Trojan.heur.FU.xxx

My boyfriend uses my PC for college, and he installed a copy of Adobe CS6 that a friend had given him. After installing CS6, he noticed the computer running much slower than normal, and often times freezing up to the point where the only method of shutting down was to press and hold the power button. Whenever I used my PC for my own personal use, this was also the case.

At the time of this happening, Microsoft Security Essentials (free) was installed and running, but apparently picked up on nothing. I decided to download and install BitDefender and run it. It had found the trojan.heur.FU variant, and would freeze. I rebooted into Safe Mode with Networking, and retried a scan, of which it found it again. My options were to quarantine or delete, so I decided to delete. It could not cure or neutralize it. After deleting it, I rebooted my system and a chkdsk ran (of which I had the option to interrupt and stop from happening, but I let it continue). After chkdsk ran, it booted into Windows again, and I noticed the same freezing and having to shut down using the power button method mentioned above.
I decided to read on some forums, and several mentioned downloading Malwarebytes Anti-Malware, and running it. I should state that Malwarebytes NEVER found anything in quick scan mode, ONLY in full scan mode, of which it would freeze up.

Next was to try TDSSkiller, so I downloaded and ran that. I did this, following instructions on a different site other than yours (this was before finding your site), that mentioned if a cure option was available, to use it. There was NO cure option available, so I was advised to skip it. It had found 2 suspicious objects, both of which were tagged "MSI" related objects. I should note my PC is an MSI GE60. I wondered at this point if the trojan has decided to make system files falsely detected as suspicious in an event to get me to delete important system files that would render my PC useless.
I decided (probably stupidly) that I'd try a system restore. This completed successfully, and then I immediately installed Malwarebytes Anti-Malware again. There was no change in how Malwarebytes performed... still no threats found on quick scan, but it did freeze up immediately after detecting suspicious objects on a full scan (2 to be exact). So I decided to run TDSSkiller again, and it detected the objects again, and there was no cure option so I skipped it and searched the web for what else to try. I found your site, but then decided it was enough for one day and I'd come back the next day to go through the README and RUN sections before making my initial post. I shut down my PC.

The next morning when I turned on my PC, during the boot stage (where the windows logo is waving slowly on a black background with the text "starting windows"), an update occured, and several things were installed... I've never seen this happen before in this way. All windows updates always occured during shutdown or during startup while configuring... but always with the background being light blue... never during the boot up process itself... so I wondered if the trojan was back and updating itself... ?

Needless to say, I ran through all of your downloads, installs, and followed each guide for running the individual programs accordingly.

Here are the results for each program run:

RogueKiller: Ran without incident, and finished.

Malwarebytes Anti-Malware: On "quick scan", found no threats. (Still freezes up on a "full scan" though, immediately after finding 2 suspicious objects.

TDSSkiller: Finds two threats related to my computer brand (MSI), as suspicious objects.

HitmanPro: Found a file that it wanted to upload to the cloud to inspect further. File was D:/Games/GuildWars2/Guildwars2, then finished without incident and no threats or traces found.

MGTools: Ran without incident.

I also want to say thank you to those of you that take the time to read all of our logs and try to help us with these issues, it must be time consuming and tedious, but it does not go unappreciated. I look forward to hearing from you, and await instructions for the next step.

 

Tim,

Thanks for taking a look at the logs. I did have BitDefender installed prior to removing it, but it was freezing up or it would take more than 48 hours to complete a full scan. Also, it wasn't allowing me to perform some of the software runs required for making my previous post when it was installed, and I couldn't see a way of disabling it, even when going to their forums. Apparently BitDefender Internet Security 2013 is supposed to work with MalwareBytes AntiMalware light, or something... without the need to disable it?

Anyway... I'll take this thread over to the software forums after performing the clean up steps you've reminded me of, and thanks again for your help. I'll also reinstall BitDefender.