Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32/ursnif!generic Trojan


  • Please log in to reply
4 replies to this topic

#1 Aran

Aran

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Okinawa, Japan
  • Local time:03:45 AM

Posted 03 December 2006 - 09:36 PM

Using PC Tools Spyware Doctor and Registry Mechanic, I was notified that there was high risk files in my registry. Attempts to remove the suspect files has been useless. My Norton Anti-virus subscription is up to date but the 'gol durn thing sez all is good. I wasn't too concerned, but on a lark I scanned using an internet based tool and THEY said I was infected with Win32/Ursnif!generic Trojan. I use this computer for everything and now I'm choking on my coffee and worried about some clown out there trying to access my bank. I don't know what to do next. ACK! :thumbsup:

BC AdBot (Login to Remove)

 


#2 fozzie

fozzie

    aut viam inveniam aut faciam


  • Members
  • 3,516 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ossendrecht/The Netherlands
  • Local time:07:45 PM

Posted 04 December 2006 - 04:10 AM

Did youy try This online scan?

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,749 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:45 PM

Posted 04 December 2006 - 01:19 PM

etrust detects this trojan so I suggest you also perform an online scan using eTrust Antivirus Web Scanner. <- "Cure" whatever is found, manually delete what it can't cure.
Be sure to read the eTrust Antivirus Scanner Help Guide before scanning.

Keyloggers and backdoor Trojans can be dangerours. When infected by either of them you should disconnect the computer from the Internet until your system is cleaned. If your computer was used for online banking or has credit card information on it, all passwords should be changed immediately. You should consider them to be compromised. I suggest you change them by using a different computer and not the infected one. Banking and credit card institutions should be notified of the possible security breech. Because your computer was compromised please read How to report ID theft, fraud, drive-by installs, hijacking and malware.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 Aran

Aran
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Okinawa, Japan
  • Local time:03:45 AM

Posted 06 December 2006 - 07:02 AM

Thanks for the link. It identified the Trojan file @ C:/Windows/scvc.exe. The online scanner could not fix the problem. I disconnected from the web, restarted in safe mode, manually deleted the file and re-ran spyware doctor and registry mechanic. I deleted the problems they identified. I restarted my windowsXp normally with the master CD standing by incase of boot problems. I re-ran the spy ware and registry tools and they came up clean. I've run firewalls and anti-virus since I went on-line and this is the first already residing infection I've had. This incident may cost Symantec my subscription to Norton firewall/antivirus.
Thank You again!
All the Best
Alan

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,749 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:45 PM

Posted 06 December 2006 - 09:13 AM

Your welcome.

Now that your system is clean you should SET A NEW RESTORE POINT to prevent reinfection from an old restore point. Any malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to set a new RESTORE POINT:
1. Go to Start > Programs > Accessories > System Tools and click "System Restore".
2. Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
3. Then go to Start > Run and type: Cleanmgr
4. Click "OK".
5. Click the "More Options" Tab.
6. Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

Then to protect yourself against malware and reduce the potential for re-infection, read:
"Malware Prevention - Preventing Re-infection".
"Simple and easy ways to keep your computer safe".
"The Ten Most Dangerous Things Users Do Online".
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users