Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MS EXCEL FILE, AVG: VBA:Downloader-FBO[Trj]


  • Please log in to reply
5 replies to this topic

#1 JohnnyMnemonic

JohnnyMnemonic

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 22 November 2017 - 01:07 PM

hi, i am having trouble with a what looks like a trojan (not sure of terms,  item hidden in an downloaded excel file?)

i down loaded some files for code examples for downloading yahoo and google finance data. (fairly certain one of these files)

 

AVG Threat name:  VBA:Downloader-FBO[Trj]

 

ran MBAR  anti root kit,  MBAM  anti malware, AVG scanner / resident,  each twice,  AVG only catches item after i open EXCEL my file.

 

 

STEPS:

when i open my excel file,  it:  saves on a coded open,  and if hit save right away might save again.

if i make any changes to file then  MSG ERROR:  your changes could not be saved because of a sharing violation.

 

when i open an old file, i can paste code into the workbook once & save, but prefer not to loose the data entry work done by using an old file.  on second save the same errors appear.

 

after hit ok on above MSG ERROR, AVG comes up with the trojan message listed above:  Threat name:  VBA:Downloader-FBO[Trj]

it does not seem that the scanners can find the problem before i operate MS EXCEL.

 

can i get some help on a procedure to remove this problem.  I am willing to run any prescribed steps or scanners..

 

i will be very interested in isolating the source of the problem..  what file it came from / what site.  (if can get that help from what ever scanning of my pc, that we do).

 

i have not used emails much at all, and spent most of day just trying to get logged on here  (not sure if have any other hack or virus problems :)

 

it has been awhile since i reinstalled my system.  USING:  WIN XP SP3  and variety of small free security apps  (spybot teatimer,  private firewall 7,  AVG only recently,  MB anti exploit,  firefox: noscript.

 

i have been up for more than a day..  will return tonight  (your tomorrow morn..) and should have more info on file names & sources.

 

i need to find the offending file, so this does not happen again when i reinstall my system pending now..  (either back to XP pro or WIN 7 pro & office 2010)

am dead in water & have to do this.  thanks in advance.


Edited by hamluis, 22 November 2017 - 01:26 PM.
Moved from XP to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:08 AM

Posted 22 November 2017 - 08:47 PM

Go to the Temp folder and remove

%temp%\­DYIATHUQLCW.exe

Run the BitDfender Online Scanner


Reboot
How is it now?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 JohnnyMnemonic

JohnnyMnemonic
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 24 November 2017 - 02:14 PM

hi,  thanks.  pardon not back sooner (excel still frozen,  been downloading new versions of all apps i need to reinstall pc/ 1 day on that & not half done)

 

summary:  did steps below.  there does not seem to be an online scanner available.  i did an sbsd scan (as below),  and dozens of items were repaired.  i did not see your file anywhere even after whole drive search for:  DYIATHUQLCW.exe    am stuck / stopped here  (none of apps on bit defender would load on my xp pc).

 

-----

 

steps doing:  had done a spybot 1.62 and a few dozen things were repaired.  can paste that later if needed.

xl still frozen,  did a c drive search for file:  ­DYIATHUQLCW.exe and did not find any copies that file.  where is  %temp%\­

start, run,  %temp%\  took me to:  LOCALS~1\temp    but not see that file there

 

funny same item,  i have already downloaded bitdefender av free?  (file name says:  x),  not sure yet if it is an AV.  not installed in place of avg yet..  if not doing till reinstall system.

 

your link for above:  https://www.bitdefender.com/support/how-to-install-the-new-bitdefender-online-scanner-561.html

 

 

from that page,  link takes me to next line,  from:  http://www.bitdefender.com/scanner/online/free.html

takes me to:  https://www.bitdefender.com/toolbox/

 

so,  downloading & using:  bitdefender_homescanner,  failed for having win xp,  checking

https://www.bitdefender.com/support/how-to-install-bitdefender-on-windows-xp-and-windows-vista-1453.html

 

and page has this link:

http://download.bitdefender.com/windows/installer/en-us/xp-vista/bitdefender_isecurity.exe

this install removed my swb  spyware blaster.  and nothing else happening.  trying an install of:  x

 

the above page starts out saying,  install for win xp or vista,  but only install step is:  If you have a Bitdefender subscription.  i can run that app but it does not seem clear that is what should do.

so back to this page..  (for bd av free):  https://www.bitdefender.com/toolbox/    gets file download:  bitdefender online  (assuming that is the av app).  Question i had was if i need to uninstall AVG for this app.  PROBLEM:  brings me back to the same XP page (that does not seem to do anything):  https://www.bitdefender.com/support/how-to-install-bitdefender-on-windows-xp-and-windows-vista-1453.html

 

 

 

 

x  i do not see the app for a free online scanner.  is there a different location?  google: 



#4 JohnnyMnemonic

JohnnyMnemonic
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 24 November 2017 - 04:56 PM

Question:  if i install a new operating system,  does the trojan follow from infected files, or is this malware just part of the operating system;  eradicated when i upgrade?  thanks.

 

serious problem with bitdefender.com not saying what system requirements are,  even for an online scan (if that is even really available),  some links not work, xp app that did find (30d trial, as emergency..) not clearly say it is uninstalling my other apps,  answer:  i don't think so!!  ad scripts plunder? some service problems... tecs dropping my call..



#5 JohnnyMnemonic

JohnnyMnemonic
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 24 November 2017 - 05:11 PM

pardon, i think it is clear that the trojan will follow to the new pc, since i don't know which of the downloaded files contained the problem.



#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:08 AM

Posted 25 November 2017 - 10:45 AM

It is possible from backed up .exe or .bat files.

Try ESET


And finally I'd like us to scan your machine with ESET OnlineScan:
  • It is recommended to turn off your antivirus program. Click on the E5rfZI9.png button to see which antivirus is currently enabled:
c4VVzVO.png
  • Turn off your antivirus program. See here how to do this.
  • Check the option beside: Enable detection of potentially unwanted applications.
  • Now click on Advanced Settings and make sure that the option Clean threats automatically is NOT checked, and select the following:
Enable detection of potentially unsafe applications
Enable detection of suspicious applications
Scan archives
Enable Anti-Stealth Technology
  • Click on the Change button and select only Operating memory, Autostart locations and drive C:\ to be scanned.
yKulboi.jpg
  • Push the dtoGjAL.png button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
8L8IBHJ.png
  • When the scan completes a list of found threats will open automatically (if any malicious files are found).
imxEgHt.png
  • Push thecRhRYZ8.png button and save the file to your desktop using a unique name, such as ESETScan.txt. Include the contents of this report in your next reply.
  • Push Clean Button.
  • Check the box beside RHzfZB1.png to uninstall the application when closed.
  • Push Vc3btaC.png and the close the application clicking the X in upper right corner.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users