Microsoft Windows Vista Community Forums - Vistaheads
Recommended Download



Welcome to the Microsoft Windows Vista Community Forums - Vistaheads, YOUR Largest Resource for Windows Vista related information.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so , join our community today!

If you have any problems with the registration process or your account login, please contact us.

Driver Scanner

Trojan infecting update.exe?

microsoft.public.windowsupdate






Speedup My PC
Reply
  #1 (permalink)  
Old 09-28-2008
ArielZusya
 

Posts: n/a
Trojan infecting update.exe?
I have Kaspersky anti-virus protection on my computer and recently received a
notice that it found Trojan-Downloader.Win32.Turk.a in C:\WINDOWS\update.exe.
When I ask Kaspersky to show me more information on this trojan via their
website it loads the website and the site says it has no entry on this
trojan. Kaspersky says it can't "disinfect" and says the only treatment is to
delete it. I have a few questions:

1) is there actually a trojan in my update.exe or is this a false positive
that should be ignored?

2) I've read on some websites that update.exe should not actually be in
c:\WINDOWS\. These sites suggest that if it is there it is a trojan or virus.
Is that true?

3) If there is a trojan in update.exe, is there a tool (perhaps from MS)
that can clean it out and fix update.exe?

4) if there is a trojan in update.exe, can I delete the file outright? If
so, how do I get a clean copy of update.exe?

In case it's helpful, the size of the file is:

71.5 KB (73,302 Bytes)

and the size on disk is:

72.0 KB (73,728 bytes)

Any assistance would be greatly appreciated. Thanks!
Reply With Quote
Sponsored Links
  #2 (permalink)  
Old 09-28-2008
Martin
 

Posts: n/a
RE: Trojan infecting update.exe?
Hi

Yes this virus Trojan-Downloader.Win32 is on your system. I have checked
this virus and here is the website that tells you about this virus.

http://www.symantec.com/en/uk/securi...051715-4324-99

Just click on this site and it will go to the symantec site and just read it
and somewhere on the site, it tells you how to get it off your system.

If you need any more help, just send me an message and i will get back to you.

Thanks

Martin Hickie

"ArielZusya" wrote:

> I have Kaspersky anti-virus protection on my computer and recently received a
> notice that it found Trojan-Downloader.Win32.Turk.a in C:\WINDOWS\update.exe.
> When I ask Kaspersky to show me more information on this trojan via their
> website it loads the website and the site says it has no entry on this
> trojan. Kaspersky says it can't "disinfect" and says the only treatment is to
> delete it. I have a few questions:
>
> 1) is there actually a trojan in my update.exe or is this a false positive
> that should be ignored?
>
> 2) I've read on some websites that update.exe should not actually be in
> c:\WINDOWS\. These sites suggest that if it is there it is a trojan or virus.
> Is that true?
>
> 3) If there is a trojan in update.exe, is there a tool (perhaps from MS)
> that can clean it out and fix update.exe?
>
> 4) if there is a trojan in update.exe, can I delete the file outright? If
> so, how do I get a clean copy of update.exe?
>
> In case it's helpful, the size of the file is:
>
> 71.5 KB (73,302 Bytes)
>
> and the size on disk is:
>
> 72.0 KB (73,728 bytes)
>
> Any assistance would be greatly appreciated. Thanks!

Reply With Quote
  #3 (permalink)  
Old 09-28-2008
Ato_Zee
 

Posts: n/a
Re: Trojan infecting update.exe?

> 1) is there actually a trojan in my update.exe or is this a false positive
> that should be ignored?


There are several websites that you can upload small files to (big ones
1GB or so take ages) that test against several virus checkers.
Try
http://virusscan.jotti.org/
and report back.
Reply With Quote
  #4 (permalink)  
Old 09-28-2008
ArielZusya
 

Posts: n/a
RE: Trojan infecting update.exe?
Hi Martin,

Thanks for your post. I have some questions. First, the link you gave is to
information on the Gema.B Trojan. Are you certain Gema.B and Turk.a are the
same? Second, the instructions given for Gema.B is to start in safemode and
run Norton AV. My scans and attempts at repair say it is unrepairable. So...
assuming this is really a virus can I safely delete update.exe and if so,
where do I get a clean copy. I'm concerned because I haven't be able to find
any information on Turk.a... not even posts from people who have found it on
their system (google only came up with one guy who posted to some support
site... you'd think if this were a real worm there would be a lot of people
posting about it). Just trying to avoid a messy cleanup. Thanks for your help!

