cancel
Showing results for 
Search instead for 
Did you mean: 

How to be sure a trojan horse downloader is gone

Up until last week I used AVG Free Anti-virus for scanning my computer. Out of the blue came an alert that I had two trojan horse downloaders (Trojan horse Downloader.Generic10.CEAB) and I immediately had them moved to the virus vault. The following day, I did another scan and another two trojan horse downloader warnings came up (same generic name, different file locations) which I again put in the virus vault. I followed the steps of turning off Restore, scanning, and re-booting the system in safe mode, but as a double precaution I went and got McAfee Total Protection 2011 installed (I removed AVG).

When I ran scans with McAfee two days in a row, nothing came up. My question is, how can I be sure that the trojan horse downloader is gone? I'm wary of checking email and going online as I want to be sure this trojan is gone and not lurking in the background somewhere. Does anyone have any ideas about this?

5 Replies
Highlighted

Re: How to be sure a trojan horse downloader is gone

Hi,



The answer to all the confusions. Please download and install a copy of this tool.


http://www.filehippo.com/download_malwarebytes_anti_malware/



Its the best out there and is free. If your computer is infected, it will removes the nasties, it will give you a clear chit. if you want to have another opinion after that, then try this :-


http://www.surfright.nl/en/downloads/



Cheers

Sameer

Reliable Contributor Hayton
Reliable Contributor
Report Inappropriate Content
Message 3 of 6

Re: How to be sure a trojan horse downloader is gone

AVG flags up a lot of false positives, so I'm told. Can you remember what these files were and where they were located?

The interesting part is that AVG flagged them again after detecting them the first time. It may be that there was no infection, and that if McAfee is declaring your system to be free of malware then it really is clean.

Of course, running a scan with Malwarebytes definitely won't do any harm.

Re: How to be sure a trojan horse downloader is gone

Thank-you both. I will try Malwarebytes like you recommended. I saved the scan results for reference and the file locations were:

C:\Program Files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\common\drivers\com_os\hpzstc07.ex_"

C:\Program Files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\common\drivers\com_os\hpzstc07.ex_:\hpzstc07.ex_"

C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardpsc_21efe\hpzstc07.exe"

C:\System Volume Information\_restore{C95BBE6E-A16E-4B4C-9B3F-F22F99A19D4A}\RP137\A0036733.exe"

Reliable Contributor Hayton
Reliable Contributor
Report Inappropriate Content
Message 5 of 6

Re: How to be sure a trojan horse downloader is gone

Well, three of them are HP drivers. These often cause problems with AV programs, which seem to regard them with suspicion. The fourth is part of a saved System Restore, and may be an HP driver with a disguised filename. To be on the safe side you could delete that one System Restore point (as long as you have some others to go back to).

Re: How to be sure a trojan horse downloader is gone

Thanks again!

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community