Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

trojan horse generic 16.BVN


  • Please log in to reply
No replies to this topic

#1 cleent

cleent

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:13 AM

Posted 25 December 2009 - 05:58 PM

Hi,
first of all Merry Christmas and many thanks to this fantastic site for some suggestions I catched surfing the net.
Computer Pro gave some solutions to the problem on the topic.
It seems that this trojan horse generic 16.BVN attaches windows and using installer.exe introduces every minute high risky infections which I removed constantly with AVG free. But the problems remained, because AVG doesn't recognize any threat.
Following Computer Pro suggestions on topic http://www.bleepingcomputer.com/forums/t/280852/trojan-horse-generic-16bvn/, I downloaded Malwarebytes Anti-Malware 1.42 version and completed the scan of the my laptop and removed the infections and restarted the computer (I use WindowsXP and mozilla firefox). Now it seems all the problems are solved. But Computer Pro suggested in the above topic to follow with ATF Cleaner and SUPERAntispyware in that case. What in my case? See the MBAM text coming from the Malware Anti-Malware launch:

Malwarebytes' Anti-Malware 1.42
Database version: 3429
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

25/12/2009 21.35.42
mbam-log-2009-12-25 (21-35-42).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 194949
Time elapsed: 1 hour(s), 18 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\WUSN.1 (Adware.WhenU) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\richtx64.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Bruno\Impostazioni locali\Temp\richtx64.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bruno\Impostazioni locali\Temp\wscsvc32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bruno\Impostazioni locali\Temporary Internet Files\Content.IE5\O5FI5X9I\eHa09c57abV03006f35002R1ebbed88102Teba8eea0Q000002e9901807F0020000aJ10000601l0010316P000800070[1] (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Thank you very much for your help

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users