scan on avg.scheduled scan came back all clear.hope this helps

There is a long discussion thread at the AVG forum in regards to similar detections.

AVG Forum: How To Handle Suspicious False Positive Detection?
AVG FAQ 2343: AVG detects infection on file that I suppose to be clean
AVG FAQ 2142: How to upload a file to our FTP server

Hello, Everyone - - thanks for your input. I have had Windows Defender disabled since I reformatted many months ago. Not sure the trojan alert is a false reading 'cause the computer isn't acting right anymore. This computer has been running like a charm for a long time and suddenly it's not. I have a 14 hour shift starting shortly so it will probably be late tonight before I can read the AVG forum posts and get back here - - but will do that before I sleep tonight. Maybe there will be something there to help.

If I get a moment I'll post back - - otherwise it will be late, late, late tonight.

Thanks again for all the responses. If anyone has any other input, please send it along, too.

Blessings!
Sharon

P.S. Forgot to say that after I posted the first post last night, I ran SuperAntiSpyware, but the scan wouldn't finish, but instead the computer shut completely down before the scan could finish - - just turned off as if I'd told Windows to it shut down. That's weird, isn't it? While SuperAntiSpyware was running it found over 100 tracking cookies before the computer shut down - - which is also weird because ever since I started using AVG a couple of years ago, there have been almost no detections of any kind until yesterday - - no infections, no adware, no spyware, no tracking cookies, no trojans, no rootkits, no anything most of the time. I thought AVG was the greatest thing I'd ever purchased, then all of a sudden, it's letting things through. What's up with that, does anyone know?

This post has been edited by HomesickInTexas: 16 October 2010 - 10:50 AM

Please perform a scan with Malwarebytes Anti-Malware and follow these instructions for doing a Quick Scan in normal mode.

• When removal is completed, a log report will open in Notepad.
  
• The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  
• Copy and paste the contents of that report in your next reply and exit MBAM.

-- If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

FYI

AVG forum sticky:
http://forums.avg.com/us-en/avg-free-forum...w&id=115947

Which includes the following: (quoted)

"Please be informed that this false positive detection will be removed in next virus database update (3205 and newer) - will be probably released in the evening (CEST)."

[That would be 18 Oct 2010]

That seems to confirm the FP with Defender.

However, HomesickInTexas has indicated other issues so he should try using other scanning tools like Malwarebytes Anti-Malware to see if it finds anything else.