4 Replies Latest reply on May 26, 2014 5:13 PM by Hayton

    Trojan Detected

    edmo

      Has anybody have any tips what to do when a continuous message comes up "Trojan Detected, McAfee detected an infected file on your PC. Restart your PC so we can fix it." keeps poping up. How do you stop it!

        • 1. Re: Trojan Detected
          Peacekeeper

          Is anything showing up in the quarantined listing? ie navigation Quarantined and trusted items.

           

          I would be interested in a name and folder it is found in.

           

          Delete all your internet temp files and windows temp files use windows disk cleanup utility for that.

           

          Run some of the free scanners I link to in my signature. With getsusp ensure you add your email address to its preferences so  Mcafee can contact you and with malwarebytes do not install the premium trial version just the free one.

           

          Moved to Malware forum

           

          Message was edited by: Peacekeeper on 26/05/14 7:01:33 PM
          • 2. Re: Trojan Detected
            edmo

            Thanks Peacekeeper

             

            Scanned with Windows Defender,  found the virus - Trojan Download:win32/kuluoz.D  

             

            Sorry couldnt see the whole file name.

             

            Is there a reason this was not picked up?

             

            Cheers from Down Under Edmo

            • 3. Re: Trojan Detected
              Peacekeeper

              It probabbly recognised it as a trojan but had not seen it before. Would have been nice to get a copy so Mcafee could add it to its detection. At least it is clean hopefully now.

              • 4. Re: Trojan Detected
                Hayton

                It's a Trojan downloader. That means it only runs if you allow it, usually by clicking on a link. In this case it may have been a link in an email (the usual means of infection for that family of malware). McAfee detected it and quarantined it. It kept on coming back because it created a registry entry to re-create itself even after it had been deleted. The danger with this Trojan is that it downloads other things - and uploads information to a remote server. You should run a full scan to check for any other programs that this downloader has installed.

                 

                For general information :

                http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Win 32/Kuluoz

                 

                For this specific variant :

                http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?name=TRO JANDOWNLOADER:WIN32/KULUOZ.D

                 

                 

                TrojanDownloader:Win32/Kuluoz.D uses the legitimate Windows file svchost.exe to drop a copy of itself into the %APPDATA% folder using a random 8-character file name.

                It then creates a registry entry that lets it run automatically every time Windows starts: