cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted

New Trojan, worm

As of yeaterday I have Trojan.Win.32Agent.azsy, Bloodhound.PDF, worm SillyFDC.BAZ, in their various permutations.
My System is Microsoft Windows XP
Version 2002
Professional
Service Pack 3
Dell Inspiron 9400
Genuine Intel (R) CPU
T2250@1.73 GHz
1.73 GHz.1.00GB of RAM
I have what I believe to be the most recent version of the McAfee Security Suite through my broadband internet provider, Comcast.com
On the Comcast Security Window, under View recent events. I have, 30 times since May 20 at 15:44:36 System Guards have allowed a one-tine change to your computer. Details: Spyware, adware, etc., can make registry and file changes to the Shared Task Scheduler, allowing.....
Rule type: File
Process:C:\Program Files\Google\Common\GoogleUpdaterService.exe
Process description:gusvc
Process publisher: Google
I ran McAfee scan: Items scanned 107392
Items detected 0
" repaired 0
" quarantined 0
I ran the McAfee Virtual Technician, and got the message: McAfee Virtual Technician not found.
This is my first post so I don't know whether I have provided too much or too little information. I am obviously not a techie; can anyone help me?
Thanks
11 Replies
Highlighted
Level 7
Report Inappropriate Content
Message 2 of 12

RE: New Trojan, worm

For as far as I know there is no Windows XP 2002 version ...

What makes you think that you have Trojan.Win.32Agent.azsy, Bloodhound.PDF, worm SillyFDC.BAZ ? Such information would be helpful.

Can you check the logs again and see if there is any reference to these things ? Check the detection log. I have a non-English version, so I'm not sure about the exact words: double left-click on the securitycenter in the task bar at the bottom of the screen, advanced menu, reports and logs (?), click on view logfile, and check especially the detection log. Do you see those infections you mentioned, and what is the status (repaired, quarantined etc.) ?

GoogleUpdaterService.exe seems to be legitimate, designed to update Google software. Which does not preclude that it (in the folder) is malware/infected software.

Do you have (or had) other security software installed ? Perhaps a rogue security program ?

That thing about the Virtual Technician seems weird.

If you think you may still be infected, I suggest a scan by free MBAM and SAS, perhaps in safe mode.

You can also try some other online scans, like Kaspersky etc.
Highlighted
Level 7
Report Inappropriate Content
Message 3 of 12

Virus infection.

Hi,

McAfee Antivirus will not allow any program to run without the users concern. If the user has given the permission with ignorance, McAfee Antivirus will let the user know that the program is indented to perform some registry creation or registry deletion. If someone uses your user account without the knowledge of you and allows permission to any malicious program, it will run. If there are more than one antivirus software installed in the computer, both of them may fail to detect any infection. This is because; one antivirus may block the files and processes of the other antivirus. Also, there are some antivirus software which give fake alerts for the purpose of advertisement. Some of them may invite infection to the computer. In such cases, other antivirus software will say that there is no infection in the computer.

Once the virus start working, it may block the files and processes of antivirus program. So the antivirus program may not be able to find and delete the infections. In such cases, we need to seek some other means to get rid of viruses. In your case, you can contact McAfee virus removal team to make your computer free from viruses. They have dedicated tools to find and delete the infections.
Highlighted

Trojan, worm

What makes me think I have these problems is that I keep getting warning messages to this effect in the lower right corner of the screen. If I click to block it, I get the Personal Antivirus pop-up to download and pay for their software. Now I am gun shy about downloading anything. This happened in one of those quick click events when I was on ebay. Since you recommend it, I will try the Kaspersky scan.
Do you mean that these messages can just be nuisances, and I might not really have any of these corruptors on my computer?
Also, if there is an invader, is it safe to connect my iPod to the computer?
Thank you.
Highlighted
Level 7
Report Inappropriate Content
Message 5 of 12

RE: Trojan, worm



I'm not familiar with Comcast, I'll presume the layout is the same as with regular McAfee software.

