Trojan Found!
my bitdefender hs found a suspected trojan, it hasnt deleted or disinfected it, but it has copied it 4 times, it goes in to my quarantine folder where i have deleted it, but it still shows up on every scan i do, its telling me its in my documents and settings/owner/local settings/temporary internet settings..........how do i find it and is my computer still safe?
Comments
-
Post here a scan log
0 -
this log might be better crystal!!!!
//-----------------------------------------------------------------
//
// Product: BitDefender 9 Internet Security
// Version: 9.0
//
// Created on: 11/10/2008 10:20:50
//
//-----------------------------------------------------------------
Virus Statistics
Scan path : C:\
Folders : 3395
Files : 132605
Archives : 1629
Packed files : 6133
Identified viruses : 0
Infected files : 0
Warnings : 0
Suspect files : 4
Disinfected files : 0
Deleted files : 0
Copied files : 4
Moved files : 0
Renamed files : 0
I/O errors : 26
Scan time : 00:38:08
Scan speed (files/sec) : 57
Spyware Statistics
Memory processes scanned : 0
Memory processes infected : 0
Registry keyss scanned : 0
Registry keys infected : 0
Cookies scanned : 0
Cookies infected : 0
Spyware files infected : 0
Spyware threats detected : 0
Virus definitions : 1861634
Scan plugins : 16
Archive plugins : 43
Unpack plugins : 7
Mail plugins : 6
System plugins : 5
Virus scan options
Detection
[X] Scan boot sectors
[X] Scan archives
[X] Scan packed files
[X] Scan email
File mask
[ ] Programs
[X] All files
[ ] User defined extensions:
[ ] Exclude extensions: ;
Action
Infected objects
[ ] Ignore
[X] Disinfect
[ ] Delete
[ ] Copy to quarantine
[ ] Move to quarantine
[ ] Rename
[ ] Prompt user
Second action
[ ] Ignore
[ ] Delete
[ ] Copy to quarantine
[X] Move to quarantine
[ ] Rename
[ ] Prompt user
Virus scan options
[X] Enable warnings
[X] Enable heuristics
[ ] Show all files in log
[X] Report file: C:\Program Files\Softwin\BitDefender9\Logs\aspyscan_1223716850.log
Spyware scan options
[X] Memory Processes
[X] Registry keys
[X] Cookies
Summary:
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0I8BEC5S\8bU6l3B8vP[1].htm Suspect: Trojan.HTML.Zlob.AH
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0I8BEC5S\8bU6l3B8vP[1].htm Copied
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\IZZUE0AM\AAeP9bhJXS[1].htm Suspect: Trojan.HTML.Zlob.AH
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\IZZUE0AM\AAeP9bhJXS[1].htm Copied
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\VWK3AIFO\8bU6l3B8vP[1].htm Suspect: Trojan.HTML.Zlob.AH
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\VWK3AIFO\8bU6l3B8vP[1].htm Copied
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\YXWGIN93\AAeP9bhJXS[1].htm Suspect: Trojan.HTML.Zlob.AH
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\YXWGIN93\AAeP9bhJXS[1].htm Copied0 -
Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.
http://www.atribune.org/ccount/click.php?id=1
Double-click ATF Cleaner.exe to open it
Under Main choose: Select all
Then click the Empty Selected button.
If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program.0 -
hi crystal, i done what you said, it took about 3 seconds and said it had cleaned so many files, but when i done a rescan using my bitdefender, its still finding 4 suspect trojans. anymore suggestions? and is my computer safe as it is?
0 -
Hello hannahboo,
You need to first close your browser. Please press the windows button together with r now type taskmgr press enter. High light the processes tab. Click 1x on the process name column look for entries that are called iexplore.exe,firefox.exe,opera.exe if found left click on it and press on end task. Retry what crysty2k5 said. The problem is that these temporary files are in use by your browser so they couldn't be removed.
Can you please download combofix you will find it here. Print the following instructions and read them carefully. Please post the output of the scan into your next post.
Kind regards,
Niels0 -
hi niels, and thankyou for your first suggestion, i tried what crystal said after closing my browser, but at the end my bit defender popped up again and said suspect trojan, you computer has not been affected, i have been asked by bitdefender to submit this virus to the lab for analysis, as bit defender doesnt know what it is, where does this leave me? when i look in quarantine the virus is in there, but will bitdefender come up with a solution to this? and everytime i clear my browsing history it pops up 8 times. so do you think the combo fix will work? as its a lengthy process and i dont feel confident doing it. i have been advised by some people to just format my hardrive and reinstall windows, do you think this is is a good idea?
0 -
Its never a good idea to format your hard drive. It is a DEAD last resort.
0 -
thanks virus ping for that very informative answer there, i was hoping for a constructive response.
0 -
Hello hannahboo,
The problem here is that BitDefender realtime protection is blocking access to the file. Please reboot your pc into safe mode. To boot in safe mode you need to just reboot but keep pressing the F8 button on your keyboard before you see the windows splash screen. Select safe mode by using the arrows on your keyboard press enter to confirm. Now log in with your user account. Now you can try what crysty2k5 said to do.
Formating a hard disk is like VirusPING said a last resort. I would like that you post a combofix log. That is how I can see were the infection is located and I also can remove them. Combofix can remove some infections by default for the rest somebody need to analysis the logfile. Also I can let you collect the infected files so BitDefender can detect them and remove them from your computer. No security solution can remove all infections. That is impossible.
Kind regards,
Niels0 -
hi niels,
i did the safe mode thing, and tried atf cleaner that way but its still there, and im a novice so doing the combo fix as you suggested is a bit of a challenge to me, i dont feel confident enough, is there anything else i can do? i have submitted the suspect trojan to the bit defender lab, shall i just wait and see what they come up with? and also i would like to state that this trojan came through a link to youtube , in my facebook inbox!!0 -
Please temporarily disable BitDefender realtime protection, add the detected files to a password protected archive, reenable BitDefender and attach the archive to a post on the forum.
0 -
Hello hannahboo,
If you still have that link that would also be very useful. Send me or the virus reseachers a personal message with the link attached.
I would like to see your combofix log so I can see if there is still anything malicious on your computer. What is difficult for you?
Kind regards,
Niels0 -
Hello hannahboo,
If you still have that link that would also be very useful. Send me or the virus reseachers a personal message with the link attached.
I would like to see your combofix log so I can see if there is still anything malicious on your computer. What is difficult for you?
Kind regards,
Niels0 -
A hijackthis log will really help us
http://forum.bitdefender.com/index.php?showtopic=5668
just run it, and press scan and save a log file. Then post the log file here. DO NOT press anything else in hijackthis.0 -
that link wasnt of any use, it just kept sendidng me back to the same page!!!! which do do i need to click on from the three choices below?
external mirror 1(exe)
external mirror 2(exe)
external mirror 3 (zip)0 -
Use the first one !
external mirror 1(exe)0