General discussion

Locked

Trojan horse BackDoor.Generic_r.EV

By bodonnell11 ·
Thought I'd post this and would appreciate any suggestions:

Re this bug which appeared to hijack browsers yesterday. Viewed in Task Manager when desktop icon was clicked (but not when the tray icon was clicked) and particularly on firefox it ran a very very brief program called sysfade.(???)[didn't get the extension] during which time the browser instead of appearing to load wasn't visible and appeared not to have launched at all. After running a full scan using AVG, AVG apparently isolated it and moved it to the Virus Vault giving these details:

"C:\WINDOWS\system32\IMPProcessor.sys";"Trojan horse BackDoor.Generic_r.EV";"Moved to Virus Vault"
"C:\WINDOWS\Downloaded Installations\{18ADC5D2-2DE4-4A9C-9D39-8E14444C1233}\Intel Mobile Platform Runtime 1.3.msi:\Data1.cab:\_FDDF201A8E2C6ECF9B114821EFAF4BCE";"Trojan horse BackDoor.Generic_r.EV";"Moved to Virus Vault"
"C:\WINDOWS\Downloaded Installations\{18ADC5D2-2DE4-4A9C-9D39-8E14444C1233}\Intel Mobile Platform Runtime 1.3.msi:\Data1.cab:\_7ED41E6B049905FA21E864DB3D58D06E";"Trojan horse BackDoor.Generic_r.EV";"Moved to Virus Vault"
"C:\WINDOWS\Downloaded Installations\{18ADC5D2-2DE4-4A9C-9D39-8E14444C1233}\Intel Mobile Platform Runtime 1.3.msi:\Data1.cab";"Trojan horse BackDoor.Generic_r.EV";"Moved to Virus Vault"
"C:\WINDOWS\Downloaded Installations\{18ADC5D2-2DE4-4A9C-9D39-8E14444C1233}\Intel Mobile Platform Runtime 1.3.msi";"Trojan horse BackDoor.Generic_r.EV";"Moved to Virus Vault".

AVG had not detected anything coming in in sessions prior to 1 June and the problem caused on 1 June occurred immediately after switching on computer and attempting to open internet explorer which opened then hung. (indicative of the bug coming in during a previous session and staying resident after system close down in a previous session)

At the same time the internet network connection dropped out. (noted that after AVG was run with these results and the system closed down and rebooted the network connection was enabled again.)

On closing down the system after the AVG scan (the browser applications were still hanging) the system told me one by one in reverse order to the order in which I had tried to run them that the 5 browsers were still running so each was in this order ended (this appears to indicate that the browser programs were running in some way but halted during launch).

On reboot everything worked fine - as I recall I only visited about three websites: TR, sydney.gumtree.com.au and Wikipedia

All very good and no problems were had.

On startup today (visiting gumtree again) only using IE8 noticed the browser slowed and ran AVG again. The results were as follows:

"C:\System Volume Information\_restore{FBE630FA-4265-4C18-9B38-DA497DC71CB3}\RP57\A0028502.sys";"Trojan horse BackDoor.Generic_r.EV";"Moved to Virus Vault"
"C:\System Volume Information\_restore{FBE630FA-4265-4C18-9B38-DA497DC71CB3}\RP57\A0028501.msi:\Data1.cab:\_FDDF201A8E2C6ECF9B114821EFAF4BCE";"Trojan horse BackDoor.Generic_r.EV";"Moved to Virus Vault"
"C:\System Volume Information\_restore{FBE630FA-4265-4C18-9B38-DA497DC71CB3}\RP57\A0028501.msi:\Data1.cab:\_7ED41E6B049905FA21E864DB3D58D06E";"Trojan horse BackDoor.Generic_r.EV";"Moved to Virus Vault"
"C:\System Volume Information\_restore{FBE630FA-4265-4C18-9B38-DA497DC71CB3}\RP57\A0028501.msi:\Data1.cab";"Trojan horse BackDoor.Generic_r.EV";"Moved to Virus Vault"
"C:\System Volume Information\_restore{FBE630FA-4265-4C18-9B38-DA497DC71CB3}\RP57\A0028501.msi";"Trojan horse BackDoor.Generic_r.EV";"Moved to Virus Vault"

again exactly five instances of what appears to be the same bug which appeared to hijack browsers last evening.

Regards,

This conversation is currently closed to new comments.

9 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Sounds like

by The 'G-Man.' In reply to Trojan horse BackDoor.Gen ...

system restore copied the virus. Suggest you clear that as well.

http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.aspx

Collapse -

All Clean

by bodonnell11 In reply to Trojan horse BackDoor.Gen ...

Have run a full scan twice since my last post. Have also run Malwarebytes and Spybot S&amp - All clean is the result from all of these.

Collapse -

Oh Smeg, I hear, has had similar trouble

by bodonnell11 In reply to All Clean

Yes, his trouble started on 1 June also - haven't heard from him since.

Collapse -

Oh Smeg

by santeewelding In reply to Oh Smeg, I hear, has had ...

They would dare?

No way.

Collapse -

Apparently so!

by bodonnell11 In reply to Oh Smeg

Last email I had from him was that he was battling the same kind of demon. Hasn't answered the phone since.

Collapse -

Say it ain't so

by santeewelding In reply to Apparently so!

What, then, awaits the rest of us?

Collapse -

Oh - wouldn't they

by bodonnell11 In reply to Oh Smeg

Be careful - you don't know that you're not next - Have known Oh Smeg now since 1993 so - if he's got a problem - it's a problem!

Collapse -

Oh, shilt.

by santeewelding In reply to Oh - wouldn't they
Collapse -

Well Smeggy only had a problem

by HAL 9000 Moderator In reply to Oh Smeg, I hear, has had ...

Because of a client who insisted on opening a Phony E-Mail.

Some people are just click happy and do not look.

Anyway hopefully now it's all finished I only went over there on Wednesday to return the computer, then again on Thursday to reset something to the way that the user wanted it and finally 2 times last Friday to play with the Spam Filter and get it back to the way that it was set before she infected the computer.

Hopefully it's all finished now and I will not be getting a phone call First Thing Monday. I've been trying to kill myself by attempting to catch up with my real work ever since I landed this job. :_|

The way things are going here I'll be glad when 1272 finally comes to a end. Things just have to get better latter on when we get around 1998. I hope.

Col

Back to Browser Forum
9 total posts (Page 1 of 1)  

Related Discussions

Related Forums