Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

C:\recycler\info.exe Has Win32:small-eae


  • Please log in to reply
1 reply to this topic

#1 Gandolin

Gandolin

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:10 PM

Posted 30 January 2008 - 12:07 AM

For several days now, I have had Avast pop up with a message that C:\recycler\info.exe is infected with the Win32:Small-EAE [trj] trojan. It offers to delete, Move or Rename it for me. Any of the options seems to do something, the screen then disappears (offering to Delete it at next boot (which is ticked)) and then re-appears again with the same message. On doing a Boot time Scan using Avast, it finds the infected file again, offers to delete it (to which I say yes) and then everything boots fine, only to be greeted by the same Warning again within a couple of seconds of logon. So I am forced to disable Avast (never a good thing), just to be able to work.

I have emptied the recylce bin, scanned the recycle bin seperately and looked for the C:\recycler\info.exe file (which I cannot find), but I cannot seem to get rid of this particular Trojan or Avast detecting it and not being able to delete it.

I have run additional scans with Adaware, Spybot S&D and Syper Antispyware. All are clean, but on restarting Avast, I get a popup within the next few minutes stating that its back again

Help would be much appreciated.

Regards
Wolf Laudien

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,011 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:03:10 PM

Posted 31 January 2008 - 01:29 AM

Welcome to BC Gandolin :flowers:

Have you tried your scans in Safe Mode?

I would also suggest doing some online scan in normal mode. Sometimes one product will find or remove what another will not. Here are a couple that I suggest. Please note that you will be using an online scan, NOT downloading or installing an entire AV product. While scanning with the online scan, it is best to temporarily shut down your resident AV scanner. Since you use AVAST, I would simply pause the Standard and Web Shields and leave the others running. Please DO NOT use the internet for anything other than the scan while you are running them.

http://www.bitdefender.com/scan8/ie.html - BitDefender Online Virus and Malware Scan. This one works only with Internet Explorer. You will first see a license agreement that you will have to agree to in order to run the scan. Bitdefender will install and run an ActiveX, so be sure you permit it to do so.

http://www.kaspersky.com/kos/english/kavwebscan.html <-- Kaspersky Online scanner. This one also works only with Internet Explorer and uses ActiveX. You will first find a disclaimer page and agreement before you can go the scanning area.

When you are finished with the online scans, continue the protection of your Standard and Web shields. Please post the results of both scans in your next reply as well as any affect if any on your computer.

Orange Blossom :thumbsup:

Edited by Orange Blossom, 31 January 2008 - 01:30 AM.

Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users