Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan SHeur2.CBKQ - Is computer compromised?


  • Please log in to reply
No replies to this topic

#1 Helena2009

Helena2009

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:25 PM

Posted 28 December 2009 - 12:10 PM

Good Morning:

AVG alerted me last week that there were several trojan Horses in our computer, trojan Horse 16.BVN, I believe. It seemed to remove them, but they were found again by AVG over the next couple of days every time AVG ran its scan at startup, together with other viruses.
Then, it didn't find that particular trojan, but a different one: trojan SHeur2.CBKQ.

The IT person at my husband's job told him to get rid of AVG, and use Avast instead, saying it is a better program. So, we deleted AVG, installed Avast, which promptly found that same trojan. That was yesterday. Today, Avast didn't find any trojans, but I updated Malwarebytes, and it found a trojan in the registry keys. Here is the log:

Malwarebytes' Anti-Malware 1.42
Database version: 3444
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/28/2009 11:47:48 AM
mbam-log-2009-12-28 (11-47-48).txt

Scan type: Quick Scan
Objects scanned: 109629
Time elapsed: 3 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\richtx64.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


After running the scans, the computer performs a lot better, but it seems that the infection is not completely removed.

Please let me know what steps I can take to remove all viruses and how I can find out if my computer is compromised (I do a lot of online banking etc.).

Thanks so much in advance for your help.

P.S. I am running Windows XP.

Additional Info:

I just ran a thorough scan with Malwarebytes and it found another infection. Here is the log file:
Malwarebytes' Anti-Malware 1.42
Database version: 3444
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/28/2009 12:56:47 PM
mbam-log-2009-12-28 (12-56-47).txt

Scan type: Full Scan (C:\|)
Objects scanned: 188965
Time elapsed: 28 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{266DB314-9E86-46FF-A3C5-FFB37276D348}\RP702\A0090070.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Edited by Helena2009, 28 December 2009 - 12:58 PM.


BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users