Trojan Detection on Any Explorer folder or program - HELP!!

I have been dealing with this issue for the last 2 months....

I found that while online, I continuously began receiving a McAfee warning that a trojan has been detected and removed.  I would choose to continue what I was doing.  I then would run a virus scan and it found Backdoor-BDD on my computer.  The problem began to occur like every 10 seconds.  

I then installed the necessary windows updates, as well as office updates and the GDI tool...I ran another virus scan and this time it had found over 200 instances of the trojan and when I tried to delete them about 25 of them were no longer found.  I have and have run Spybot Search and Destroy, Stinger (latest update two weeks ago), and my McAfee virus scan and each time I delete the files. This seemed to fix the problem - for about a couple of days and then I started thinking - it was in Windows - so I turned off System Restore.  That worked for like a month....but I've still noticed only sporadic occurances of the trojan found and removed....but then I started thinking again... I noticed that I only get the messages when I open any Explorer folder or file - such as in My Computer, any navigational folders, any of my Office programs and while in Internet Explorer. Which lately I haven't used - hence the thought that it was fixed.  I need help in trying to remove the script or startup command that's running on open of Explorer items.  Doe anyone have any suggestions???
AxesWannabeeAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Asta CuTechnical consultant & graphic designCommented:
How current is your McAfee program and Virus definition files?  Good you turned off system restore prior to the fixes (back on when clean).  Did you perform deep scanning on all drives?  Did you check the HOSTS file?  Is WindowsUpdate and ALL office updates?  http://www.officeupdate.com to ensure security patches are there?  

More shortly.
0
Asta CuTechnical consultant & graphic designCommented:
Clear Browser's cache (temp internet files and offline content as well as history) ..... Clear Autocomplete items and ALL cookies you are sure you don't trust/need.

Try AdAware, most current update and configure it to do deep scanning and include the HOSTS file.
For Spybot S&D, most current version, be sure to include the Immunize function (last look blocks 2,344 or so malware/spyware/malicious BHO intrusions).

Get updated HijackThis and scan your system.... then post results to the free analyzer, here:
http://www.hijackthis.de/index.php?langselect=english
http://www.experts-exchange.com/Web/Browser_Issues/Q_21149514.html

Logged in as Admin?  Tried Safe Mode?  

Other possibilities, but feedback for this will help.  There are many variants; so the problem is significant.
0
Asta CuTechnical consultant & graphic designCommented:
Also, please see this for many of the variants....
http://hq.mcafeeasap.com/dispTrojan.asp?virus_k=126448
0
What were the top attacks of Q1 2018?

The Threat Lab team analyzes data from WatchGuard’s Firebox Feed, internal and partner threat intelligence, and a research honeynet, to provide insightful analysis about the top threats on the Internet. Check out our Q1 2018 report for smart, practical security advice today!

AxesWannabeeAuthor Commented:
Okay, let's see if I can answer all questions:

My McAfee is virus scan online and it installs all updates as soon as I turn on the computer.  I have installed all windows updates and office updates.  The only program I haven't run is Adaware, which we use at work - I'm in I.T.  So I can try that to include deep scanning and the HOSTS file.

That was an excellent idea for clearing Internet cache, etc...but here's the deal I am using MSN's browser, not IE.  I am fine in the MSN browser - no trojan's detected, etc...it's when I accidently use IE (this is what we use at work) that I get the trojan detection popups.  McAfee's doing it's job, it's just embedded somewhere in my system and I can't find it.  I normally run virus scans and spyware scans once each week.  This week's scan came up completely clean.  I did not run any of the programs in safe mode though...could do that.  I am logged in as Admin - and oh, I forgot I found a few weeks ago when I was trying to download windows update I would get an access is denied....I found that my Admin rights had been altered and I ran subinacl and that fixed that problem (just offering more information to assist in a solution).  I have the Immunize set already on SS&D.  I'm running out of money here....does this Hijack this cost anything?  Hope I didn't leave anything out.
0
Asta CuTechnical consultant & graphic designCommented:
No, it's free (donations if you wish)...

