General discussion
-
Topic
-
Trojan horse BackDoor.Generic_r.EV
LockedThought I’d post this and would appreciate any suggestions:
Re this bug which appeared to hijack browsers yesterday. Viewed in Task Manager when desktop icon was clicked (but not when the tray icon was clicked) and particularly on firefox it ran a very very brief program called sysfade.(???)[didn’t get the extension] during which time the browser instead of appearing to load wasn’t visible and appeared not to have launched at all. After running a full scan using AVG, AVG apparently isolated it and moved it to the Virus Vault giving these details:
“C:\WINDOWS\system32\IMPProcessor.sys”;”Trojan horse BackDoor.Generic_r.EV”;”Moved to Virus Vault”
“C:\WINDOWS\Downloaded Installations\{18ADC5D2-2DE4-4A9C-9D39-8E14444C1233}\Intel Mobile Platform Runtime 1.3.msi:\Data1.cab:\_FDDF201A8E2C6ECF9B114821EFAF4BCE”;”Trojan horse BackDoor.Generic_r.EV”;”Moved to Virus Vault”
“C:\WINDOWS\Downloaded Installations\{18ADC5D2-2DE4-4A9C-9D39-8E14444C1233}\Intel Mobile Platform Runtime 1.3.msi:\Data1.cab:\_7ED41E6B049905FA21E864DB3D58D06E”;”Trojan horse BackDoor.Generic_r.EV”;”Moved to Virus Vault”
“C:\WINDOWS\Downloaded Installations\{18ADC5D2-2DE4-4A9C-9D39-8E14444C1233}\Intel Mobile Platform Runtime 1.3.msi:\Data1.cab”;”Trojan horse BackDoor.Generic_r.EV”;”Moved to Virus Vault”
“C:\WINDOWS\Downloaded Installations\{18ADC5D2-2DE4-4A9C-9D39-8E14444C1233}\Intel Mobile Platform Runtime 1.3.msi”;”Trojan horse BackDoor.Generic_r.EV”;”Moved to Virus Vault”.AVG had not detected anything coming in in sessions prior to 1 June and the problem caused on 1 June occurred immediately after switching on computer and attempting to open internet explorer which opened then hung. (indicative of the bug coming in during a previous session and staying resident after system close down in a previous session)
At the same time the internet network connection dropped out. (noted that after AVG was run with these results and the system closed down and rebooted the network connection was enabled again.)
On closing down the system after the AVG scan (the browser applications were still hanging) the system told me one by one in reverse order to the order in which I had tried to run them that the 5 browsers were still running so each was in this order ended (this appears to indicate that the browser programs were running in some way but halted during launch).
On reboot everything worked fine – as I recall I only visited about three websites: TR, sydney.gumtree.com.au and Wikipedia
All very good and no problems were had.
On startup today (visiting gumtree again) only using IE8 noticed the browser slowed and ran AVG again. The results were as follows:
“C:\System Volume Information\_restore{FBE630FA-4265-4C18-9B38-DA497DC71CB3}\RP57\A0028502.sys”;”Trojan horse BackDoor.Generic_r.EV”;”Moved to Virus Vault”
“C:\System Volume Information\_restore{FBE630FA-4265-4C18-9B38-DA497DC71CB3}\RP57\A0028501.msi:\Data1.cab:\_FDDF201A8E2C6ECF9B114821EFAF4BCE”;”Trojan horse BackDoor.Generic_r.EV”;”Moved to Virus Vault”
“C:\System Volume Information\_restore{FBE630FA-4265-4C18-9B38-DA497DC71CB3}\RP57\A0028501.msi:\Data1.cab:\_7ED41E6B049905FA21E864DB3D58D06E”;”Trojan horse BackDoor.Generic_r.EV”;”Moved to Virus Vault”
“C:\System Volume Information\_restore{FBE630FA-4265-4C18-9B38-DA497DC71CB3}\RP57\A0028501.msi:\Data1.cab”;”Trojan horse BackDoor.Generic_r.EV”;”Moved to Virus Vault”
“C:\System Volume Information\_restore{FBE630FA-4265-4C18-9B38-DA497DC71CB3}\RP57\A0028501.msi”;”Trojan horse BackDoor.Generic_r.EV”;”Moved to Virus Vault”again exactly five instances of what appears to be the same bug which appeared to hijack browsers last evening.
Regards,
