Trojan.******.430611

Windows Vista SP2/BitDefender Internet Security 2009


Today's scan detected 1 threat that affected 1 object


Trojan.******.430611


Locatgion C/Users/My Name/AppData/Local/Micro...olders/Inbox/Shockwave/63396DA7 - 00000001.eml


I could not follow this path and find it.


BitDefender said disinfection failed. There was a drop down box with three options: Take No Action, Delete, Move To Quarantine.


I have no idea what to do so have just left the scan result window open and hope someone will answer me promptly.


I Googled this but nearly all results were in Japanese or German. I checked a couple of them out but found them unclear.


I am doing a scan now with Malwarebytes, and when it is finished will open my Spyware Doctor and scan with that. Would appreciate help, please!


I am uploading 2 screen shots.

post-17054-1273848370_thumb.jpg

post-17054-1273848392_thumb.jpg

Comments

  • Nikilet
    Nikilet ✭✭✭
    edited May 2010

    I did select on the scan result screen to quarantine this item and it also failed. I am attaching another screen shot of a pop up that keeps occurring.

    post-17054-1273849790_thumb.jpg

  • Hello Nikilet,


    As far as I can see, that file is an email from Windows Mail. I assume you are using this email client.


    Also, the realtime alert you attached in the second post states that the detected file has been quarantined. Please check the quarantine to see if the file is there.


    If the file is not in quarantine, please follow these steps:


    • edit Realtime protection settings (Security Center (Advanced) -> Antivirus -> Shield -> Custom) so detected items will just be blocked, not quarantined
    • make sure you have visible all hidden and system files and folders. Follow the steps presented here: http://forum.bitdefender.com/index.php?showtopic=3573
    • when the realtime alert appears again, try to find the file.
    • if you find it, temporarily disable BitDefender Realtime protection, archive that file (potect the archive with the password infected), upload the archive on a file sharing server of your choice (such as www.sendspace.com) and send me the download link by PM.
    • re-enable BitDefender realtime protection


    If you still can't find the file, let me know, so I can give you other advices.


    Cris.

  • Nikilet
    Nikilet ✭✭✭

    On the scan results page, when I checked the option to quarantine it said it failed and there was no possible action. That real time alert popped up several times and then quit. I am attaching screen shot of items I found in quarantine. These items are all dated 5-14.


    This really has me puzzled. I did full scans with Malwarebytes, Spyware Dr. and another with BD and all were clear. But in what I could find about this, it was classified as high risk, steals passwords, account numbers, and it writes a ****** to hide itself so is it really gone???


    I didn't answer before this because I didn't receive notification that I had an responses. I just decided to check in today and found your reply.


    Do you think I am safe in considering this item solved?

    post-17054-1274282057_thumb.jpg

  • Please archive those 4 files and send them to me (upload the archive on a file sharing server and send me the download link by PM).


    Cris.

  • Nikilet
    Nikilet ✭✭✭

    Sorry Cris, I am going to have to have more detailed instructions on this business of archiving, upload on file sharing server, etc. I believe I did this once a long time ago but don't remember anymore.

  • Nikilet
    Nikilet ✭✭✭

    I downloaded 7-Zip to use the last time I was asked to do this, but I didn't go through these archive steps shown in the link you included. I just transferred them to a file and then uploaded them.

  • How to archive a file using a password


    If you don't password-protect the archive, there is a chance that the archive will be blocked/corrupted by different security solutions from the sharing server that you use (or on some other gateway/server that the traffic goes through).


    Please let me know if the above instructions are not clear enough and what exactly is the step that you're having troubles at.


    Cris.

  • Nikilet
    Nikilet ✭✭✭

    I'm probably making a bigger mess than ever. I just right clicked on one of those files, went to 7-Zip, Add to Archive. It appeared to work fine but now where do I find that file????

  • By default, 7Zip creates the archives in the same folder as the archived file. You can change the destination folder by clicking de ”...” button from the upper right corner of the ”Add to archive” window. I suggest creating the archive on the Desktop.