Did you check the link above and the potential registry keys on variants?
0
Asta CuTechnical consultant & graphic designCommented:
http://www.majorgeeks.com/download3155.html  HijackThis download, then past log results in the above free analyzer
0
Asta CuTechnical consultant & graphic designCommented:
If you're running XP SP2.... many added protections...   This is a video well worth seeing.  Also free.
***** This is an excellent link, very informative, and thanks to
Fatal_Exception for showing me this! It includes a step-by-step video about XP SP2 and the new features and configuration option overview. Top Notch!
http://65.24.134.81/KipSolutions/SP2/SP2Overview.htm *****
Free XP SP2 Help and Support
http://support.microsoft.com/oas/default.aspx?gprid=6794 
 

0
Asta CuTechnical consultant & graphic designCommented:
Re. Spybot S&D --- be sure it's fully updated and get all definition files (updated often) and re-immunize.  For AdAware SE Pro (my choice); also am sure that it's updated and not only do deep scanning and include the HOSTS file, but being overly cautious also look at the 'negligible' items and clean them.
0
AxesWannabeeAuthor Commented:
Okay, I'm going to try to install the Hijack this and attach the log file.  I do have XP SP2 and man, that was an issue in itself...but I finally got it installed.  The SS&D is updated, but I haven't re-immunized.  I'll try that too.  Let's see how it goes....I'll let you know when all is run.
0
Asta CuTechnical consultant & graphic designCommented:
Please post the log results in the FREE Analyzer service first, and only post here the items that elude you.  They can be HUGE.
0
Asta CuTechnical consultant & graphic designCommented:
Take the time, when you can, to see the Video I noted above about XP SP2... it is time well spent.  XP SP2 can be a bear to install and understand; but the video gives you great understanding, in my humble opinion.  This can help you avoid many problems down the road.

Back to work; will return when time permits.

Asta
0
AxesWannabeeAuthor Commented:
Okay, I have put the Hijack This log here:
http://www.majorgeeks.com/downloadget.php?id=3155&file=10&evp=3304750663b552982a8baee6434cfc13
Thank you for the help, I'm on to the Adaware and clearing temp files.
0
Asta CuTechnical consultant & graphic designCommented:
Instead, paste your log in the link below for immediate results....  choose your language, this is English by default.
http://www.hijackthis.de/index.php?langselect=english
0
AxesWannabeeAuthor Commented:
Okay, done...sorry....I was a little confused...
0
AxesWannabeeAuthor Commented:
0
Asta CuTechnical consultant & graphic designCommented:
Join the club, LOL.  Confused is where I remain when I've been "INVADED" with all the awful intrusions out there.  Please do cut/paste any line items that aren't clear.  Will return when I can.  At work, but will check when time permits.
0
Asta CuTechnical consultant & graphic designCommented:
After pasting it there, click Analyze and post any items you're not sure about here.
0
Asta CuTechnical consultant & graphic designCommented:
Tried to view it;;;; not an MSN interface here so a bit confusing to view.
BUT... HijackThis did point to this item
C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe

Something you want and need?
0
AxesWannabeeAuthor Commented:
I have Verizon DSL...which the MSN browser comes with....

I need it if it is a part of the DSL, however, I don't care to have it if it is for tracking me or for demographics info, etc.

Would you like me to send the logfile (notepad) I have if it's easier to view?
0
Asta CuTechnical consultant & graphic designCommented:
What I'd recommend, since the Guidelines are very clear about keeping all question content within the question thread, is that you revisit the results and look at each entry ... including the 'unknown' processes which "may" or may not be intrusionary.  Also check with WindowsUpdate and MS for any updates.  Don't use Verizon in any form, so tough to help in that regard.  I always am very picky/choosy about what I allow to create cookies and access to my system, having learned from past experience that not all "goodies" and "tools" are free of intrusions.  

I'm swamped with work, but will check back when I can.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Asta CuTechnical consultant & graphic designCommented:
By the way, on the side of caution; I do not install FREEWARE, or 3rd party software and players of tools... again from past experience and try to work with what is delivered in my OS and interfaces and keep the updated with patches and fixes as a matter of course.  I've found that many "freeware" and alternate players out there cause me more grief than benefit, so something else to consider.
0
Asta CuTechnical consultant & graphic designCommented:
Thanks, about to go to a meeting, saw this response.  If more is needed in this regard, comment and I'll return tomorrow or when time permits.  If I were a Verizon user and had problems and paying for a service, I'd sure go to them to "SAY FIX or ADVISE".

":0) Asta
0
AxesWannabeeAuthor Commented:
Thank you so much astaec...you've fixed a two month problem in a few minutes!!!
0
Asta CuTechnical consultant & graphic designCommented:
YAY YAY YAY!  I am so pleased, AxesWannabee!  ":0)  Thank you for the good news.

Best wishes to you.  Don't know if you are aware of the new Feedback option next to Expert comments, but they let us know how you feel outside of the question thread if we do "well" or "not".

":0)  Asta
0
AxesWannabeeAuthor Commented:
No...I didn't know that....I'll look for that....
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Vulnerabilities

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.