Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.buzus -- don't know how to delete it


  • This topic is locked This topic is locked
10 replies to this topic

#1 MrSjaakBraak

MrSjaakBraak

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:11:13 PM

Posted 03 December 2013 - 02:01 PM

My computer runs Windows 8.1

 

I'm trying to get rid of these viruses:

 

Type:296012  Name:Trojan.BuzusCafc   Path:C:\Windows\System32\trkwks.dll 
Type:296012  Name:Trojan.BuzusCafc   Path:C:\Windows\WinSxS\AM1D69~1.163\trkwks.dll 
 
Which I can find with Anvi smart defender, but it wont delete them. I'm not experiencing any problems, but as I don't know what these Trojans do, i'd like to get rid of them.
 
Someone already helped me in this topic:
 
In that topic are logs of Minitoolbox, Rkill, AdwCleaner, Junkware Removal and Malwarebytes.
 
When I try to run the DDS programme, I get an error saying it can't run in compatibility mode. This might be a Windows 8.1 problem, but I didn't manage to get it working.
 
Thanks in advance!

Edited by MrSjaakBraak, 03 December 2013 - 02:08 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:13 PM

Posted 08 December 2013 - 10:44 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

The DDS tool is not compatible with the new version of Windows 8.1.

I'm trying to get rid of these viruses:

Type:296012 Name:Trojan.BuzusCafc Path:C:\Windows\System32\trkwks.dll
Type:296012 Name:Trojan.BuzusCafc Path:C:\Windows\WinSxS\AM1D69~1.163\trkwks.dll


Having no issues with this computer, I think you are dealing with a False/Positive issue.
If this file is from Microsoft (Check the propteties) then submit the file to Anvisoft for their review.

http://download.cnet.com/windows/anvisoft/3260-20_4-10195867.html

Source:
http://www.shouldiblockit.com/trkwks.dll-2560.aspx

#3 MrSjaakBraak

MrSjaakBraak
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:11:13 PM

Posted 08 December 2013 - 10:54 AM

Hey Nasdaq, thanks for looking at my logs!

 

I also thought I was dealing with a false positive, since AVG didn't spot it. But AVG missed some other things too when the other virus was around, so I wanted to be sure.

 

I checked the properties, and they were indeed from Microsoft. 

 

About submitting it to Anvisoft, how would I do that? And why would I do it.



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:13 PM

Posted 08 December 2013 - 11:53 AM

Send them a message http://www.anvisoft.com/support/ ask them how you can submit the file.

#5 MrSjaakBraak

MrSjaakBraak
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:11:13 PM

Posted 08 December 2013 - 12:08 PM

Ok did that. It'll take 24-48 hours for them to answer.



#6 MrSjaakBraak

MrSjaakBraak
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:11:13 PM

Posted 09 December 2013 - 10:58 AM

This is their answer:

 

''Thank you for contacting Anvisoft. We apologize for any problem caused to you.

 
We get the same request from another customer who sent us the trkwks.dll file.
 
We verify the file and it is confirmed as a false positive. We have exlcuded from our database.
 
Thanks a lot for your support and understanding.
 
Wish you a wonderful day.''
 
So indeed its a false positive :) Anything else we need to do?


#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:13 PM

Posted 09 December 2013 - 11:20 AM

Not unless you have other issues.

#8 MrSjaakBraak

MrSjaakBraak
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:11:13 PM

Posted 09 December 2013 - 12:15 PM

Nope I don't have any issues.

 

Actually I have on last question, what software would you advise for  protection against malware. I was planning on deleting Anvi defender, since I don't think it's really reliable. I do have AVG, and might want to get Malwarebytes. Any advice?



#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:13 PM

Posted 09 December 2013 - 01:44 PM

Avg and Malwarebytes would be good.

Delete Anvi using the Add/Remove Programs.

#10 MrSjaakBraak

MrSjaakBraak
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:11:13 PM

Posted 09 December 2013 - 01:47 PM

Ok great, thanks for your time! Guess this topic can be closed.



#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:13 PM

Posted 09 December 2013 - 02:33 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users