    Cris.

    post-60-1274459463_thumb.png

  • I got the files. I will post back as soon as I have more details.


    Cris.

  • None of those 2 files are currently detected by BitDefender. It might have been a false positive and might have already been removed.


    If you need the .eml file, you can safely restore it. It seems to be a Shockwave newsletter (email from shockwave.com).


    The other file looks very weird, but it doesn't seem to be malicious. However, it's original location is ”Temporary Internet Files”, so it is basically useless to you now. I see no point in restoring it, since it will just be erased in a few days anyway (depending on the browsing history settings from your computer), but it's your choice. If I were you, I'd just delete it directly from quarantine.


    Have a nice day.


    Cris.

  • Nikilet
    Nikilet ✭✭✭

    Thank you Cris. I removed all 4 of those files. But I'm still wondering where they came from and still wondering if this Trojan could have written some kind of ****** to hide itself and still be lurking somewhere.


    I just run my Spyware Doctor on demand, and with none of the intelliguard features enabled, because it interferes with BDIS. If I were to switch to just the BitDefender Virus and Firewall protection, could I then run my Spyware Doctor in the background and with the protection modules enabled? I just don't feel real secure that BDIS' spyware module is that great.


    I am now dealing with two high risk Hidden Files that Spyware Doctor found on today's scan. I'm thinking that if I'd of had SD running and had it's modules enabled it might have stopped these items from ever getting onto my computer in the first place. They are really strange as the description is just a bunch of symbols and gobbly-gook.


    Bye the way, I am NOT receiving notifications when I have a response in the BD forum. It says I am, but I'm not.

  • Thank you Cris. I removed all 4 of those files. But I'm still wondering where they came from and still wondering if this Trojan could have written some kind of ****** to hide itself and still be lurking somewhere.


    As I said, those files were the ones detected with Trojan.******.430611.


    Those files are clean and this detection was probably just a false positive which was already removed. The files were legit, and one was a Shockwave newsletter (to which you are probably subscribed) and the other one was a Temporary Internet File (which are automatically created everytime you visit a webpage).


    I just run my Spyware Doctor on demand, and with none of the intelliguard features enabled, because it interferes with BDIS. If I were to switch to just the BitDefender Virus and Firewall protection, could I then run my Spyware Doctor in the background and with the protection modules enabled? I just don't feel real secure that BDIS' spyware module is that great.


    It's not advised to run multiple security solutions on the same system, especially if they are known to conflict with each other.


    BitDefender Antispyware is updated the same as the virus definitions.


    I am now dealing with two high risk Hidden Files that Spyware Doctor found on today's scan.


    Please post a few details about this detection.


    Bye the way, I am NOT receiving notifications when I have a response in the BD forum. It says I am, but I'm not.


    Thank you for telling us. We will test it to see if there are any problems.


    Cris.

  • Nikilet
    Nikilet ✭✭✭
    edited May 2010

    As to the Hidden Files found by Spyware Doctor, I don't know what I can tell you about them since I couldn't even Google to get some info on them. I will attach a screen shot of the Spyware Doctor finished scan screen so you can see them for yourself. Right now they are in quarantine. I am waiting to hear from tech support about whether I can delete them.


    I have not received notifications of any of these answers you have provided under this topic. I just keep checking back.

    post-17054-1274477368_thumb.jpg

  • Apparently, those folders are legit and are created by SecuROM7. SecuROM7 is a security system used by some games. It's automatically installed with copyrighted material. Basically, it's a system to protect software from piracy.


    As I understand, SecuROM can be uninstalled with a tool from their website: https://support.securom.com/removaltool.html


    However, from my understanding, if your remove SecuROM, protected software might not work anymore until SecuROM is reinstalled (which I have no idea how it's done. Your have to ask the game(s) publisher(s)).


    Also, yesterday evening I set the forum to announce me for new replies on this topic and it worked. Please check to see if:


    - your email address is correct in your profile


    - the forum notifications didn't end up in SPAM or Trash.


    - the notification method is set to "Immediate" (other methods might not send you a notification in certain situations)


    Cris.