Suspected Trojan - Need Advice (completed both Read and Run Me and Vista Cleaning)

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by rahudso2, Aug 1, 2009.

  1. rahudso2

    rahudso2 Private E-2

    Hi guys,

    A couple of weeks ago AVG Free Resident Sheild told me it had detected a threat which it had blocked. At first I didn't think anything of it, then the next time I used my machine it said the same. This happened a few more times until I noticed that it was triggered by opening windows live mail. I re-installed WLM but the threat kept being found whenever I opened the program. I updated and ran a few programs myself (Malwarebytes, AdAware, AVG etc.) but I couldn't shift the problem, so I did a bit of research and worked through the Malware Run and Read Me guide and the Vista Cleaning procedure.

    Sadly the problem is still here - every time I open WLM AVG pops up with a threat detected and blocked. It only happens when I open WLM. Everything else on my machine is running fine.

    Please find attached Malwarebytes, Combofix, RootRepel and MGlogs. SUPERAntiSpyware found nothing - I can post the log if you want.

    Thank you in advance for any help.
     

    Attached Files:

    rahudso2, Aug 1, 2009
    #1
  2. dr.moriarty

    dr.moriarty Malware Super Sleuth Staff Member

    Re: Suspected Trojan - Need Advice (completed both Read and Run Me and Vista Cleaning

    Welcome to MajorGeeks!

    I am currently reviewing your logs and will get back to you with a set of instructions as soon as possible. Our queue is working the oldest threads first.

    Thanks for your patience.
    dr.m
     
    dr.moriarty, Aug 3, 2009
    #2
  3. dr.moriarty

    dr.moriarty Malware Super Sleuth Staff Member

    Re: Suspected Trojan - Need Advice (completed both Read and Run Me and Vista Cleaning

    Hello, rahud02

    Please tell me specifically what AVG is detecting.

    Step 1:
    Please look in Add/Remove Programs for the following and uninstall if found. If you get any errors just make a note and proceed
    Step 2:
    Now install the latest Sun Java Runtime Environment

    dr.m
     
    dr.moriarty, Aug 11, 2009
    #3
  4. rahudso2

    rahudso2 Private E-2

    Re: Suspected Trojan - Need Advice (completed both Read and Run Me and Vista Cleaning

    Hi dr.m

    Thank you for your response :)

    I have attached a screen shot of the threat. AVG is currently configured to remove all threats automatically.

    I have worked through Step 1: and Step 2: as instructed.
     

    Attached Files:

    rahudso2, Aug 12, 2009
    #4
  5. dr.moriarty

    dr.moriarty Malware Super Sleuth Staff Member

    Re: Suspected Trojan - Need Advice (completed both Read and Run Me and Vista Cleaning

    Hello, rahudso2

    That cookie is not really a problem - it's often found when I do scans or run CCleaner. You will read about cookies when you review the link to "How to Protect yourself from malware".
    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /u
        • Notes: The space between the combofix" and the /u, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
    3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    4. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Go to add/remove programs and uninstall HijackThis.
    6. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
    7. If you are running Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures in step 3 the READ ME for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    8. After doing the above, you should work thru the below link:

    Safe surfing! [​IMG]
     
    dr.moriarty, Aug 12, 2009
    #5
  6. rahudso2

    rahudso2 Private E-2

    Re: Suspected Trojan - Need Advice (completed both Read and Run Me and Vista Cleaning

    Hi again dr.m,

    Sorry to drag this on...

    I began working through your instructions but have had numerous other warnings appear from AVG, some of which are attached.

    It appears that whenever I am surfing (or doing something where I have to connect, such as use windows live mail) cookies are constantly being found. I have cleared my cookies in both IE and Firefox, both using the automatic options and manually, yet they are still being found all the time - almost by the minute. I have even tried blocking some cookies, but they are still being flagged up by AVG (how is that possible??)

    Whatever this problem is, there is a lot more to it than just the atdmt cookie I mentioned earlier.

    If you could help shed any light on what might be causing this I would be very greatful.

    Thank you
     
    rahudso2, Aug 12, 2009
    #6
  7. rahudso2

    rahudso2 Private E-2

    Re: Suspected Trojan - Need Advice (completed both Read and Run Me and Vista Cleaning

    Oops - forgot to attach the screen shots - please find attached

    I know the cookies may not necesserily be a problem per se, but they are being found almost every minute I am online, which never used to happen
     

    Attached Files:

    rahudso2, Aug 12, 2009
    #7
  8. dr.moriarty

    dr.moriarty Malware Super Sleuth Staff Member

    Re: Suspected Trojan - Need Advice (completed both Read and Run Me and Vista Cleaning

    *You may want to disable AVG's Resident Shield from scanning cookies [open (U)ser(I)nterface, double-click Resident Shield, uncheck "Scan for Tracking Cookies".]
     
    dr.moriarty, Aug 12, 2009
    #8
  9. rahudso2

    rahudso2 Private E-2

    Re: Suspected Trojan - Need Advice (completed both Read and Run Me and Vista Cleaning

    Hi dr.m,

    In the end I uninstalled windows live mail and internet explorer. This isn't a perfect fix but it solves the problem - these were the only two pieces of software which the issue related to; by removing them the problem has gone. For what they perform they wouldn't exactly be my first choice of program anyway, so it's no great loss.

    I've ben looking into this and it's quite a common problem - Google "AVG Cookies" and you can see tons of other people who have experienced this.

    I guess the problem lies somewhere with AVG or Microsoft (I know which one I would put my money on ;))

    Thanks a lot for your help anyway.

    Regards

    Richard
     
    rahudso2, Aug 13, 2009
    #9
  10. dr.moriarty

    dr.moriarty Malware Super Sleuth Staff Member

    Re: Suspected Trojan - Need Advice (completed both Read and Run Me and Vista Cleaning

    Hello, Richard
    You're Welcome!
    This annoyance is also happening with the Mozilla Firefox browser... so that rules out Microsoft. :-D

    dr.m
     
    dr.moriarty, Aug 13, 2009
    #10

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds