3 Replies Latest reply on Sep 19, 2014 10:37 PM by Hayton

    Question about trojan in folder Content.IE5

    kachisha

      Hi,

      We are using EPO 5.0, VSE8.8, DAT version 7561.0000

      We ran a full scan and found out trojan Generic Damaged.a

      We don't know that why Antilvirus McAfee always report trojan in folder content.ie5?

      We already disable system restore, after that scan safe mode, also using Ccleaner scan and delete temporary internet file

      But we check threat event, report about this trojan still appear.

      So how to delete this trojan? please help us.

      Please check this image in attach file

      This is process when we running hijackthis:

       

      Logfile of Trend Micro HijackThis v2.0.4

      Scan saved at 11:21:01, on 2014/09/19

      Platform: Windows XP SP3 (WinNT 5.01.2600)

      MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

      Boot mode: Normal

       

       

      Running processes:

      C:\WINDOWS\System32\smss.exe

      C:\WINDOWS\system32\winlogon.exe

      C:\WINDOWS\system32\services.exe

      C:\WINDOWS\system32\lsass.exe

      C:\WINDOWS\system32\svchost.exe

      C:\WINDOWS\System32\svchost.exe

      C:\WINDOWS\system32\logonui.exe

      C:\WINDOWS\system32\spoolsv.exe

      C:\Program Files\McAfee\Common Framework\FrameworkService.exe

      C:\WINDOWS\system32\mfevtps.exe

      C:\WINDOWS\system32\svchost.exe

      C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

      C:\WINDOWS\system32\winlogon.exe

      C:\WINDOWS\system32\rdpclip.exe

      C:\WINDOWS\Explorer.EXE

      C:\WINDOWS\system32\wscntfy.exe

      C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE

      C:\WINDOWS\system32\ctfmon.exe

      C:\Documents and Settings\Administrator\デスクトップ\McAfee\New folder\HijackThis.exe

       

       

      O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20140918093338.dll

      O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

      O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

      O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

      O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey

      O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

      O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] ctfmon.exe (User 'LOCAL SERVICE')

      O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] ctfmon.exe (User 'NETWORK SERVICE')

      O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] ctfmon.exe (User 'SYSTEM')

      O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] ctfmon.exe (User 'Default user')

      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

      O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

      O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

      O23 - Service: McAfee Framework サービス (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe

      O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe

      O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

      O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe

       

       

      --

      End of file - 3242 bytes