Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Horse FakeAV.POV


  • Please log in to reply
1 reply to this topic

#1 Dag@mir

Dag@mir

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:28 PM

Posted 29 June 2011 - 08:41 AM

Dear team;
I must have been infected by a Trojan Horse FakeAV.POV on one of my desktop PCs running Windows XP.
Details as follows:
1) Trojan affects AegisE5.dll which is key file to start up a Wireless Lan card Utility (Ralink - RT7x 802.11 bg WLAN).
2) AVG detected the malware or virus.
3) Did a full scanned but AVG could not remove it. So we placed it to the vault.
4) Rebooted the pc and received auto message " this application (assume wlan utility) had failed to start because AegisE5.dll was not found. Re - installing the application may fix this problem.
5) Ran the wireless card software again.
6) When installing AVG detected the Trojan Horse again.
7) This time we stopped AVG, downloaded and ran an EMSI SOFT ANTI MALWARE trial software which stills detected the Trojan Horse. Again placed in a vault.
8) We re started the system in Win XP secure mode and ran Emsi Soft, again detected the malware
This turns into an endless loop process. If I reinstall the application the Malware stops the application from running. As the Trojan Horse affects AegisE5.dll. If we vault it then the system sends message defined in above 4).

Please kindly will appreciate your support. I have seen other solutions for problems related to another mutation of Trojan Horse FakeAV, but we are not sure the same solution might apply to this event.

BRgds in advance,

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,062 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:05:28 PM

Posted 07 August 2011 - 11:38 AM

Hello,

Pardon the interruption here.

@ Cryptodan, I've removed your post so we can get some other pertinent information first.

@ Dag@mir

Please answer the following:

2) AVG detected the malware or virus.


Can you provide the complete statement AVG gives when it flags the file?

Is this the only thing it flags?

Please do not vault the file or try to "fix" it.

I'd like you to do this:

Please do the following:

submit a file to virustotal for analysis
  • Use the browse button on that page to navigate to the location of the file to be scanned.
  • In the right hand panel,
  • click on the file that AVG flags
  • then click the open button.
  • The file will now be displayed in the submit box.
  • Scroll down a bit and click "send file", wait for the results
  • If you get a message saying File has already been analyzed: click Reanalyze file now
  • Once scanned, copy and paste the link to the results page in your next reply.

Are you experiencing other computer issues? If so, please describe.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


animinionsmalltext.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users