Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan:Win32/Dynamer!ac


  • Please log in to reply
2 replies to this topic

#1 karajan2008

karajan2008

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:46 AM

Posted 16 February 2016 - 02:57 AM

Hi,

 

I have recently run a full scan with Microsoft Safety scanner, and it has detected one infection Trojan:Win32/Dynamer!ac in the D:\ drive. However, it and Windows defender seems to be unable to remove it. I run Windows 8.1, 64 bit

 

Threat detected: Trojan:Win32/Dynamer!ac
    containerfile://D:\preload\install.wim
    file://D:\preload\install.wim->(Image60765)\Program Files (x86)\WildGames\House of 1000 Doors Family Secrets\HouseOf1000Doors_FamilySecrets-WT.exe->(EXEEmb)->(EXEEmb)
        SigSeq: 0x00002667FBFAA895
        SHA1:   1ae5b96897a94a3bcee5e4b31e5c43dd6afba1c6
 
Extended Scan Removal Results
----------------
Start 'remove' for file://\\?\D:\preload\install.wim->(Image60765)\Program Files (x86)\WildGames\House of 1000 Doors Family Secrets\HouseOf1000Doors_FamilySecrets-WT.exe->(EXEEmb)->(EXEEmb)
Operation failed (code=0x8017), please use a full antivirus product ! !
 
I ran a custom scan on the D:\ drive with Kaspersky Internet Security and it picked up nothing.
 
 
Thanks!

Edited by karajan2008, 16 February 2016 - 03:02 AM.


BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,607 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:46 AM

Posted 16 February 2016 - 08:43 AM

Hi karajan2008 :)

It is indeed a false positive if you ask me. WildGames (WildTangent) are preinstalled on a lot of prebuilt computers and laptops (as part of OEM software). The install.wim file on the D: drive is part of the Windows image that will be used by your system if you decide to do a Factory Reset on it. Therefore, it's safe to leave it be and not pay it any attention.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 SonOfJohn

SonOfJohn

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:46 AM

Posted 04 March 2017 - 09:45 AM

Hello,

 

I found the same thing yesterday on my Windows partition (dual boot with Linux) after installing Windows from a replacement disk from HP... long story.  However, I saw that this Trojan was found in a game in, and also in an image (installation) file for that program.  Defender hung while trying to clear it as you saw as well.  So I manually uninstalled all of the games in the Wild Tangent and HP Games, restarted and re-ran.  Now I have it only in the image.  Since it was a different game in my case, it may be inserted by HP or a packager for their software if they outsourced that.  Someone making a little money on the side.

 

I think the signature matches this trojan because the game developer(s) have a back door (developers are not angels, I'm one) in their code, which can be vast and hide many things.  Best approach, uninstall these games and ignore the match in the image.

 

Best






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users