Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bavariax trojan infection


  • Please log in to reply
No replies to this topic

#1 tsnell

tsnell

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:54 PM

Posted 07 August 2009 - 10:23 AM

I noticed on another post that I found by doing an internet search for "trojan downloader bavariax" that this virus has been around for quiet sometime. That post was from 2006. Well I could have copied and pasted it here, the circumstances of the infection that I am currently trying to kill are almost identical. Our office managers (my wife) computer is infected with the bavariax trojan as well as the Anti-Spyware 2010 or Anti-Virus 2010 nightmare. (I am sending this from my home computer). Yesterday she opened up an email attachment and thats were it began. The following is what was in the header (she printed it)
From Raymond Reyna <archives>7@springer.de>
To {my wifes email address)
Subject UPS Tracking Number G5XPARZ
Attachements 2 UPSNR_e92fa218.zip [application/zip] 28 kb

And the message contents is as follows-
Hello! Unfortunately we failed to deliver postal package you have sent on the 10th of July in time
because the adressee's address is not correct.
Please print out the invoice copy attached and collect the package at our office.

Your United Parcel Service of America

Well as I said she followed the instructions and right away got a warning saying her computer was infected with spyware and a screen indicating that windows was downloading the latest greatest anti spyware. It put an icon on the task bar that will not close and shows up in the program list with an uninstall that will not "uninstall". Thats were I come in.
This computer is running windows XP home addition (came with the computer and she needs very little networking) with the latest updates, I downloaded and installed what was available first thing upon starting the computer. This computer also was Norton Anti-Virus (although the subscritption is expired) but it seems to have been renedered useless as well.
On my direction she shut everything down (not on my direction she deleted the email prior to calling me, though it may be in her trash file if thats of any help).
I restarted the computer and found just what she had described. I had someone that was on an off site computer google "antispyware 2010 virus" and email any links that he found helpful. In the mean time I tried to run the following (followed by the result)-

Hijack this (in normal mode) would not start (in safe mode) would not start even using "Run as : Administrator" wouldn't even show up on the task list
combo fix " " " " " "
Windows Defender- " " " " " "
Windows live on-line scanner (either mode) came back with an error on the page and would not initiate
Spybot search and destroy (either mode same as above)
now here is where the questions really start-
The first link my friend sent me was- "Antivirus Guys- Professional Advice" the recommended solution there was 2-part, 1st down load and run "Combo Fix". Which I am familiar with. The site says "It's best to run it in safe mode but it will work either case".....not so as I noted above" The 2nd part of the solution was to download a second tool (with the link) "Windows registry repair" claiming that the virus will leave a "ton" of registry entrys behind.
The link takes you to a site called "Registry Easy" (wasn't famailiar with it, didn't download anything).

The second link my friend sent me led me to a site that advertised a "Anti Spyware 2010" removal tool,( I am getting to these links from a different computer in our office, this computer is running windows vista basic) I downloaded the "Tools" and saved them in the "public documents" file. Then I went to the infected computer (while running in safe mode with network support) and copied and pasted them to the shared document file of the infected computer.
As I said before I attempted to run combo fix and it did not even register on the task list.
The second "tool" turned out to be "Spyware Doctor", it installed in safe mode (which none of the others would do), and also performed a scan......which took about three hours and thirty minutes. It identified the "Antivirus 2010" issue as well as quiet a few others but would not correct them without.....You guessed it, paying for a fully registered version. Which I have not done. I thought it was little strange that it was the only utility that would run, while others that I am familiar with would not.

When I tried to run the other utilities in normal mode I either didn't get any response at all or was given a message indicating that the network administrator had set rules that would not allow the procedure. Then if I tried to run it as administrator I would either get no response or some other error indicating that it failed to start. In safe mode when I tried the "run as administrator" it would come back with "this process can't be started safe mode"

Well that's about it.....other than the process can't be stopped in task manager. I killed everything but the ones that windows protected. But i did keep getting multiple occurences of the waudt.exe file on the task list, both with system and a user under "users name".

There are slso some strange file names that have popped up that when googled come back with no matches. I don't have those with right now but I can provide them in another post.

Sorry for the length of this thing but I wanted to get everything to you while it was still fresh. Of all of the computers in our office this one has the most critical data(i.e- accounting, payroll time keeping, etc) so I would greatly appreciate any help I can get. I don't have any problem doing a fresh reformat and reinstall but I want to make certain that I take steps to NOT worsen the situation.

The Bavariax trojan issue......I have found files named Bavariax.exe on the computer. Didn't know it was an issue until I did a google on "Anti spyware 2010" and it was noted as by product (a dangerous one) on another site. After which I started this topic.

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users