All Clean
Have run a full scan twice since my last post. Have also run Malwarebytes and Spybot S&
- All clean is the result from all of these.
Well Smeggy only had a problem
Because of a client who insisted on opening a Phony E-Mail.
Some people are just click happy and do not look.
Anyway hopefully now it's all finished I only went over there on Wednesday to return the computer, then again on Thursday to reset something to the way that the user wanted it and finally 2 times last Friday to play with the Spam Filter and get it back to the way that it was set before she infected the computer.
Hopefully it's all finished now and I will not be getting a phone call First Thing Monday. I've been trying to kill myself by attempting to catch up with my real work ever since I landed this job. :_|
The way things are going here I'll be glad when 1272 finally comes to a end. Things just have to get better latter on when we get around 1998. I hope.
Col
Trojan horse BackDoor.Generic_r.EV
Re this bug which appeared to hijack browsers yesterday. Viewed in Task Manager when desktop icon was clicked (but not when the tray icon was clicked) and particularly on firefox it ran a very very brief program called sysfade.(???)[didn't get the extension] during which time the browser instead of appearing to load wasn't visible and appeared not to have launched at all. After running a full scan using AVG, AVG apparently isolated it and moved it to the Virus Vault giving these details:
"C:\WINDOWS\system32\IMPProcessor.sys";"Trojan horse BackDoor.Generic_r.EV";"Moved to Virus Vault"
"C:\WINDOWS\Downloaded Installations\{18ADC5D2-2DE4-4A9C-9D39-8E14444C1233}\Intel Mobile Platform Runtime 1.3.msi:\Data1.cab:\_FDDF201A8E2C6ECF9B114821EFAF4BCE";"Trojan horse BackDoor.Generic_r.EV";"Moved to Virus Vault"
"C:\WINDOWS\Downloaded Installations\{18ADC5D2-2DE4-4A9C-9D39-8E14444C1233}\Intel Mobile Platform Runtime 1.3.msi:\Data1.cab:\_7ED41E6B049905FA21E864DB3D58D06E";"Trojan horse BackDoor.Generic_r.EV";"Moved to Virus Vault"
"C:\WINDOWS\Downloaded Installations\{18ADC5D2-2DE4-4A9C-9D39-8E14444C1233}\Intel Mobile Platform Runtime 1.3.msi:\Data1.cab";"Trojan horse BackDoor.Generic_r.EV";"Moved to Virus Vault"
"C:\WINDOWS\Downloaded Installations\{18ADC5D2-2DE4-4A9C-9D39-8E14444C1233}\Intel Mobile Platform Runtime 1.3.msi";"Trojan horse BackDoor.Generic_r.EV";"Moved to Virus Vault".
AVG had not detected anything coming in in sessions prior to 1 June and the problem caused on 1 June occurred immediately after switching on computer and attempting to open internet explorer which opened then hung. (indicative of the bug coming in during a previous session and staying resident after system close down in a previous session)
At the same time the internet network connection dropped out. (noted that after AVG was run with these results and the system closed down and rebooted the network connection was enabled again.)
On closing down the system after the AVG scan (the browser applications were still hanging) the system told me one by one in reverse order to the order in which I had tried to run them that the 5 browsers were still running so each was in this order ended (this appears to indicate that the browser programs were running in some way but halted during launch).
On reboot everything worked fine - as I recall I only visited about three websites: TR, sydney.gumtree.com.au and Wikipedia
All very good and no problems were had.
On startup today (visiting gumtree again) only using IE8 noticed the browser slowed and ran AVG again. The results were as follows:
"C:\System Volume Information\_restore{FBE630FA-4265-4C18-9B38-DA497DC71CB3}\RP57\A0028502.sys";"Trojan horse BackDoor.Generic_r.EV";"Moved to Virus Vault"
"C:\System Volume Information\_restore{FBE630FA-4265-4C18-9B38-DA497DC71CB3}\RP57\A0028501.msi:\Data1.cab:\_FDDF201A8E2C6ECF9B114821EFAF4BCE";"Trojan horse BackDoor.Generic_r.EV";"Moved to Virus Vault"
"C:\System Volume Information\_restore{FBE630FA-4265-4C18-9B38-DA497DC71CB3}\RP57\A0028501.msi:\Data1.cab:\_7ED41E6B049905FA21E864DB3D58D06E";"Trojan horse BackDoor.Generic_r.EV";"Moved to Virus Vault"
"C:\System Volume Information\_restore{FBE630FA-4265-4C18-9B38-DA497DC71CB3}\RP57\A0028501.msi:\Data1.cab";"Trojan horse BackDoor.Generic_r.EV";"Moved to Virus Vault"
"C:\System Volume Information\_restore{FBE630FA-4265-4C18-9B38-DA497DC71CB3}\RP57\A0028501.msi";"Trojan horse BackDoor.Generic_r.EV";"Moved to Virus Vault"
again exactly five instances of what appears to be the same bug which appeared to hijack browsers last evening.
Regards,
This conversation is currently closed to new comments.