Please read this entire paragraph before taking action.
You keep getting these warnings. And it's called 'Personal Antivirus'. And it wants your money !
I'm pretty sure you're infected with a rogue antivirus/antimalware program (see http://en.wikipedia.org/wiki/Rogue_software or http://www.virusbtn.com/resources/glossary/rogue_antimalware.xml)
I googled 'Personal Antivirus', and came up with this link : http://www.bleepingcomputer.com/virus-removal/remove-personal-antivirus
It states how to remove the rogue antivirus, but of course it's possible that this is a different rogue and you need something else to remove it. Anyway, in the link it says you can remove it with free MBAM. Sometimes a scan in 'safe mode' is necessary.
And about GOOGLEUPDATERSERVICE.EXE: I can't preclude it's legitimate (I found a reference about it being necessary to update Google software). But better safe than sorry.
From a reputable source: http://www.prevx.com/filenames/X23782725182610846-X1/GOOGLEUPDATERSERVICE.EXE.html
I think the Prevx software is free for detection, but if you want it to remove an infection it isn't. I wouldn't recommend using an infected computer to pay with your credit card, so you'd have to use a different computer for that.
So, the SystemGuards (I presume they are set to log, and not log and alert?) have allowed certain changes 30 times ! This suggests your system may be heavily infected.
I don't know how you got it. Perhaps you clicked on the wrong thing (a malicious ad?) during that Ebay thing.
There a few ways to deal with this.
1: If your computer is seriously infected you can never be 100 % certain after malware removal that the computer is clean, even if it appears clean. Whether you need that 100 % or not is up to you. You can back up your data, boot with your Windows XP CD (make sure that the BIOS checks the CD drive first at (re)boot, reformat (and remove any partitions you find), reinstall Windows, drivers, update software (Microsoft update etc.), install and configure your software, scan the data you've backed up and restore the data if clean. Just make sure you know how to do this before you begin.
2: Have a paid specialist (NOT McAfee!) clean your computer.
3: Go to a forum like www.bleepingcomputer.com and ask for help. This should be free.
4: Do it yourself: my suggestion: first a scan with free MBAM and SAS, possibly in safe mode if necessary, then download the Prevx software to scan for infections. If Prevx detects something (free) you'll have to pay before Prevx can remove the infections.
You can also try an online scan by Kaspersky or another reputable AV (I don't think removal is always free, not sure) before you try Prevx. But you may (not sure) have to disable McAfee first before performing an online scan by a different AV, which may not be a good idea if you are infected. Prevx isn't expensive.
My suggestion about Kaspersky probably wasn't that good, but I didn't have the information that I have now.
You can also try http://www.freedrweb.com/cureit/ (you may have to disable McAfee's active protection, not sure), or even beter: http://www.freedrweb.com/livecd/
Highlighted

RE: Trojan, worm



Thank you for your time, expertise, and patience. I know when I'm in over my head. I'll bring it to my computer guru. If he can't fix it, maybe I'll have to make a pilgrimage to Lourdes....
Again, Thank you.
Highlighted

RE: Trojan, worm

Riddlez mentioned scanning with MBAM and SAS and as I assumed nobody knew what that meant I posted the actual links to the software. It's easy to download and run and should preclude the necessity of recruiting a computer guru.

There are other measures too that are free.
Highlighted
Level 11
Report Inappropriate Content
Message 8 of 12

RE: Trojan, worm

Hello,

Were you able to fix your issue? The virus names you mentioned came from multiple AV vendors (based on naming conventions). This might have just been fake alerts. Please let us know if you've been able to solve this issue.
Highlighted
Level 7
Report Inappropriate Content
Message 9 of 12

RE: Trojan, worm

(pardon:- for suggesting to contact Virus Removal Team to remove the infections)
Hi,
sorry for the mistake that I have done.
I just forgot that its a free support. I am really sorry for my mistake.






Regards,
Gireesh
Highlighted

RE: Trojan, worm

Gireesh, that's OK and thanks for trying to help.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community