Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Trojan Detection on Any Explorer folder or program - HELP!!

Posted on 2004-11-01
25
Medium Priority
?
416 Views
Last Modified: 2010-04-12
I have been dealing with this issue for the last 2 months....

I found that while online, I continuously began receiving a McAfee warning that a trojan has been detected and removed.  I would choose to continue what I was doing.  I then would run a virus scan and it found Backdoor-BDD on my computer.  The problem began to occur like every 10 seconds.  

I then installed the necessary windows updates, as well as office updates and the GDI tool...I ran another virus scan and this time it had found over 200 instances of the trojan and when I tried to delete them about 25 of them were no longer found.  I have and have run Spybot Search and Destroy, Stinger (latest update two weeks ago), and my McAfee virus scan and each time I delete the files. This seemed to fix the problem - for about a couple of days and then I started thinking - it was in Windows - so I turned off System Restore.  That worked for like a month....but I've still noticed only sporadic occurances of the trojan found and removed....but then I started thinking again... I noticed that I only get the messages when I open any Explorer folder or file - such as in My Computer, any navigational folders, any of my Office programs and while in Internet Explorer. Which lately I haven't used - hence the thought that it was fixed.  I need help in trying to remove the script or startup command that's running on open of Explorer items.  Doe anyone have any suggestions???
0
Comment
Question by:AxesWannabee
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 17
  • 8
25 Comments
 
LVL 27

Expert Comment

by:Asta Cu
ID: 12464976
How current is your McAfee program and Virus definition files?  Good you turned off system restore prior to the fixes (back on when clean).  Did you perform deep scanning on all drives?  Did you check the HOSTS file?  Is WindowsUpdate and ALL office updates?  http://www.officeupdate.com to ensure security patches are there?  

More shortly.
0
 
LVL 27

Expert Comment

by:Asta Cu
ID: 12465013
Clear Browser's cache (temp internet files and offline content as well as history) ..... Clear Autocomplete items and ALL cookies you are sure you don't trust/need.

Try AdAware, most current update and configure it to do deep scanning and include the HOSTS file.
For Spybot S&D, most current version, be sure to include the Immunize function (last look blocks 2,344 or so malware/spyware/malicious BHO intrusions).

Get updated HijackThis and scan your system.... then post results to the free analyzer, here:
http://www.hijackthis.de/index.php?langselect=english
http://www.experts-exchange.com/Web/Browser_Issues/Q_21149514.html

Logged in as Admin?  Tried Safe Mode?  

Other possibilities, but feedback for this will help.  There are many variants; so the problem is significant.
0
 
LVL 27

Expert Comment

by:Asta Cu
ID: 12465039
Also, please see this for many of the variants....
http://hq.mcafeeasap.com/dispTrojan.asp?virus_k=126448
0
Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

 

Author Comment

by:AxesWannabee
ID: 12465202
Okay, let's see if I can answer all questions:

My McAfee is virus scan online and it installs all updates as soon as I turn on the computer.  I have installed all windows updates and office updates.  The only program I haven't run is Adaware, which we use at work - I'm in I.T.  So I can try that to include deep scanning and the HOSTS file.

That was an excellent idea for clearing Internet cache, etc...but here's the deal I am using MSN's browser, not IE.  I am fine in the MSN browser - no trojan's detected, etc...it's when I accidently use IE (this is what we use at work) that I get the trojan detection popups.  McAfee's doing it's job, it's just embedded somewhere in my system and I can't find it.  I normally run virus scans and spyware scans once each week.  This week's scan came up completely clean.  I did not run any of the programs in safe mode though...could do that.  I am logged in as Admin - and oh, I forgot I found a few weeks ago when I was trying to download windows update I would get an access is denied....I found that my Admin rights had been altered and I ran subinacl and that fixed that problem (just offering more information to assist in a solution).  I have the Immunize set already on SS&D.  I'm running out of money here....does this Hijack this cost anything?  Hope I didn't leave anything out.
0
 
LVL 27

Expert Comment

by:Asta Cu
ID: 12465236
No, it's free (donations if you wish)...

Did you check the link above and the potential registry keys on variants?
0
 
LVL 27

Expert Comment

by:Asta Cu
ID: 12465243
http://www.majorgeeks.com/download3155.html  HijackThis download, then past log results in the above free analyzer
0
 
LVL 27

Expert Comment

by:Asta Cu
ID: 12465263
If you're running XP SP2.... many added protections...   This is a video well worth seeing.  Also free.
***** This is an excellent link, very informative, and thanks to
Fatal_Exception for showing me this! It includes a step-by-step video about XP SP2 and the new features and configuration option overview. Top Notch!
http://65.24.134.81/KipSolutions/SP2/SP2Overview.htm *****
Free XP SP2 Help and Support
http://support.microsoft.com/oas/default.aspx?gprid=6794 
 

