Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Winamp Trojan Detected By Avg Pro


  • Please log in to reply
8 replies to this topic

#1 Alio0p

Alio0p

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:in muh chair haha
  • Local time:06:20 PM

Posted 30 September 2008 - 11:11 PM

To whom it may concern,

Hello, I am having an issue with Winamp the media player. I have had it for nearly 9 months now with no problems until today. I have it set on my keyboard as a 'hot key' quick link. When I Clicked to activate it a pop-up from AVG said it had a Trojan and so I clicked to clean/heal the infection and AVG said some files were not deleted and Microsoft thing said winamp had a problem and needed to close. I did the send report thing. So I did a pc scan with AVG and it detected some tracking cookies and as usual I deleted them. And then I uninstalled my winamp then rebooted the computer. Then I went to download winamp again and after the install it tried to load the wizard for winamp when the same issue happened again. AVG said it had this Trojan: Trojan Horse SHeur.CLZE

I'm not sure if it's a real Trojan or just some bug in Winamp due to an update winamp might have had. I googled this Trojan and only one person said on a yahoo site that they think it might have something to do with a recent update for winamp. I really don't know what to make of it. None of my programs are picking it up. I mention below what programs I have and am using at the time. I also did a Housecall free scan and it deleted some cookies is all. I would also like to know if I should try another spyware program to make sure it's still not on my pc if infact it is a Trojan. I mean why would AVG say it's a Trojan if it's not? lol. oh and while I'm at it I play a online RPG game and should I not play it till I know for sure this Trojan is gone? Is it safe for me to login to this game and play without risking being hacked?

Sorry for all the questions but I just want to make sure my computer is safe and clean. Thanks again for your time and help in advanced. My system specs are listed below. :thumbsup:

I am using a Dell Dimension 8400 Media Center addition desktop computer with XP pro and SP3. I have AVG Anti-Virus Pro 8 (paid version) and I also use AD-Aware 2008 (free version) and Outpost Firewall Pro (paid version). I also use IE 7 and Firefox Browsers just in case you needed to know. :flowers:
~ Screw Lucky Charms, I'm Already Magically Delicious! ~

BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:20 AM

Posted 30 September 2008 - 11:14 PM

Upload the suspect winamp file at Jotti for analysis. Post back the results.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 Alio0p

Alio0p
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:in muh chair haha
  • Local time:06:20 PM

Posted 30 September 2008 - 11:34 PM

:flowers: you lost me. what suspect winamp file? I uninstalled it and none of my programs are detecting it. sorry im all new to this sort of thing :thumbsup:
~ Screw Lucky Charms, I'm Already Magically Delicious! ~

#4 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:20 AM

Posted 30 September 2008 - 11:38 PM

I meant to upload the file that AVG reported as being infected with Trojan Horse SHeur.CLZE. That way you could get a second opinion on whether this file is actually infected or if AVG was mistaken.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#5 Alio0p

Alio0p
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:in muh chair haha
  • Local time:06:20 PM

Posted 01 October 2008 - 12:21 AM

Okay this is all I can find. In the AVG Virus Vault it says this:

Infection type:
Infection

Virus name :
Trojan horse SHeur.CLZE


Path to file:
c:\System Volume Information\_restore{B4O31A82-C43A-4FEB-8741-6D7BB8B406BC}\RP176\A0041814.dll


I did a search on my computer of that dll it said file can't be found. when I had winamp and tried to load it that's when AVG would pop up saying I had the trojan. so I think it was the winamp.exe file that was infected. when I do a winamp.exe search on my computer it shows this, Name WINAMP.EXE-22223556.pf In folder c:\WINDOWS\Prefetch

I don't know if this means anything but I hope this can help. thanks again.
~ Screw Lucky Charms, I'm Already Magically Delicious! ~

#6 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:20 AM

Posted 01 October 2008 - 12:31 AM

Don't worry about the prefetch. Windows uses the information in the Prefetch folder to decide which program segments to load and in what order to load those pages.

c:\System Volume Information\_restore{B4O31A82-C43A-4FEB-8741-6D7BB8B406BC}\RP176\A0041814.dll

This is in System Restore, so it can't hurt you unless you actually do a restore. If you want, you can flush out your System Restore by doing the following:

Go Start > Programs > Accessories > System Tools and click System Restore. Choose the radio button marked Create a Restore Point on the first screen then click Next. Give the Restore Point a name and then click Create. Then use Disk Cleanup to remove all but the most recently created Restore Point. Go Start > Run and type: "Cleanmgr" (without the quotes). Click Ok > More Options tab > Clean Up in the System Restore section to remove all previous restore points except the newly created one.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#7 Alio0p

Alio0p
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:in muh chair haha
  • Local time:06:20 PM

Posted 01 October 2008 - 10:02 AM

Hello I'm back lol,

I did what you said and made a new restore point and then did a disk clean up. should I do another AVG system and send you the log or do you think im okay at this point?


Thanks again for all your help I sure do apprciate it. :thumbsup:
~ Screw Lucky Charms, I'm Already Magically Delicious! ~

#8 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:20 AM

Posted 01 October 2008 - 04:12 PM

It never hurts to do another scan.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#9 Alio0p

Alio0p
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:in muh chair haha
  • Local time:06:20 PM

Posted 05 October 2008 - 12:03 PM

Hello , I just wanted to say Thank you for all the help Budapest. system seems trojan free. I'm still not willing to redownload winamp lol.

Again Thanks for your time and help. :thumbsup: :flowers:
~ Screw Lucky Charms, I'm Already Magically Delicious! ~




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users