• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 488
  • Last Modified:

Trojan Detection on Any Explorer folder or program - HELP!!

I have been dealing with this issue for the last 2 months....

I found that while online, I continuously began receiving a McAfee warning that a trojan has been detected and removed.  I would choose to continue what I was doing.  I then would run a virus scan and it found Backdoor-BDD on my computer.  The problem began to occur like every 10 seconds.  

I then installed the necessary windows updates, as well as office updates and the GDI tool...I ran another virus scan and this time it had found over 200 instances of the trojan and when I tried to delete them about 25 of them were no longer found.  I have and have run Spybot Search and Destroy, Stinger (latest update two weeks ago), and my McAfee virus scan and each time I delete the files. This seemed to fix the problem - for about a couple of days and then I started thinking - it was in Windows - so I turned off System Restore.  That worked for like a month....but I've still noticed only sporadic occurances of the trojan found and removed....but then I started thinking again... I noticed that I only get the messages when I open any Explorer folder or file - such as in My Computer, any navigational folders, any of my Office programs and while in Internet Explorer. Which lately I haven't used - hence the thought that it was fixed.  I need help in trying to remove the script or startup command that's running on open of Explorer items.  Doe anyone have any suggestions???
0
AxesWannabee
Asked:
AxesWannabee
  • 17
  • 8
1 Solution
 
Asta CuCommented:
How current is your McAfee program and Virus definition files?  Good you turned off system restore prior to the fixes (back on when clean).  Did you perform deep scanning on all drives?  Did you check the HOSTS file?  Is WindowsUpdate and ALL office updates?  http://www.officeupdate.com to ensure security patches are there?  

More shortly.
0
 
Asta CuCommented:
Clear Browser's cache (temp internet files and offline content as well as history) ..... Clear Autocomplete items and ALL cookies you are sure you don't trust/need.

Try AdAware, most current update and configure it to do deep scanning and include the HOSTS file.
For Spybot S&D, most current version, be sure to include the Immunize function (last look blocks 2,344 or so malware/spyware/malicious BHO intrusions).

Get updated HijackThis and scan your system.... then post results to the free analyzer, here:
http://www.hijackthis.de/index.php?langselect=english
http://www.experts-exchange.com/Web/Browser_Issues/Q_21149514.html

Logged in as Admin?  Tried Safe Mode?  

Other possibilities, but feedback for this will help.  There are many variants; so the problem is significant.
0
 
Asta CuCommented:
Also, please see this for many of the variants....
http://hq.mcafeeasap.com/dispTrojan.asp?virus_k=126448
0
SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

 
AxesWannabeeAuthor Commented:
Okay, let's see if I can answer all questions:

My McAfee is virus scan online and it installs all updates as soon as I turn on the computer.  I have installed all windows updates and office updates.  The only program I haven't run is Adaware, which we use at work - I'm in I.T.  So I can try that to include deep scanning and the HOSTS file.

That was an excellent idea for clearing Internet cache, etc...but here's the deal I am using MSN's browser, not IE.  I am fine in the MSN browser - no trojan's detected, etc...it's when I accidently use IE (this is what we use at work) that I get the trojan detection popups.  McAfee's doing it's job, it's just embedded somewhere in my system and I can't find it.  I normally run virus scans and spyware scans once each week.  This week's scan came up completely clean.  I did not run any of the programs in safe mode though...could do that.  I am logged in as Admin - and oh, I forgot I found a few weeks ago when I was trying to download windows update I would get an access is denied....I found that my Admin rights had been altered and I ran subinacl and that fixed that problem (just offering more information to assist in a solution).  I have the Immunize set already on SS&D.  I'm running out of money here....does this Hijack this cost anything?  Hope I didn't leave anything out.
0
 
Asta CuCommented:
No, it's free (donations if you wish)...

