4 Replies Latest reply on Feb 2, 2010 3:32 PM by Lorimaz

    Recurring trojan detections - What do I do?

      Hello, I've recently come into a... problem, I guess.

       

      I'm running VirusScan Enterprise (ver. 8.5i), and it's successfully updated with the recent DAT files and whatnot.

      Every day (since January 29th) I've been running full scans my computer, after I was alerted by my system that a trojan had been detected.

      Now, the first day there was quite a few different files picked up by the full scan including:

      Generic PWS.y! (with various b - - combinations following)

      Generic.dx! (with various combinations following)

      PWS-Banker!eld

      Generic Obuscated.d

      FakeAlert-FQ & FakeAlert-KS

       

      These files were detected in Documents & Settings temp folder, as well as User temp folder.

      They were all successfully quarantined, though it worried me when a fake antivirus program tried to run itself the day after, or download something.  I hastily force shutdown my computer, loaded it back up, and ran a full scan, no more such problems have occured yet.

      Coming to today, now, it seems to always pick up anywhere from 5 to 10 Generic PWS trojan files (nothing else), so I was wondering, is there anything I can do to stop these files?  Performance-wise, my computer doesn't seem to act any different, but it still worries me with the problem that had just occured a day before, and the fact that it keeps detecting potential password-stealing trojans...

      I'm a bit new at working with anything on the computer, so please let me know if there's more I need to explain to help clarify the subject or anything!

       

      Thanks!

        • 1. Re: Recurring trojan detections - What do I do?

          Hi!

           

          What do you mean by "fake antivirus tried to run"? Was it already on your computer, or did it pop-up on one of the websites you were browsing?

           

          Does your VirusScan pick the same files every time, in quarantined location? Then you should delete them. Or are you getting new infections all the time?

          That would suggest some dangerous browsing. Do you have McAfee SiteAdvisor installed?

           

          Thanks,

          Irene

          1 of 1 people found this helpful
          • 2. Re: Recurring trojan detections - What do I do?

            I'm pretty sure it was while I had my school homepage up, maybe my email up in another tab, but a small error message popped up (including misspells, which kind of tipped me off that it was fake), and trying to close out of it just made it open a new (blank) page in Firefox and started to upload something.

             

            As for the scans, it only picked up one new Generic PWS and one new Generic.dx! file on the 1st, but found about 4 other files that it had detected a few days ago and quarantined.  And... you mentioned to delete them, I'm guess you mean go into the quarantined section of the VirusScan and delete each file it had detected? (As in, just having the files quarantined doesn't stop them from functioning or something...?) And I'll make sure to install McAfee SiteAdvisor later, I'm just responding from a library computer between classes, and I'll get back to my laptop at home later.

             

            Sorry again if I'm just not understanding something correctly, I usually have friends who help explain computer-related troubles.

            • 3. Re: Recurring trojan detections - What do I do?

              Hi!

               

              Quarantined files are prevented from functioning, no worries here. If they are picked again in subsequent scans, you can go into VirusScan Console and right-click on Quarantine Manager Policy.

               

              You can configure how long you want the files to stay in quarantine before being deleted, and you can also see the name of the folder and delete the files from there.

               

              From your description, FakeAlert probably didn't have time to install on your machine, but just for your peace of mind, let's run FakeAlert stinger:

               

              http://download.nai.com/products/mcafee-avert/fakealertstinger.exe

               

              Hope that helps,

               

              Irene

              • 4. Re: Recurring trojan detections - What do I do?

                Okay, will do, thanks a ton, you've been very helpful!