Toshiba Satellite running Win7, Home Premium
Emsisoft (and only Emsisoft...I have paid version of Malwarebytes, too, but it doesn't even pick up this Trojan on a scan) repeatedly blocks attempts by varient tmpXXXX.exe files to connect to remote servers. It generates a new tmp file each time with a different 3 or 4 alphanumeric string.
Here is the log...
C:\ProgramData\Microsoft\Secure\Icons\temp\tmpD0A3.exe detected: Behavior.TrojanDownloader
1 C:\ProgramData\Microsoft\Secure\Icons\temp\tmp46EE.exe detected: Gen:Variant.Graftor.158181 (
2 C:\ProgramData\Microsoft\Secure\Icons\temp\tmp4435.exe detected: Behavior.HiddenInstallation
3 C:\ProgramData\Microsoft\Secure\Icons\temp\tmp9D26.exe detected: Behavior.CodeInjector
4 C:\ProgramData\Microsoft\Secure\Icons\temp\tmp49AD.exe detected: Behavior.CodeInjector
5 C:\ProgramData\Microsoft\Secure\Icons\temp\tmpD3A6.exe detected: Bad reputation
6 C:\ProgramData\Microsoft\Secure\Icons\temp\tmp13B5.exe detected: Bad reputation
7 C:\ProgramData\Microsoft\Secure\Icons\temp\tmp9521.exe detected: Gen:Variant.Strictor.65672 (
8 C:\ProgramData\Microsoft\Secure\Icons\temp\tmpF3E.exe detected: Trojan.GenericKD.1899162 (
9 C:\ProgramData\Microsoft\Secure\Icons\temp\tmpDD15.exe detected: Gen:Variant.Strictor.65765 (
10 C:\ProgramData\Microsoft\Secure\Icons\temp\tmp36EB.exe detected: Behavior.CodeInjector
11 C:\ProgramData\Microsoft\Secure\Icons\temp\tmpCE58.exe detected: Trojan.Agent.BFVR (
12 C:\ProgramData\Microsoft\Secure\Icons\temp\tmp7FF6.exe detected: Trojan.Agent.BFSG (
Emsisoft did find this Trojan once and quarantined it. Now it won't find it again on a full scan but does keep blocking it when it tries to 'phone home'.
Rootkit programs don't find it, either.
Anyone know how to permanently delete this?
Edited by hamluis, 06 October 2014 - 08:46 AM.
Moved from Win 7 to Am I Infected - Hamluis.