Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Wireless.exe: Trojan Horse


  • Please log in to reply
17 replies to this topic

#1 mikepin

mikepin

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:29 AM

Posted 11 May 2008 - 07:58 AM

Hey guys....running a Dell 2400 series desktop, 512mb ram, 320 Hd, pentium 4 2.66ghz,AVG free, Spybot SD and ZA firewall on stealth.
I bought a Micro Innovations wireless keyboard and mouse. It seems to be working fine but avg alerted me to a "Wireless.exe Trojan Horse" which I healed. The attachment is a screenshot of the alert finding along with the detail window of the found infection. Before coming here I tried to research support at AVG and Micro Innovations for information the the file named Trojan horse downloader Zlob.Rfd and could not find anything on this exact file. Noting the Rfd at the end of the file description the only similar file found was one listed as a Trojan horse downloader Zlob.AFd.
the file remains in the AVG Virus Vault and things seem to be ok but I do periodically get alert windows from AVG saying the file named wireless.exe tried to gain access and was denied. Thought I should get someone else to help investigate this because like I said I cannot find anything on this particular filename. Thanks
Mikepin

well I do not see a way to attach screenshot anymore so if you need it you'll have to let me know how to go about doing that one.

(Moderator edit: post moved to more appropriate forum. jgweed)

Edited by jgweed, 11 May 2008 - 09:27 AM.


BC AdBot (Login to Remove)

 


#2 ruby1

ruby1

    a forum member


  • Members
  • 2,375 posts
  • OFFLINE
  •  
  • Local time:06:29 AM

Posted 11 May 2008 - 09:52 AM

having just run a 'check' on my own XP with the new avg 8.0 thingi and had flag up a lot of stuff I know is ' wrong'

can you kindly clarify which version OF avg you are running
and your windows version too please!!

#3 mikepin

mikepin
  • Topic Starter

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:29 AM

Posted 11 May 2008 - 10:28 AM

windows xpsp3 (updated to it 3 days ago) and running AVG free 7.5....have to purchase the 8.0 version which I have no intention of doing at the moment :thumbsup:

#4 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:01:29 AM

Posted 11 May 2008 - 10:31 AM

http://www.bleepingcomputer.com/forums/ind...mp;#entry811062

run this scan and fix and post the log
Chewy

No. Try not. Do... or do not. There is no try.

#5 mikepin

mikepin
  • Topic Starter

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:29 AM

Posted 11 May 2008 - 10:47 AM

Will do...see ya with results later...thanks! :thumbsup:

#6 ruby1

ruby1

    a forum member


  • Members
  • 2,375 posts
  • OFFLINE
  •  
  • Local time:06:29 AM

Posted 11 May 2008 - 10:54 AM

windows xpsp3 (updated to it 3 days ago) and running AVG free 7.5....have to purchase the 8.0 version which I have no intention of doing at the moment :thumbsup:

NOPE you dont

http://free.grisoft.com/ try the link on the LEFT for the FREE version; it has limited function but IS an antivirus protection ;I have it on my XP at present


if the 7.5 verson has flagged up these objects you do need to run the scans in the link given

#7 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:01:29 AM

Posted 11 May 2008 - 10:58 AM

I would suggest avira as a replacement
Chewy

No. Try not. Do... or do not. There is no try.

#8 mikepin

mikepin
  • Topic Starter

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:29 AM

Posted 11 May 2008 - 12:38 PM

Hey guys ok here's the jist of it because the log is so long it will not let me post it.
Malwarebytes' Anti-Malware 1.12
Database version: 739

Scan type: Quick Scan
Objects scanned: 34486
Time elapsed: 30 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 26
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 32
Files Infected: 1602

Going to Install 8.0 AVG...should I run a full system scan with Malwarebytes after AVG install/restart?

#9 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:01:29 AM

Posted 11 May 2008 - 12:54 PM

I would definitely not try to install an AV right now, you could damage windows in it's present state


run this scanner next

http://www.bleepingcomputer.com/forums/ind...st&p=820997

let's try for a full log
Chewy

No. Try not. Do... or do not. There is no try.

#10 mikepin

mikepin
  • Topic Starter

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:29 AM

Posted 11 May 2008 - 01:04 PM

Ok, going to install this scanner and do as forum instruts...back soon :thumbsup:

#11 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:01:29 AM

Posted 11 May 2008 - 01:10 PM

Files Infected: 1602


this sounds like a P2P malware infection filling a shared folder
Chewy

No. Try not. Do... or do not. There is no try.

#12 mikepin

mikepin
  • Topic Starter

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:29 AM

Posted 11 May 2008 - 01:57 PM

Ok I did the SuperAntiSpyware scan....got a couple of adware tracking cookies.. :thumbsup:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/11/2008 at 02:48 PM

Application Version : 4.0.1154

Core Rules Database Version : 3458
Trace Rules Database Version: 1449

Scan type : Complete Scan
Total Scan Time : 00:37:06

Memory items scanned : 345
Memory threats detected : 0
Registry items scanned : 4906
Registry threats detected : 0
File items scanned : 23351
File threats detected : 2

Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\owner@specificclick[2].txt
C:\Documents and Settings\Owner\Cookies\owner@msnportal.112.2o7[1].txt

#13 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:01:29 AM

Posted 11 May 2008 - 02:14 PM

Please download ATF Cleaner by Atribune & save it to your desktop.
Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.
If you use Firefox browser click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.


http://www.atribune.org/ccount/click.php?id=1

and then run MBAM again and post the log

looking good
Chewy

No. Try not. Do... or do not. There is no try.

#14 mikepin

mikepin
  • Topic Starter

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:29 AM

Posted 11 May 2008 - 03:07 PM

Will do thanks for all the help Chewy!
:thumbsup: Mikepin

#15 mikepin

mikepin
  • Topic Starter

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:29 AM

Posted 11 May 2008 - 04:19 PM

Ok did the ATF cleaner and another Malware bytes scan...Found a couple more entries here's log.
Malwarebytes' Anti-Malware 1.12
Database version: 739

Scan type: Full Scan (C:\|)
Objects scanned: 129817
Time elapsed: 53 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{BE581FA3-C51D-45D0-BA25-08CF9A3C2799}\RP42\A0014339.dll (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{BE581FA3-C51D-45D0-BA25-08CF9A3C2799}\RP88\A0030267.exe (Malware.Tool) -> No action taken.

I removed selected....How's it looking now? Mikepin

Edited by mikepin, 11 May 2008 - 04:20 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users