Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.shutdown.q & Trojan.genlot.zm


  • Please log in to reply
3 replies to this topic

#1 JDM2

JDM2

  • Members
  • 120 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 15 January 2008 - 01:16 PM

Quietman, sorry about my other BitDefender post - that can be removed. I tried to delete that post but probably don't have privileges to.

I used IE rendering engine in Firefox to get BitD online scan to work. To my surprise, it found some trojans that AntiVir had detected and deleted in the past. After I used AntiVir and SDFix in safe mode in the past, I immediately deleted old restore points to avoid future infection, but that apparently didn't help. Two of these trojans are in System Vol. Info which I know is related to System Restore.

Here is the BD report. THANK YOU for suggesting I run BD, since I figured I was clean given that SAS found nothing.

BitDefender Online Scanner (normal mode; not safe mode)

Scan report generated at: Tue, Jan 15, 2008 - 13:04:33

Scan path: A:\;C:\;D:\;E:\;G:\;

Statistics

Time

00:55:52

Files

197501

Folders

7628

Boot Sectors

2

Archives

2165

Packed Files

9456

Results

Identified Viruses

2

Infected Files

5

Suspect Files

0

Warnings

0

Disinfected

0

Deleted Files

5

Engines Info

Virus Definitions

890342

Engine build

AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins

14

Archive plugins

38

Unpack plugins

7

E-mail plugins

6

System plugins

1

Scan Settings

First Action

Disinfect

Second Action

Delete

Heuristics

Yes

Enable Warnings

Yes

Scanned Extensions

*;

Exclude Extensions

Scan Emails

Yes

Scan Archives

Yes

Scan Packed

Yes

Scan Files

Yes

Scan Boot

Yes

Scanned File

Status

C:\Documents and Settings\Jeff\My Documents\lindsay\essentials\EXE FILES\Look2Me-Destroyer\l2mfix.exe

Infected with: Trojan.Shutdown.Q

C:\Documents and Settings\Jeff\My Documents\lindsay\essentials\EXE FILES\Look2Me-Destroyer\l2mfix.exe

Disinfection failed

C:\Documents and Settings\Jeff\My Documents\lindsay\essentials\EXE FILES\Look2Me-Destroyer\l2mfix.exe

Deleted

C:\Documents and Settings\Jeff\My Documents\lindsay\essentials\Spyware Process Detector\DVT\spydetector.exe

Infected with: Trojan.Genlot.ZM

C:\Documents and Settings\Jeff\My Documents\lindsay\essentials\Spyware Process Detector\DVT\spydetector.exe

Disinfection failed

C:\Documents and Settings\Jeff\My Documents\lindsay\essentials\Spyware Process Detector\DVT\spydetector.exe

Deleted

C:\Program Files\Spyware Process Detector\spydetector.exe

Infected with: Trojan.Genlot.ZM

C:\Program Files\Spyware Process Detector\spydetector.exe

Disinfection failed

C:\Program Files\Spyware Process Detector\spydetector.exe

Deleted

C:\System Volume Information\_restore{3DF6F3FC-AE0A-44D9-9729-189A997CE572}\RP33\A0002274.exe

Infected with: Trojan.Genlot.ZM

C:\System Volume Information\_restore{3DF6F3FC-AE0A-44D9-9729-189A997CE572}\RP33\A0002274.exe

Disinfection failed

C:\System Volume Information\_restore{3DF6F3FC-AE0A-44D9-9729-189A997CE572}\RP33\A0002274.exe

Deleted

C:\System Volume Information\_restore{3DF6F3FC-AE0A-44D9-9729-189A997CE572}\RP6\A0000157.exe

Infected with: Trojan.Genlot.ZM

C:\System Volume Information\_restore{3DF6F3FC-AE0A-44D9-9729-189A997CE572}\RP6\A0000157.exe

Disinfection failed

C:\System Volume Information\_restore{3DF6F3FC-AE0A-44D9-9729-189A997CE572}\RP6\A0000157.exe

Deleted

Quietman, do you recommend I re-run BitDefender in safe mode with networking?

Or Combofix? I've never run Combofix on my PC before. I figured I should wait for an expert like yourself before running Combofix.

If you are able to advise how best to proceed, I would most greatly appreciate your knowledge.

Thanks a million.

EDIT: After BD deleted the trojans I erased all previous restore points, rebooted and re-enabled System Restore. Hopefully this was a good idea.

Edited by JDM2, 15 January 2008 - 01:41 PM.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,612 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:59 PM

Posted 15 January 2008 - 01:43 PM

The files in your SVI folder were successfully deleted according to the BD scan.
SpywareDetector is a program that was previously listed as a rogue product on the Rogue/Suspect Anti-Spyware Products List because of concerns with False positives. It has since been delisted but in my opinion it is not a very effective program

Delete the following folders:

C:\Documents and Settings\Jeff\My Documents\lindsay\essentials\Spyware Process Detector\ <- this folder
C:\Program Files\Spyware Process Detector\ <- this folder

BD also deleted l2mfix.exe which is a legit fix tool you probably used in the past. It is not a virus so this was a false detection.

You can then rerun BD.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 JDM2

JDM2
  • Topic Starter

  • Members
  • 120 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 15 January 2008 - 01:47 PM

Quietman, you're awesome. Thanks so much and sorry for all the posts here lately. I was actually wondering if I had hit upon some false positives. I deleted the folders you recommended. They deleted with no issues. I will re-scan with BD.

Thanks again. You are a blessing to this forum.

Jeff

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,612 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:59 PM

Posted 15 January 2008 - 01:50 PM

Your welcome Jeff.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users