Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Downloader really gone?


  • Please log in to reply
9 replies to this topic

#1 gembob

gembob

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:02 AM

Posted 24 August 2011 - 02:24 PM

My computer was very slow, showing signs of a virus, so I ran Malwarebytes and it found a file infected with what it calls Trojan.Downloader. Malwarebytes said it was quarantined and deleted successfully. I then ran housecall and it found another infected file and said it effectively deleted it (don't remember what virus/error was reported from Housecall). So I ran avast, came up with nothing, and then ran Malwarebytes and Housecall again and neither showed any infections (I ran cc cleaner and restarted between each scan). So my question now, before I start using bank websites and other financial tools on this comp, is has the problem really been removed? how can I tell, run hijack this? Thanks in advance.

BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:06:02 AM

Posted 24 August 2011 - 02:34 PM

Can you post the logs from Malwarebytes and House Call?

#3 gembob

gembob
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:02 AM

Posted 25 August 2011 - 10:29 PM

Here's the log from Malwarebytes that caught it:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7390

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

8/5/2011 11:11:33 PM
mbam-log-2011-08-05 (23-11-33).txt

Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 277118
Time elapsed: 1 hour(s), 19 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Temp\jmp 8.02 win\JMP\Extra\iconrefresh.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

And here's the subsequent scan:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7390

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

8/6/2011 1:54:16 AM
mbam-log-2011-08-06 (01-54-16).txt

Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 276472
Time elapsed: 1 hour(s), 17 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Unfortunately I uninstalled Housecall so I can't find the log for that. Is it somewhere in my files that I can retrieve?

#4 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:06:02 AM

Posted 25 August 2011 - 10:31 PM

You can do a search from TrendMicro and see if anything is left behind.

#5 gembob

gembob
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:02 AM

Posted 28 August 2011 - 01:00 PM

Sorry for the delay - nothing came up searching for TrendMicro or HouseCall except an updater file

#6 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:06:02 AM

Posted 28 August 2011 - 01:20 PM

Lets see what aFree Scan by ESET finds.

#7 gembob

gembob
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:02 AM

Posted 29 August 2011 - 11:25 PM

Looks like it's definitely not gone, here's what ESET found:

C:\Users\Matt\AppData\Local\Temp\ICReinstall\cnet_hjsplit_zip.exe a variant of Win32/InstallCore.B application cleaned by deleting - quarantined
C:\Users\Matt\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\6b1e720a-18c1fa99 Java/Agent.BV trojan deleted - quarantined
C:\Users\Matt\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\738fc550-5c999458 multiple threats deleted - quarantined
C:\Users\Matt\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\67de24e0-6976d9ca multiple threats deleted - quarantined
C:\Users\Matt\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\2ef758e6-2da5e7e5 Java/Agent.BV trojan deleted - quarantined
C:\Users\Matt\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\d126230-3b623174 Java/Agent.BV trojan deleted - quarantined
C:\Users\Matt\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\7baf0ab2-6707885b a variant of Java/Agent.BR trojan deleted - quarantined
C:\Users\Matt\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\211df4b5-72b497e9 a variant of Java/TrojanDownloader.OpenStream.NBF trojan deleted - quarantined
C:\Users\Matt\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\458317b9-75dfa188 Java/TrojanDownloader.OpenStream.AF trojan deleted - quarantined
C:\Users\Matt\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\31e1e646-15a0f51e multiple threats deleted - quarantined
C:\Users\Matt\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\384ba27d-798160e3 a variant of Java/Agent.AF trojan deleted - quarantined
C:\Users\Matt\Desktop\Evo\evo-root.zip Android/Exploit.RageCage.A trojan deleted - quarantined

#8 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:06:02 AM

Posted 30 August 2011 - 06:51 AM

I dont see anything malicious. So I think you are safe.

#9 gembob

gembob
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:02 AM

Posted 30 August 2011 - 04:29 PM

Haha shows how much I know, I thought i was much worse off after that ESET scan. Thanks for your help and patience.

#10 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:06:02 AM

Posted 30 August 2011 - 05:03 PM

No problem.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users