Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Noob issues. Suspected Trojan


  • Please log in to reply
No replies to this topic

#1 clandestinka

clandestinka

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:59 AM

Posted 03 November 2008 - 03:36 AM

Hi smart ppl.

I use McAfee. When the on access scan is on my quarantine folder fills quickly. The log file shows the folowing- on repeat;

3/11/2008 6:32:42 PM Cleaned NT AUTHORITY\SYSTEM C:\Windows\system32\svchost.exe m:\svr.exe BackDoor-AWQ (Trojan)
3/11/2008 6:32:42 PM Deleted NT AUTHORITY\SYSTEM C:\Windows\system32\svchost.exe M:\SVR.EXE BackDoor-AWQ (Trojan)
3/11/2008 6:32:42 PM Deleted NT AUTHORITY\SYSTEM C:\Windows\system32\svchost.exe M:\svr.exe\00007d88.EXE BackDoor-AWQ (Trojan)
3/11/2008 6:32:42 PM Cleaned NT AUTHORITY\SYSTEM C:\Windows\system32\svchost.exe f:\svr.exe BackDoor-AWQ (Trojan)
3/11/2008 6:32:42 PM Deleted NT AUTHORITY\SYSTEM C:\Windows\system32\svchost.exe F:\SVR.EXE BackDoor-AWQ (Trojan)
3/11/2008 6:32:42 PM Deleted NT AUTHORITY\SYSTEM C:\Windows\system32\svchost.exe F:\svr.exe\00007d88.EXE BackDoor-AWQ (Trojan)

and when I do a full scan;

3/11/2008 6:10:55 AM Cleaned jimbo f:\svr.exe BackDoor-AWQ(Trojan)
3/11/2008 6:10:55 AM Deleted jimbo F:\SVR.EXE BackDoor-AWQ(Trojan)
3/11/2008 6:10:56 AM Deleted jimbo f:\svr.exe\00007d88.EXE BackDoor-AWQ(Trojan)
3/11/2008 6:10:59 AM Cleaned jimbo f:\system volume information\_restore{2d6afca6-c76e-4dbb-8d3e-7f57086a04b5}\rp281\a0076269.exe BackDoor-AWQ(Trojan)
3/11/2008 6:10:59 AM Deleted jimbo F:\SYSTEM VOLUME INFORMATION\_RESTORE{2D6AFCA6-C76E-4DBB-8D3E-7F57086A04B5}\RP281\A0076269.EXE BackDoor-AWQ(Trojan)
3/11/2008 6:10:59 AM Deleted jimbo f:\System Volume Information\_restore{2D6AFCA6-C76E-4DBB-8D3E-7F57086A04B5}\RP281\A0076269.exe\00007d88.EXE BackDoor-AWQ(Trojan)
3/11/2008 6:11:00 AM Cleaned jimbo m:\svr.exe BackDoor-AWQ(Trojan)
3/11/2008 6:11:00 AM Deleted jimbo M:\SVR.EXE BackDoor-AWQ(Trojan)
3/11/2008 6:11:00 AM Deleted jimbo m:\svr.exe\00007d88.EXE BackDoor-AWQ(Trojan)

It appears in all of my drive attached drives. I have tried scanning in safe mode and ran combofix also- but i think I need a bit of direction before I go posting massive log chunks (that wasnt meant to sound bad :thumbsup:

At this stage I just have to turn off the 'on access scan' which leaves me feeling a little vulnerable.

Any ides on where to go from here??

thx

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users