cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
shelley3
Level 7
Report Inappropriate Content
Message 1 of 6

Trojan and PUPS...help Please!

HI,
I just scanned my PC (windows XP SP3) and found that I had the same trojan (ServU-Daemon) in 2 unwanted/unimportant folders as well as 2 in the system voume information with a long list of letters and numbers. My PC quarantined them. Now what I did was remove/deleted the 2 folders(which are still in my recycle bin-just in case) which I didn't need anyway and disabled System restore to help with the trojan srtuck in the sytem volume information. My question is, did I do the right thing as well as I am not sure if all this will help since these files are in fact quarantined. Should I go ahead and delete these files and be ok with the disabling of the sytem restore? Will these trojans still disapear if they are in quarantine? Or, do I have to unquarantine them and then delete and try disabling sytem restore again. I know that at some point I will proably have to scan in safe mode?????
Help, please,if someone can.... I am not sure what to do or if I already did the right thing.
Thanks and have a great day!

Shelley
5 Replies
melboy
Level 7
Report Inappropriate Content
Message 2 of 6

RE: Trojan and PUPS...help Please!

Leave the files Quarantined.
Re-enable System restore.

Download Malwarebytes ' Anti-Malware at Here or Here Double-click on mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick Scan, then click Scan.
* The scan may take some time to finish, so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to restart (see Extra Note below).
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Post the log in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


What were the 2 folders you deleted? Where were they located?
shelley3
Level 7
Report Inappropriate Content
Message 3 of 6

Thanks for your response..

Hi Melboy,
Thanks for your reply! The 2 files were located in C:\questionable programs and games (that I didn't open and downloaded a long time ago from the internet). The 2 folders are now in my recycle bin...should I restore or delete them? The others (system volume )are still quarantined.
I already have Spybot Search and Destroy as well as Adaware. Should I now scan with those? Is downloading a new program the only answer? Is there another way? If not, let me know... if you say it is the only way, I will do it.Can you tell me if they were removed since McAfee did quarantine them and then I deleted and disabled sytem restore and then renabled. I am not sure at this point that I want to download another program (since I already have Spybot and Adaware).....sigh. Also, shoould I restore the folders that I put in the recycle bin, or is it ok to delete them?
Help, thanks!
Shelley
melboy
Level 7
Report Inappropriate Content
Message 4 of 6

RE: Thanks for your response..

Whenever your having problems with your pc, or any of your defences throws up a detection, i would make scanning with any other programs you have installed your first port of call. Some programs catch things that others miss.
Whilst Adaware and Spybot are good programs (i use spybot myself for certain things), many experts put more faith in more "up to the minute" programs such as MBAM (and SAS).

If you or the Administrator of the pc has not knowingly installed ServU-Daemon then it should be removed. The nature of the program is that it can allow remote access to your pc. If you have been "hacked" then ultimately a format/re-install may be required.

To locate the quarantined items, just open Security Center by double-clicking the taskbar "M".
Click "Advanced Menu" at bottom left
Click Restore at left. The quarantined items can then be dealt with there.


You may want to post a HijackThis log on one of the forums on Ex_Brits post here, so an expert can analyze your system and help choose what's best for you. (all this is free, by the way)

If there is nothing important to you in those folders (games etc), then delete them.
shelley3
Level 7
Report Inappropriate Content
Message 5 of 6

ok thanks Melboy

Ok thanks Melboy,
I really appreciate your response! I might try that tomorrow(hopefully) and get back to you. Just clarify for me one thing that I ma still not sure of... if I deleted the folder say, will it delete the quarantined items that were in it ? May sound like a dumb question but I am not very good at these things.
Thanks again,
Shelley
melboy
Level 7
Report Inappropriate Content
Message 6 of 6

RE: ok thanks Melboy

Nothing is a dumb question if you don't know the answer! 😉

Deleting the folders won't delete the files if mcafee is holding them in quarantine. They need to be deleted (removed , not restored) from the quarantine area. Whilst they are in quarantine they can do you no harm. It is always better to let an item reside in quarantine for a while in case it is a false positive, which can then be restored. If the file turns out to be genuinely malicious then it can be deleted for good.

System restore (SR) holds copies of your files (good and bad) in it. If you had a bad file which you deleted but had already been copied to system restore and then at some point you did a restore, that file would be re-instated and you would become infected again. That is why disabling, re-booting and re-enabling gets rid of the (copies of) bad files because it "flushes" the system, turning off system restore and re-booting empties the system volume\restore folder, The bad (and good) files are gone and when you re-enable SR, files for restore purposes are created again. That is why it is better to wait to disable/reboot/enable system restore when your clean rather than when you are infected. If an expert is cleaning your system, in case something goes wrong, it is better to have an infected restore point than none at all.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community