Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32 Trojan Downloader Found By Adaware.


  • Please log in to reply
3 replies to this topic

#1 worried dragon

worried dragon

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:37 AM

Posted 15 September 2006 - 11:14 PM

HI there,

Running XP pro sp2 on a P3 850 with 512ram. XP firewall is functioning and I am also behind a router. My IE privacy tab is set to "prompt" for third party cookies and I block the unwanted ones as they occur (sad but it pleases me. lol).

I noticed the computer "labouring" when I was browsing. I looked in task manager and noticed a higher usage of IEXPLORE.exe than I'd noticed before. I ran Adaware and Spybot, and AVG all with latest defintions and found nothing so I restarted in safe mode and repeated this and Adaware detected and removed a Win32 Trojan downloader. Then I cleared the internet offline files and unessary cookies.

At this point I realised I'd forgotten to set the Tools, View options to show hidden files etc so I did that and re-ran Adaware, Spybot, AVG and Ewido ( which I'd downloaded for good measure) in both normal and safe mode. Nothing found this time.

I ran scandisc and it reported a few minor inconsistancies which it repaired. The computer seems to be a little slower still but I havent as yet defragmented ( which it needs) as I wasnt sure whether it would "hide" any traces of the malware. I installed the latest XP security updates and the monthly malware check made no finds.

Will there be any registry entries ( Adaware removed 1) left behind? If so what do I search for. Also can I be sure the computer is now "clean" or would you recommend further procedures.

Thanks.

:thumbsup:

BC AdBot (Login to Remove)

 


m

#2 worried dragon

worried dragon
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:37 AM

Posted 15 September 2006 - 11:27 PM

Hi again,

I just read in the breaking news that Adaware is giving false positives. I am now using SE1R123 Internal build : 151 so have I just had a false alarm? If so can someone put my mind at rest.

Thanks again.

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,606 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:37 AM

Posted 16 September 2006 - 08:10 AM

Internal build 151 is the latest and was released on 9/14/06 to fix another FP after Lavasoft fixed five others. See here.

If all your subsequent scans found nothing then you should be in good shape. However, you can always run an online scan using Trend Micro Housecall to double check.

Then its time to do some cleaning and defrag which you reported needs to be done. Also read over Slow Computer?, Use this troubleshooting checklist. You may have already done some of the steps but there are more tips.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 worried dragon

worried dragon
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:37 AM

Posted 16 September 2006 - 12:42 PM

Hi there and thanks for your response.

Adaware removed these on the earlier internal build scan:-

WIN32.TROJAN.DOWNLOADER

obj[0]=Regkey : clsid\{48e59293-9880-11cf-9754-00aa00c00908}
obj[1]=Regkey : interface\{48e59291-9880-11cf-9754-00aa00c00908}
obj[2]=Regkey : typelib\{48e59290-9880-11cf-9754-00aa00c00908}

and

DIAREMOVER

obj[0]=Regkey : S-1-5-21-1229272821-436374069-1957994488-1003\software\microsoft\windows\currentversion\ext\stats\{72267f6a-a6f9-11d0-bc94-00c04fb67863}

Should I restore these files as they were false positives?

Thanks.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users