Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Horse Generic10.bhes


  • Please log in to reply
8 replies to this topic

#1 Angeline

Angeline

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:05 AM

Posted 23 July 2008 - 01:04 PM

Hello, and thank you for the help in anticipation!

I am in the process of running a scan of my computer at this very moment with the free version of AVG 8.0.138, and the first item that has come up is the above Trojan horse Generic10.BHES. Further information is:

C:\Documents and Settings\User\Application\Data\Adobe\Acrobat\7.0\Updater\AdbeRdr709_en\US.exe

My computer is a Dell Precision M50 Mobile Intel[R] Pentium[R] 4 - M CPU 2.00GHz 1.99 GHz, 1.00 GB of Ram. The System is Microsoft WindowsXP Professional Version 2002 Service Pack 2

I have Spybot on my computer, but I do not use it as I tend to rely on AVG sorting everything out.

The rest of the scan is bringing up tracking cookies (YieldManger, Overture and Questionmarket). It is now scanning

I use a wireless connection most of the time (library), but on other occasions it is a dial-up connection, that is when my SO uses it in the evenings.


I am not in any way a computer expert!

Thank you again.

A

BC AdBot (Login to Remove)

 


m

#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,114 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:05 AM

Posted 23 July 2008 - 05:11 PM

Hello and welcome.
Did it quaratine or delete that malware?

If you would please run a scan with this very good program.
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Reagardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Vince86

Vince86

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:04:05 AM

Posted 24 July 2008 - 02:20 AM

Hi, i dont mean to hijack this thread, but i do also have avg free 8.0.138 and it detected the same file on my computer as the same trojan. maybe it could be a coincident or a false positive from an recent avg update? thanks

#4 wiztwas

wiztwas

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:05 AM

Posted 24 July 2008 - 04:12 AM

Hi, i dont mean to hijack this thread, but i do also have avg free 8.0.138 and it detected the same file on my computer as the same trojan. maybe it could be a coincident or a false positive from an recent avg update? thanks


I don't want to do a "me too" post but I have avg free 8.0.138 and it detected the same file on my computer as the same trojan.

Virus Database Version was 270.5.5/1569

Showed it as a trojan.

Upgraded to database 270.5.5/1570.

It was clean.

#5 Sigfadir

Sigfadir

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:05 AM

Posted 24 July 2008 - 04:32 AM

It seems to me that this Trojan Horse is just the language pack of Adobe Acrobat, and doubt they have meant it to be a virus.
I've detected the same threat, but in 5 different languages. Hehe. I will have to do a better research to figure if it actually is a dangerous Trojan, but as I said before that I doubt it is a threat since it occurse to be just the languages you install to don't have to open Adobe in other language than what you are used to.
I'll post more to this forum once I get to figure out more =)

#6 Angeline

Angeline
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:05 AM

Posted 24 July 2008 - 12:45 PM

Thank you for the help.

I downloaded Malwarebytes Anti-Malware and the results follow. AVG quarantined the result yesterday. Should I remove Malwarebytes now as I have Spybot? Appreciate help very much.

A


Malwarebytes' Anti-Malware 1.23
Database version: 986
Windows 5.1.2600 Service Pack 2

1:34:36 PM 7/24/2008
mbam-log-7-24-2008 (13-34-36).txt

Scan type: Quick Scan
Objects scanned: 40543
Time elapsed: 13 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#7 OldEggs

OldEggs

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:05 AM

Posted 24 July 2008 - 01:22 PM

I am also having same issue and ran MBAM...here's my log (I had it remove the issues & am waiting to see if the issue comes up again at next AVG scan
****************************************************************************************************************************
Malwarebytes' Anti-Malware 1.23
Database version: 985
Windows 5.1.2600 Service Pack 2

7:20:41 AM 7/24/2008
mbam-log-7-24-2008 (07-20-41).txt

Scan type: Quick Scan
Objects scanned: 65237
Time elapsed: 43 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Weather Services (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls\wxfw.dll (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,564 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:05 AM

Posted 24 July 2008 - 01:40 PM

Angeline how is your computer running now? I recommend you keep MBAM and use it as part of your anti-malware toolkit. Spybot S&D is not enough.

Welcome to BC OldEggs

If you have an issue or problem you would like to discuss, please start your own topic. Doing that will help to avoid the confusion that often occurs when trying to help two or more members in the same thread with different problems. Even if your problem is similar to the original poster's problem, the solution could be different based on the kind of hardware, software, system requirements, etc. you are using and the presence of other malware. Further, posting for assistance in someone else's topic is not considered proper forum etiquette.

Thanks for your cooperation.

Then post in the Am I infected? What do I do? forum.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 OldEggs

OldEggs

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:05 AM

Posted 24 July 2008 - 02:51 PM

Sorry, first time posting, I will start a new one...apologies to Angeline




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users