Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan horse Generic18.BNYJ


  • Please log in to reply
8 replies to this topic

#1 Gary's Girl

Gary's Girl

  • Members
  • 343 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Kentucky
  • Local time:06:05 PM

Posted 16 October 2010 - 02:30 AM

What do you do when AVG finds a Trojan and won't remove it because it's inaccessible?


"Object name";"C:\Windows\System32\svchost.exe (3860):\memory_06d40000"

"Detection name";"Trojan horse Generic18.BNYJ"

"Object type";"file"

"SDK Type";"Core"

"Result";"Object is inaccessible."

I had run scans a couple days ago and found nothing after the computer seemed slow, I couldn't get online, and the 'r' key didn't work right. But today in the regularly scheduled scan, it found this and another trojan. It removed the other one but says this one is inaccessible. I'm the only one who uses the computer and it doesn't go to bad sites and I haven't recently installed anything.

It's an Inspiron 1721 with Windows 7, 3 GB RAM, 250 GB HDD with an AMD Athlon 64x2 Dual Core Processor. I use AVG paid version, SuperAntispyware, CCleaner, SpywareBlaster, and Defraggler to keep it clean.

Can someone advise, please.

Thanks!
S.

Edited by HomesickInTexas, 16 October 2010 - 02:34 AM.


BC AdBot (Login to Remove)

 


#2 wr67

wr67

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:05 AM

Posted 16 October 2010 - 03:16 AM

same here.i upgraded to avg 2011 yesterday and first scan was clean.scheduled scan showed same as you.hope somone can help.please

Edited by wr67, 16 October 2010 - 03:17 AM.


#3 wr67

wr67

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:05 AM

Posted 16 October 2010 - 04:01 AM

this may be a false positive caused by running avg scan whilst windows defender is turned on.from hectorII on another forum

#4 wr67

wr67

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:05 AM

Posted 16 October 2010 - 05:37 AM

disabled windows defender and reschuled scan on avg.scheduled scan came back all clear.hope this helps

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,957 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:05 PM

Posted 16 October 2010 - 08:08 AM

There is a long discussion thread at the AVG forum in regards to similar detections.

AVG Forum: How To Handle Suspicious False Positive Detection?
AVG FAQ 2343: AVG detects infection on file that I suppose to be clean
AVG FAQ 2142: How to upload a file to our FTP server
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 Gary's Girl

Gary's Girl
  • Topic Starter

  • Members
  • 343 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Kentucky
  • Local time:06:05 PM

Posted 16 October 2010 - 10:28 AM

Hello, Everyone - - thanks for your input. I have had Windows Defender disabled since I reformatted many months ago. Not sure the trojan alert is a false reading 'cause the computer isn't acting right anymore. This computer has been running like a charm for a long time and suddenly it's not. I have a 14 hour shift starting shortly so it will probably be late tonight before I can read the AVG forum posts and get back here - - but will do that before I sleep tonight. Maybe there will be something there to help.

If I get a moment I'll post back - - otherwise it will be late, late, late tonight.

Thanks again for all the responses. If anyone has any other input, please send it along, too.

Blessings!
Sharon

P.S. Forgot to say that after I posted the first post last night, I ran SuperAntiSpyware, but the scan wouldn't finish, but instead the computer shut completely down before the scan could finish - - just turned off as if I'd told Windows to it shut down. That's weird, isn't it? While SuperAntiSpyware was running it found over 100 tracking cookies before the computer shut down - - which is also weird because ever since I started using AVG a couple of years ago, there have been almost no detections of any kind until yesterday - - no infections, no adware, no spyware, no tracking cookies, no trojans, no rootkits, no anything most of the time. I thought AVG was the greatest thing I'd ever purchased, then all of a sudden, it's letting things through. What's up with that, does anyone know?

Edited by HomesickInTexas, 16 October 2010 - 10:50 AM.


#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,957 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:05 PM

Posted 16 October 2010 - 12:12 PM

Please perform a scan with Malwarebytes Anti-Malware and follow these instructions for doing a Quick Scan in normal mode.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
-- If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 JackME

JackME

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Location:New England, USA
  • Local time:06:05 PM

Posted 18 October 2010 - 05:21 AM

FYI

AVG forum sticky:
http://forums.avg.com/us-en/avg-free-forum...w&id=115947

Which includes the following: (quoted)

"Please be informed that this false positive detection will be removed in next virus database update (3205 and newer) - will be probably released in the evening (CEST)."

[That would be 18 Oct 2010]

#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,957 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:05 PM

Posted 18 October 2010 - 07:36 AM

That seems to confirm the FP with Defender.

However, HomesickInTexas has indicated other issues so he should try using other scanning tools like Malwarebytes Anti-Malware to see if it finds anything else.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users