Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

trojan Dropper.Generic9.slv claims another victim


  • Please log in to reply
3 replies to this topic

#1 alittlehelp

alittlehelp

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Local time:12:14 AM

Posted 04 February 2014 - 06:00 PM

While closing out Firefox 26.0 after a visit to FB, I recently experienced a threat warning from AVG 2014 (free) alerting me that it has detected a virus, 'Trojan horse Dropper.Generic9.SLV', associated with "TFC.exe". I allowed AVG to seize and quarentine the infection and preceeded to run a additional scans with Kaspersy TDSS killer, Eset online scanner, Malwarebytes, SAS, Mbar AntiRoot, AdwCleaner and JRT. All these subsequent scans reported back _clean_. A few hours later- another AVG alert, reported two additional threats of 'Trogan horse Dropper.Generic9.SLV' which compromised two restore points : 'c;\System Volume Information\_restore{ F1B82C3E-2851-4FDE-9535-3479AAE956FF}\RP1132\A0139508.exe and (the same sequence but) ending in " "\A0139573.exe. 

 

The almost exact occrance I experienced is currently being addressed on another topic- here: http://www.bleepingcomputer.com/forums/t/522653/trojan-horse-droppergeneric9slv-infection/ . However, unlike the other member, I have not experienced any browser hijacks, redirections or P2P compromises - That is, at least to the best of my limited knowlege.

 

Rather than follow along with the practices prefomed specifically to the aforementioned thread/topic I was hoping I could get some support to help assure  that I am not infected by some remaining stealth threat that has been left undetected.

 

As always Thanks in advance for your  help, patience and knowlege.



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:14 AM

Posted 04 February 2014 - 08:16 PM

Hello ,it is possible that AVG is seeing the infection in the Restore point and is unable to clean it. Antivirus tools cannot access that area. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can re-infect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

For XP,Vista and WIN7

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup
  • to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically. Vista and Windows 7 users can refer to these links:
  • Create a New Restore Point in Vista
  • Create a New Restore Point in Windows 7 (alternate method)
  • Disk Cleanup in Vista
  • Disk Cleanup in Windows 7
  • ◾Reboot and see how it is.

Edited by boopme, 04 February 2014 - 08:16 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 alittlehelp

alittlehelp
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Local time:12:14 AM

Posted 05 February 2014 - 10:22 AM

Hey, Thank you Boopme.

 

Very important. I had forgotten about doing that.

 

I haven't had any trouble with the pc since this recent occurrence. However the mere mention of P2P (in the other thread I mentioned), has got me thinking more about potential security breeches via open ports. Again, not that I have any evidence that this is happening on my pc; Having relied on my firewall and router for securiyty, I've never run a port scan or tested for any holes. There's lots of info on the web for online port testing - kowing which ones you can trust is another matter. Any advice on this matter or trusted tools you can recommend for testing ports?

 

Thanks agin.



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:14 AM

Posted 05 February 2014 - 08:12 PM

Hello again.. try this app Free Port Scanner 3.3

But if you need to know about the posts and scan results ask in Networking as they are better than I with that.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users