Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojans disabling MS Security Essentials


  • Please log in to reply
3 replies to this topic

#1 cayz

cayz

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:26 PM

Posted 10 August 2013 - 01:22 PM

Hello!

 

My name is James, and I am a network tech guy, but I've been out of the A/V loop for a while.

My father in law has an HP desktop with Windows 7 Home Premium SP1, and he used to have Norton AV and MS Security Essentials on it.  Up to last weekend.

I had installed the MS Security Essentials on it when he had gotten the computer last fall, and had disabled, but not uninstalled Norton.  He was not able to keep the Norton up to date, so I had installed the MSE, and had it scheduled to update & run, and all had been good up to the last week of July.

 

Last weekend, I was up there on a different mission, and he said "By the way, the MSE icon has gone away.  It said something about not beinf protected, and then the icon went away.  Can you help me?"  So, rather than a quick stopover, I spent the next 3 hours uninstalling Norton, re-installing MSE, and (the computer is availble to me via Logmein, not local), running a quick scan (which snagged a couple of trojans (no, I didn't note which ones THEN, which I deleted), and starting a full scan.  I had asked him to call me if he got anything else when it was done, and I didn't hear anything, so I figure "all was good"....

 

Nope.  I got a call that MSE was gone again, and, "oh yeah, the MSE Full Scan had taken 20 (twenty) hours, and had a couple of things, but it seemed OK".  *sigh*.

 

So, now I have the computer up & running via Logmein, and I can see that he has 3 new items:

Exploit:Java/CVE-201-1723

TrojanWin64/Alureon.D

TrojanWin32/Alureon.GD

 

He currently has them quarentined, I'm gonna remove them in a minute.

 

I'm sure I could run another full scan, but I'm concerned that he has a lurking trojan that turns MSE off and starts doing its deeds again.

 

All help is greatly appreciated.

 

P.S.  How can I insert a locally-saved image (screen shot)?  I see I can use a URL, but if the image is not on the Internet, how can I insert it?

 

Thanks.

 

James



BC AdBot (Login to Remove)

 


#2 cayz

cayz
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:26 PM

Posted 10 August 2013 - 01:29 PM

Oh, when I was up there last weekend, I removed Java & Adobe Reader / Shockwave / Flash, then installed them all fresh (not updates)



#3 cayz

cayz
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:26 PM

Posted 10 August 2013 - 01:38 PM

Ah, I did save something from last weekend - the Trojan that was initially found was called "Iminent".  3x occurences.


Edited by cayz, 10 August 2013 - 01:38 PM.


#4 cayz

cayz
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:26 PM

Posted 10 August 2013 - 02:41 PM

Actually, the trojans found last weekend after the MSE QUick Scan were the same as the ones found after the full scan.

Note, I removed the ones found in the quick scan. 

 

(I was able to get the history of MSE by going through the system logs).






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users