Did you check the link above and the potential registry keys on variants?
0
 
Asta CuCommented:
http://www.majorgeeks.com/download3155.html  HijackThis download, then past log results in the above free analyzer
0
 
Asta CuCommented:
If you're running XP SP2.... many added protections...   This is a video well worth seeing.  Also free.
***** This is an excellent link, very informative, and thanks to
Fatal_Exception for showing me this! It includes a step-by-step video about XP SP2 and the new features and configuration option overview. Top Notch!
http://65.24.134.81/KipSolutions/SP2/SP2Overview.htm *****
Free XP SP2 Help and Support
http://support.microsoft.com/oas/default.aspx?gprid=6794 
 

0
 
Asta CuCommented:
Re. Spybot S&D --- be sure it's fully updated and get all definition files (updated often) and re-immunize.  For AdAware SE Pro (my choice); also am sure that it's updated and not only do deep scanning and include the HOSTS file, but being overly cautious also look at the 'negligible' items and clean them.
0
 
AxesWannabeeAuthor Commented:
Okay, I'm going to try to install the Hijack this and attach the log file.  I do have XP SP2 and man, that was an issue in itself...but I finally got it installed.  The SS&D is updated, but I haven't re-immunized.  I'll try that too.  Let's see how it goes....I'll let you know when all is run.
0
 
Asta CuCommented:
Please post the log results in the FREE Analyzer service first, and only post here the items that elude you.  They can be HUGE.
0
 
Asta CuCommented:
Take the time, when you can, to see the Video I noted above about XP SP2... it is time well spent.  XP SP2 can be a bear to install and understand; but the video gives you great understanding, in my humble opinion.  This can help you avoid many problems down the road.

Back to work; will return when time permits.

Asta
0
 
AxesWannabeeAuthor Commented:
Okay, I have put the Hijack This log here:
http://www.majorgeeks.com/downloadget.php?id=3155&file=10&evp=3304750663b552982a8baee6434cfc13
Thank you for the help, I'm on to the Adaware and clearing temp files.
0
 
Asta CuCommented:
Instead, paste your log in the link below for immediate results....  choose your language, this is English by default.
http://www.hijackthis.de/index.php?langselect=english
0
 
AxesWannabeeAuthor Commented:
Okay, done...sorry....I was a little confused...
0
 
AxesWannabeeAuthor Commented:
0
 
Asta CuCommented:
Join the club, LOL.  Confused is where I remain when I've been "INVADED" with all the awful intrusions out there.  Please do cut/paste any line items that aren't clear.  Will return when I can.  At work, but will check when time permits.
0
 
Asta CuCommented:
After pasting it there, click Analyze and post any items you're not sure about here.
0
 
Asta CuCommented:
Tried to view it;;;; not an MSN interface here so a bit confusing to view.
BUT... HijackThis did point to this item
C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe

Something you want and need?
0
 
AxesWannabeeAuthor Commented:
I have Verizon DSL...which the MSN browser comes with....

I need it if it is a part of the DSL, however, I don't care to have it if it is for tracking me or for demographics info, etc.

Would you like me to send the logfile (notepad) I have if it's easier to view?
0
 
Asta CuCommented:
What I'd recommend, since the Guidelines are very clear about keeping all question content within the question thread, is that you revisit the results and look at each entry ... including the 'unknown' processes which "may" or may not be intrusionary.  Also check with WindowsUpdate and MS for any updates.  Don't use Verizon in any form, so tough to help in that regard.  I always am very picky/choosy about what I allow to create cookies and access to my system, having learned from past experience that not all "goodies" and "tools" are free of intrusions.  

I'm swamped with work, but will check back when I can.
0
 
Asta CuCommented:
By the way, on the side of caution; I do not install FREEWARE, or 3rd party software and players of tools... again from past experience and try to work with what is delivered in my OS and interfaces and keep the updated with patches and fixes as a matter of course.  I've found that many "freeware" and alternate players out there cause me more grief than benefit, so something else to consider.
0
 
Asta CuCommented:
Thanks, about to go to a meeting, saw this response.  If more is needed in this regard, comment and I'll return tomorrow or when time permits.  If I were a Verizon user and had problems and paying for a service, I'd sure go to them to "SAY FIX or ADVISE".

":0) Asta
0
 
AxesWannabeeAuthor Commented:
Thank you so much astaec...you've fixed a two month problem in a few minutes!!!
0
 
Asta CuCommented:
YAY YAY YAY!  I am so pleased, AxesWannabee!  ":0)  Thank you for the good news.

Best wishes to you.  Don't know if you are aware of the new Feedback option next to Expert comments, but they let us know how you feel outside of the question thread if we do "well" or "not".

":0)  Asta
0
 
AxesWannabeeAuthor Commented:
No...I didn't know that....I'll look for that....
0

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

  • 17
  • 8
Tackle projects and never again get stuck behind a technical roadblock.
Join Now