Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

windows visual studio, a trojan?


  • Please log in to reply
10 replies to this topic

#1 Ket

Ket

  • Members
  • 137 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 19 July 2009 - 06:50 PM

Hi! I did a quick scan in my laptop today with Malwarebytes and it discovered an exe file which identified as trojan (install.exe). I checked what it was. It was located in the microsoft visual studio folder and even its properties had the name of the company (microsoft) in the details. I don't really know what visual studio does nor I've noticed any malfanction before or after the scaning. Nonetheless I let Malwarebytes to quarantine and delete it. What do you think? Do you believe it was really a trojan or just an incompatibility between microsoft and malwarebytes? And if it wasn't a trojan how do I restore it?
The log doesn't really say anything but I copied it anyway here:

Malwarebytes' Anti-Malware 1.39
Database version: 2421
Windows 6.0.6001 Service Pack 1

7/20/2009 00:30:06
mbam-log-2009-07-20 (00-30-06).txt

Scan type: Quick Scan
Objects scanned: 83614
Time elapsed: 8 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\install.exe (Trojan.Agent) -> Quarantined and deleted successfully.

BC AdBot (Login to Remove)

 


#2 Computer Pro

Computer Pro

  • Members
  • 2,448 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:03 PM

Posted 19 July 2009 - 09:14 PM

The log says that it was found in the direct C: drive folder, not the Microsoft Visual Studio folder.
Computer Pro

#3 Ket

Ket
  • Topic Starter

  • Members
  • 137 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 20 July 2009 - 03:05 AM

I apologise. What you're saying is true. But when it was detected (before being removed) I right clicked on it and clicked jump to folder and I wad directed to it. Now it is not there anymore and I got confused. The visual studio was mentioned in the details of its properties. But still that doesn't explain why a trojan should be identified with the microsoft logo in its properties. What do you think? I have vista home premium 32.

Edited by Ket, 20 July 2009 - 04:20 AM.


#4 Computer Pro

Computer Pro

  • Members
  • 2,448 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:03 PM

Posted 20 July 2009 - 11:40 AM

Some malware can disguise themselves as something that they are not to make the user think that it is something that is needed. No, nothing from the Visual Studio should be found in the direct C: folder, and normally malwares named Install.exe are located there. So yes, i think it was a Trojan
Computer Pro

#5 Ket

Ket
  • Topic Starter

  • Members
  • 137 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 20 July 2009 - 12:10 PM

OK mate. That's a relief in a way. I wouldn't like to lose any usefull component. It has happened to me before with spybot, although I still think it's a fantastic program. Thanx a lot

#6 Computer Pro

Computer Pro

  • Members
  • 2,448 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:03 PM

Posted 20 July 2009 - 12:49 PM

And if you ever do have any problems with the Visual Studio, then just restore the file from the malwarebytes quarentine and see if it helps. But only do this if you have any problems with it
Computer Pro

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:03 AM

Posted 20 July 2009 - 01:07 PM

Hi..please
Rerun MBAM like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan.
After scan click Remove Selected, Post new scan log and Reboot into normal mode.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 Ket

Ket
  • Topic Starter

  • Members
  • 137 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 20 July 2009 - 01:40 PM

I just rerun MBAM as boopme requested. It found nothing malicious. I must remind you that the suspicious item was removed in the previous scanning. Do you know what is the visual studio and how do I find out if it works?
This is the log of the new scan:

Malwarebytes' Anti-Malware 1.39
Database version: 2467
Windows 6.0.6001 Service Pack 1

7/20/2009 21:34:00
mbam-log-2009-07-20 (21-34-00).txt

Scan type: Quick Scan
Objects scanned: 84877
Time elapsed: 8 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:03 AM

Posted 20 July 2009 - 01:57 PM

Hi,you had a trojan that hid in that file it was removed .

VS is a developers application... It can be used to develop console and graphical user interface applications along with Windows Forms applications, web sites, web applications, and web services in both native code together with managed code for all platforms supported by Microsoft Windows
http://en.wikipedia.org/wiki/Microsoft_Visual_Studio

Build the connected applications demanded by today's businesses
Microsoft Visual Studio 2008 Standard Edition provides a full-featured development environment for Windows and Web developers. It offers productivity enhancements for building data-driven client and Web applications. Individual developers looking to create connected applications with next-generation user experiences will find Visual Studio
http://store.microsoft.com/microsoft/Visua...c&WT.srch=1
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 Ket

Ket
  • Topic Starter

  • Members
  • 137 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 20 July 2009 - 03:38 PM

I don't know how comes and I have a visual studio folder in my computer. Maybe it comes as part of windows live messenger. It doesn't seem there is an application I can run in that folder though. I just hope everything will work just fine. Thank you for all your help.

#11 Computer Pro

Computer Pro

  • Members
  • 2,448 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:03 PM

Posted 20 July 2009 - 03:56 PM

Yes, it does come with Windows Live Messenger
Computer Pro




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users