Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojans identified in backup files by NAS Box


  • This topic is locked This topic is locked
5 replies to this topic

#1 RawTalent

RawTalent

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:51 PM

Posted 26 January 2015 - 10:31 AM

Hi
 
I have found a number of possible trojans on a Windows 7 64bit PC. I back the PC up weekly and on scanning the backup files on a NAS box have found the trojans. The NAS is a synology with their Antivirus Essential running on it.
 
I have tried ESET & Malwarebytes without them finding the trojans. I have also booted in safe mode and safe mode with networking, again without any luck.
 
I have the file and file paths for the trojans but I am concious of removing them myself as they look like they are buried within Windows files.
 
The files the NAS box scan has found are as follows:
driverquery.exe - Win.Trojan.12387466 - Windows/Winsxs/x86_microsoft-windows driverquery_31bf3856ad364e35_6.1.7600.16385_none_95f912198f65d354d
pcaui.exe - Win.Trojan.12333060 - Windows/winsxs/x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.1.7600.16385_none_81d82fe9c216eb89/pcaui.exe
pcaui.exe - Win.Trojan.12333060 - Windows/System32
driverquery.exe - Win.Trojan.12387466 - WindowsSystem32
pcaui.exe - Win.Trojan.12333060 - Windows/SysWOW64
driverquery.exe - Win.Trojan.12387466 - Windows/SysWOW64
 
Can anyone help with cleaning these up without damaging the system files?
 
Also can anyone shed any light on the names the NAS box search gives them? (Win.Trojan.12387466 for example?!?)
 
Many thanks


BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:12:51 PM

Posted 26 January 2015 - 06:06 PM

hi,

 

The same malware can have multiple names as AV vendors each can come up with a different name. You could browse for each file then upload it to one or two of the sites below for another opinion on what the "Antivirus Essential" is finding. Some of them use the same Av engines

 

http://virusscan.jotti.org/en

https://www.virustotal.com/

http://virscan.org/

 


How Can I Reduce My Risk to Malware?


#3 RawTalent

RawTalent
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:51 PM

Posted 27 January 2015 - 11:21 AM

HI Shelf Life

 

Thanks for the response. The only one to flag as malware was 'ClamAV' when using Jotti.

 

The rest came back as finding nothing.

 

What is the best thing to do going forward based on those results?

 

Many thanks



#4 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:12:51 PM

Posted 27 January 2015 - 09:36 PM

Ok. Your welcome.

I would call it a false positive and not worry about it.


How Can I Reduce My Risk to Malware?


#5 RawTalent

RawTalent
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:51 PM

Posted 28 January 2015 - 04:20 AM

Great, thanks for your help!



#6 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:12:51 PM

Posted 28 January 2015 - 07:14 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users