Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.



  • Please log in to reply
1 reply to this topic

#1 hsdpcrepair


  • Members
  • 10 posts
  • Local time:08:27 PM

Posted 05 April 2012 - 11:28 AM

EDIT:Moved to appropriate forum from WIN7~~boopme


I did not see this Virus listed while searching the forum.

MSE detects this and wants you to download an Offline version of Windows Defender and create a bootable disc via USB stick, CD, or ISO.

Then boot into Offline Windows Defender and scan to remove this threat.

This trojandownloader:Win32/Flexty:A originated from a customer that had the Smitfraud:C Virus on 4/4/2012 which I thought was successfully removed from running the following programs in safemode w/ networking:


Once I removed AVG 2012 and installed Microsoft Security Essentials, MSE found this Trojan (trojandownloader:Win32/Flexty:A).

After running the Offline Windows Defender it found the following:


Windows Defender Offline worked, but there should be an easier way to remove this threat via Malwarebytes and ComboFix.

Just wanted to share this with everyone.

Windows 7 64Bit

Edited by boopme, 05 April 2012 - 12:00 PM.

BC AdBot (Login to Remove)


#2 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 51,905 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:27 PM

Posted 07 April 2012 - 10:01 AM

Info on Win32/Flexty.A

No security tool will detect and remove all malware infections...that includes both Malwarebytes and ComboFix.

The DOS/Alureon detection is most likely related to a variant of the TDL4 rootkit. In most cases, specialized tools like TDSSKiller or the Backdoor.Tidserv Removal Tool (FixTDSS) are needed to identify and properly remove it.

Glad to know that Offline Windows Defender know detects and removes it too.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users