cancel
Showing results for 
Search instead for 
Did you mean: 
ConFuzed
Level 7

How to be sure a trojan horse downloader is gone

Up until last week I used AVG Free Anti-virus for scanning my computer. Out of the blue came an alert that I had two trojan horse downloaders (Trojan horse Downloader.Generic10.CEAB) and I immediately had them moved to the virus vault. The following day, I did another scan and another two trojan horse downloader warnings came up (same generic name, different file locations) which I again put in the virus vault. I followed the steps of turning off Restore, scanning, and re-booting the system in safe mode, but as a double precaution I went and got McAfee Total Protection 2011 installed (I removed AVG).

When I ran scans with McAfee two days in a row, nothing came up. My question is, how can I be sure that the trojan horse downloader is gone? I'm wary of checking email and going online as I want to be sure this trojan is gone and not lurking in the background somewhere. Does anyone have any ideas about this?

0 Kudos
5 Replies
sameer172006
Level 12

Re: How to be sure a trojan horse downloader is gone

Hi,



The answer to all the confusions. Please download and install a copy of this tool.


http://www.filehippo.com/download_malwarebytes_anti_malware/



Its the best out there and is free. If your computer is infected, it will removes the nasties, it will give you a clear chit. if you want to have another opinion after that, then try this :-


http://www.surfright.nl/en/downloads/



Cheers

Sameer

0 Kudos
Hayton
Level 17

Re: How to be sure a trojan horse downloader is gone

AVG flags up a lot of false positives, so I'm told. Can you remember what these files were and where they were located?

The interesting part is that AVG flagged them again after detecting them the first time. It may be that there was no infection, and that if McAfee is declaring your system to be free of malware then it really is clean.

Of course, running a scan with Malwarebytes definitely won't do any harm.

0 Kudos
ConFuzed
Level 7

Re: How to be sure a trojan horse downloader is gone

Thank-you both. I will try Malwarebytes like you recommended. I saved the scan results for reference and the file locations were:

C:\Program Files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\common\drivers\com_os\hpzstc07.ex_"

C:\Program Files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\common\drivers\com_os\hpzstc07.ex_:\hpzstc07.ex_"

C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardpsc_21efe\hpzstc07.exe"

C:\System Volume Information\_restore{C95BBE6E-A16E-4B4C-9B3F-F22F99A19D4A}\RP137\A0036733.exe"

0 Kudos
Hayton
Level 17

Re: How to be sure a trojan horse downloader is gone

Well, three of them are HP drivers. These often cause problems with AV programs, which seem to regard them with suspicion. The fourth is part of a saved System Restore, and may be an HP driver with a disguised filename. To be on the safe side you could delete that one System Restore point (as long as you have some others to go back to).

0 Kudos
ConFuzed
Level 7

Re: How to be sure a trojan horse downloader is gone

Thanks again!

0 Kudos