1 2 Previous Next 16 Replies Latest reply: Mar 12, 2009 6:02 AM by paullotion RSS

    trojan removal

      McAfee's on access scan detects trojans that it classifies as either a generic downloader, a downloader-BKA, or a Vundo.gen.ab. On access scan claims to delete these but they keep reappearing. I have run full system scans with the latest version of Malwarebytes, windows defender, spybot search and destroy, vundofix and McAfee on demand scan. None of these programs detect anything.
      How do I get rid of this and get it to stop reappearing?
        • 1. RE: trojan removal
          paullotion
          Hello

          Which files are being detected, please post the full file paths of each.
          • 2. RE: trojan removal
            sorry I took so long.
            the files detected recently are as follows:
            74vrbga8.exe in c:\documents and settings\stoycho\localsettings\temp detected as vundo.gen.ab
            H322HWFT.EXE in c:\documents and settings\stoycho\localsettings\temp detected as downloader-BKA
            h322hwfT.exe in c:\documents and settings\stoycho\localsettings\temp\h322hwfT.exe\h322hwfT.exe detected as downloader-BKA
            • 3. RE: trojan removal
              paullotion
              post edited
              • 4. RE: trojan removal
                It says it was deleted successfully
                If this is just clearing the temp file I've already deleted everything in there... I'm not quite sure what makes this come back but I don't think it's in the temp file
                • 5. RE: trojan removal
                  paullotion
                  Click start> run> type(or copy/paste command)into box

                  "c:\documents and settings\stoycho\localsettings\temp"

                  Open the temp folder, are those files still present?
                  • 6. RE: trojan removal
                    is there any significance to the fact that the application listed in McAfee's on access scan messages is: for the vundo.gen.ab C:\Program Files\Windows Defender\MsMpEng.exe and for the downloaders C:\Program Files\Java\jre6\bin\jusched.exe?
                    looking at this leads me to believe that this might be some kind of a false positive given by some auto updates...?
                    • 7. RE: trojan removal


                      I did that before posting on this forum, the files are not present, McAfee says it deleted them. I also simply highlighted and deleted everything in that folder.
                      • 8. RE: trojan removal
                        The message just reappeared, the only differences are the file names. Since installing windows defender the problem has been compounded by the fact that windows defender also detects the vundo.gen.ab and prompts me to delete it. When I select yes there appears to be some interference between the two programs because McAfee stops working for a brief amount of time (I am notified of this by windows security center).
                        • 9. RE: trojan removal
                          paullotion
                          Are you saying that these files:

                           

                          C:\Program Files\Windows Defender\MsMpEng.exe
                          C:\Program Files\Java\jre6\bin\jusched.exe



                          Are also infected?

                           

                          When I select yes there appears to be some interference between the two programs because McAfee stops working for a brief amount of time (I am notified of this by windows security center).



                          Are you saying windows security centre is telling you that you are infected?
                          1 2 Previous Next