0
 
LVL 27

Expert Comment

by:Asta Cu
ID: 12465270
Re. Spybot S&D --- be sure it's fully updated and get all definition files (updated often) and re-immunize.  For AdAware SE Pro (my choice); also am sure that it's updated and not only do deep scanning and include the HOSTS file, but being overly cautious also look at the 'negligible' items and clean them.
0
 

Author Comment

by:AxesWannabee
ID: 12465345
Okay, I'm going to try to install the Hijack this and attach the log file.  I do have XP SP2 and man, that was an issue in itself...but I finally got it installed.  The SS&D is updated, but I haven't re-immunized.  I'll try that too.  Let's see how it goes....I'll let you know when all is run.
0
 
LVL 27

Expert Comment

by:Asta Cu
ID: 12465356
Please post the log results in the FREE Analyzer service first, and only post here the items that elude you.  They can be HUGE.
0
 
LVL 27

Expert Comment

by:Asta Cu
ID: 12465374
Take the time, when you can, to see the Video I noted above about XP SP2... it is time well spent.  XP SP2 can be a bear to install and understand; but the video gives you great understanding, in my humble opinion.  This can help you avoid many problems down the road.

Back to work; will return when time permits.

Asta
0
 

Author Comment

by:AxesWannabee
ID: 12465447
Okay, I have put the Hijack This log here:
http://www.majorgeeks.com/downloadget.php?id=3155&file=10&evp=3304750663b552982a8baee6434cfc13
Thank you for the help, I'm on to the Adaware and clearing temp files.
0
 
LVL 27

Expert Comment

by:Asta Cu
ID: 12465474
Instead, paste your log in the link below for immediate results....  choose your language, this is English by default.
http://www.hijackthis.de/index.php?langselect=english
0
 

Author Comment

by:AxesWannabee
ID: 12465510
Okay, done...sorry....I was a little confused...
0
 

Author Comment

by:AxesWannabee
ID: 12465539
0
 
LVL 27

Expert Comment

by:Asta Cu
ID: 12465546
Join the club, LOL.  Confused is where I remain when I've been "INVADED" with all the awful intrusions out there.  Please do cut/paste any line items that aren't clear.  Will return when I can.  At work, but will check when time permits.
0
 
LVL 27

Expert Comment

by:Asta Cu
ID: 12465550
After pasting it there, click Analyze and post any items you're not sure about here.
0
 
LVL 27

Expert Comment

by:Asta Cu
ID: 12465572
Tried to view it;;;; not an MSN interface here so a bit confusing to view.
BUT... HijackThis did point to this item
C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe

Something you want and need?
0
 

Author Comment

by:AxesWannabee
ID: 12465640
I have Verizon DSL...which the MSN browser comes with....

I need it if it is a part of the DSL, however, I don't care to have it if it is for tracking me or for demographics info, etc.

Would you like me to send the logfile (notepad) I have if it's easier to view?
0
 
LVL 27

Accepted Solution

by:
Asta Cu earned 500 total points
ID: 12465703
What I'd recommend, since the Guidelines are very clear about keeping all question content within the question thread, is that you revisit the results and look at each entry ... including the 'unknown' processes which "may" or may not be intrusionary.  Also check with WindowsUpdate and MS for any updates.  Don't use Verizon in any form, so tough to help in that regard.  I always am very picky/choosy about what I allow to create cookies and access to my system, having learned from past experience that not all "goodies" and "tools" are free of intrusions.  

I'm swamped with work, but will check back when I can.
0
 
LVL 27

Expert Comment

by:Asta Cu
ID: 12465714
By the way, on the side of caution; I do not install FREEWARE, or 3rd party software and players of tools... again from past experience and try to work with what is delivered in my OS and interfaces and keep the updated with patches and fixes as a matter of course.  I've found that many "freeware" and alternate players out there cause me more grief than benefit, so something else to consider.
0
 
LVL 27

Expert Comment

by:Asta Cu
ID: 12466076
Thanks, about to go to a meeting, saw this response.  If more is needed in this regard, comment and I'll return tomorrow or when time permits.  If I were a Verizon user and had problems and paying for a service, I'd sure go to them to "SAY FIX or ADVISE".

":0) Asta
0
 

Author Comment

by:AxesWannabee
ID: 12466324
Thank you so much astaec...you've fixed a two month problem in a few minutes!!!
0
 
LVL 27

Expert Comment

by:Asta Cu
ID: 12466340
YAY YAY YAY!  I am so pleased, AxesWannabee!  ":0)  Thank you for the good news.

Best wishes to you.  Don't know if you are aware of the new Feedback option next to Expert comments, but they let us know how you feel outside of the question thread if we do "well" or "not".

":0)  Asta
0
 

Author Comment

by:AxesWannabee
ID: 12467342
No...I didn't know that....I'll look for that....
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
This article investigates the question of whether a computer can really be cleaned once it has been infected, and what the best ways of cleaning a computer might be (in this author's opinion).
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…
In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question