Help Removing Trojan.heur.tp

After my wife's computer was infected with Antivirus Studio 2010 virus, a scan revealed Trojan.Heur.TP infecting explorer.exe and winlogon.exe (log attached). I wasn't able to disinfect, quarantine or delete the problem. I need to know what to do next.

Also, it won't let me update BitDefender, saying there's a scan process open. When I mouse over the BD icon in the system tray, it says that BD services are not responding.

Thanks...

A E

BitDefender Log File !!!!!

Product : BitDefender Internet Security 2008

Version : BitDefender UIScanner v.11

Log date : 12:55:53 30/10/2010

Log path : C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Profiles\Logs\full_scan\1288468553_1_02.xml

Scan Paths:Path0000: C:\

Path0001: \

Scan Options:Scan for viruses : Yes

Scan for adware : Yes

Scan for spyware : Yes

Scan for applications : Yes

Scan for dialers : Yes

Scan for rootkits : No

Target selection options:Scan registry keys : Yes

Scan cookies : Yes

Scan boot sectors : Yes

Scan memory processes : Yes

Scan archives : No

Scan runtime packers : Yes

Scan emails : Yes

Scan all files : Yes

Heuristic Scan : Yes

Scanned extensions :

Excluded extensions :

Target ProcessingDefault action for infected objects : Disinfect

Default action for suspicious objects : None

Default action for hidden objects : None

Scan engines summaryNumber of virus signatures : 6410672

Archive plugins : 44

Email plugins : 6

Scan plugins : 14

Archive plugins : 44

System plugins : 5

Unpack plugins : 10

Overall scan summaryScanned items : 227426

Infected items : 5

Suspicious items : 0

Resolved items : 1

Individual viruses found : 4

Scanned directories : 19153

Scanned boot sectors : 3

Scanned archives : 314

Input-output errors : 0

Scan time : 00:02:09:14

Files per second : 28

Scanned processes summaryScanned : 52

Infected : 0

Scanned registry keys summaryScanned : 6301

Infected : 2

Scanned cookies summaryScanned : 44

Infected : 0

Remaining issues:Object Name Threat Name Final Status

[system]=]HKEY_CLASSES_ROOT\SHELL\SHELL\EXPLORE\COMMAND\=]C:\WINDOWS\EXPLORER.EXE Gen:Trojan.Heur.TP.@q0@befV7ui No action was possible

C:\WINDOWS\explorer.exe Gen:Trojan.Heur.TP.@q0@befV7ui Move to Quarantine Failed

[system]=]HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\EVENTLOG\APPLICATION\AUTOCHK\EventMessageFile=]C:\WINDOWS\SYSTEM32\WINLOGON.EXE Gen:Trojan.Heur.TP.Em0@bWnxODd No action was possible

C:\WINDOWS\system32\winlogon.exe Gen:Trojan.Heur.TP.Em0@bWnxODd Move to Quarantine Failed

Resolved issues:Object Name Threat Name Final Status

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1\A0000001.exe Gen:Trojan.Heur.TP.Em0@bWnxODd Deleted

Objects that were not scanned:Object Name Reason Final Status

C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\quarantine\Quarantine\20060924032226.zip=]0 Password-Protected No action was possible

C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\quarantine\Quarantine\20060924032226.zip=]1 Password-Protected No action was possible

C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\quarantine\Quarantine\20060924032226.zip=]2 Password-Protected No action was possible

C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\quarantine\Quarantine\20070916174836.zip=]0 Password-Protected No action was possible

C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\quarantine\Quarantine\20070916174836.zip=]1 Password-Protected No action was possible

C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\quarantine\Quarantine\20070916174836.zip=]2 Password-Protected No action was possible

Find more posts tagged with

Comments

Cristi Raducu

Hello there,

Try to upgrade if possible from BitDefender v2008 to v2011 and run a new scan.

http://forum.bitdefender.com/index.php?act...f=190&id=17

dialectical

Hello there,

Try to upgrade if possible from BitDefender v2008 to v2011 and run a new scan.

http://forum.bitdefender.com/index.php?act...f=190&id=17

I have been getting a gen.heur.9 trojan over and over again every day. I upgraded to 2011 Total security and just did my new upgrades today and nothing. The fact that BitDefender also randomly blocks most websites (known problem) is going to be the clincher for me to cancel my free trial I'm afraid. I liked your firewall protection but your forums keep saying to do updates but that isn't helping with the issues.

vidgames

Hello there,

Try to upgrade if possible from BitDefender v2008 to v2011 and run a new scan.

http://forum.bitdefender.com/index.php?act...f=190&id=17

Well, I did as you asked...or tried. To upgrade to v2011, v2008 had to be uninstalled, and when I restarted, the viruses seemed to take over. The machine started with no desktop; long story short, I found explorer.exe gone, tried to replace it and whatever has infected my machine must have a ****** that actively deletes explorer.exe, because it keeps going away. I worked around it by putting explorer.exe into my system under a different name and redirecting to that in the registry, which gets the system where it's usable, but now it seems to be actively blocking the v2011 install (the installer runs and comes up with a "configuration" screen, then the box that asks me to agree to the licence comes up, but then it all shuts down before I check it and click "OK"). I ran your online scanner right before entering this message, and it found/cleaned (apparently) the Trojan.Heur from winlogin.exe, but the installer still won't run. It also documented missing files (wish I had saved the log before I wrote this), but doesn't seem to have been able to fix the issue, so I'm at a loss as to what to do next. I sure wish you guys had been able to help me fix my initial problem or at least had some better solution than upgrading me to a new version, which seems to have left me unprotected and now in a deeper hole in trying to recover my system.

A E

Cristi Raducu

Please send me by PM a sample of:

C:\Windows\Explorer.exe

C:\Windows\System32\winlogon.exe

C:\Program Files\Internet Explorer\iexplore.exe

along with a set of logs:

http://kb.bitdefender.com/site/article/490/

The files cannot be attached on this forum but you can upload them on a site such as www.sendspace.com and send back only the download links.

vidgames

I PM'ed to you URLs for most of the files you requested, with explanations of why other files weren't able to be supplied. Hopefully you can still help me clear this issue.

A E

Please send me by PM a sample of:

C:\Windows\Explorer.exe

C:\Windows\System32\winlogon.exe

C:\Program Files\Internet Explorer\iexplore.exe

along with a set of logs:

http://kb.bitdefender.com/site/article/490/

The files cannot be attached on this forum but you can upload them on a site such as www.sendspace.com and send back only the download links.

Cristi Raducu

Thanks for the files.

Winlogon.exe is infected with Win32.Loader.S and already detected/disinfected by BitDefender.

In this case you need to run a scan using the BitDefender Rescue CD and select DISINFECT on the infected file.

http://kb.bitdefender.com/site/article/627/