Ariel

"Martin" wrote:

> Hi
>
> Yes this virus Trojan-Downloader.Win32 is on your system. I have checked
> this virus and here is the website that tells you about this virus.
>
> http://www.symantec.com/en/uk/securi...051715-4324-99
>
> Just click on this site and it will go to the symantec site and just read it
> and somewhere on the site, it tells you how to get it off your system.
>
> If you need any more help, just send me an message and i will get back to you.
>
> Thanks
>
> Martin Hickie
>
> "ArielZusya" wrote:
>
> > I have Kaspersky anti-virus protection on my computer and recently received a
> > notice that it found Trojan-Downloader.Win32.Turk.a in C:\WINDOWS\update.exe.
> > When I ask Kaspersky to show me more information on this trojan via their
> > website it loads the website and the site says it has no entry on this
> > trojan. Kaspersky says it can't "disinfect" and says the only treatment is to
> > delete it. I have a few questions:
> >
> > 1) is there actually a trojan in my update.exe or is this a false positive
> > that should be ignored?
> >
> > 2) I've read on some websites that update.exe should not actually be in
> > c:\WINDOWS\. These sites suggest that if it is there it is a trojan or virus.
> > Is that true?
> >
> > 3) If there is a trojan in update.exe, is there a tool (perhaps from MS)
> > that can clean it out and fix update.exe?
> >
> > 4) if there is a trojan in update.exe, can I delete the file outright? If
> > so, how do I get a clean copy of update.exe?
> >
> > In case it's helpful, the size of the file is:
> >
> > 71.5 KB (73,302 Bytes)
> >
> > and the size on disk is:
> >
> > 72.0 KB (73,728 bytes)
> >
> > Any assistance would be greatly appreciated. Thanks!

Reply With Quote
  #5 (permalink)  
Old 09-28-2008
ArielZusya
 

Posts: n/a
Re: Trojan infecting update.exe?
OK... this doesn't look good. Here are the results:

File: update.exe
Status: INFECTED/MALWARE
MD5: 47ec38b88e2a0f6fde5cfbb2d25c9d88
Packers detected: -

Scan taken on 28 Sep 2008 14:56:19 (GMT)
A-Squared Found nothing
AntiVir Found DR/Delphi.Gen
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found Injector.AD
BitDefender Found Trojan.Delf.Inject.AP
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found BackDoor.Bifrost.842
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found Trojan-Downloader.Win32.Turk.a
G DATA Found Trojan.Delf.Inject.AP
Ikarus Found VirTool.Win32.DelfInject.AF
Kaspersky Anti-Virus Found Trojan-Downloader.Win32.Turk.a
NOD32 Found a variant of Win32/Injector.BX
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found BackDoor.Bifrost.842


Now what should I do? Thanks for your help.

Ariel


"Ato_Zee" wrote:

>
> > 1) is there actually a trojan in my update.exe or is this a false positive
> > that should be ignored?

>
> There are several websites that you can upload small files to (big ones
> 1GB or so take ages) that test against several virus checkers.
> Try
> http://virusscan.jotti.org/
> and report back.
>

Reply With Quote
  #6 (permalink)  
Old 09-29-2008
Kayman
 

Posts: n/a
Re: Trojan infecting update.exe?
On Sun, 28 Sep 2008 08:01:01 -0700, ArielZusya wrote:

> OK... this doesn't look good. Here are the results:
>
> File: update.exe
> Status: INFECTED/MALWARE
> MD5: 47ec38b88e2a0f6fde5cfbb2d25c9d88
> Packers detected: -
>
> Scan taken on 28 Sep 2008 14:56:19 (GMT)
> A-Squared Found nothing
> AntiVir Found DR/Delphi.Gen
> ArcaVir Found nothing
> Avast Found nothing
> AVG Antivirus Found Injector.AD
> BitDefender Found Trojan.Delf.Inject.AP
> ClamAV Found nothing
> CPsecure Found nothing
> Dr.Web Found BackDoor.Bifrost.842
> F-Prot Antivirus Found nothing
> F-Secure Anti-Virus Found Trojan-Downloader.Win32.Turk.a
> G DATA Found Trojan.Delf.Inject.AP
> Ikarus Found VirTool.Win32.DelfInject.AF
> Kaspersky Anti-Virus Found Trojan-Downloader.Win32.Turk.a
> NOD32 Found a variant of Win32/Injector.BX
> Norman Virus Control Found nothing
> Panda Antivirus Found nothing
> Sophos Antivirus Found nothing
> VirusBuster Found nothing
> VBA32 Found BackDoor.Bifrost.842
>
> Now what should I do? Thanks for your help.


1.CCleaner - Free
Cleans temporary internet files, cookies, history, recent urls, application
MRUs, etc. ...
http://www.filehippo.com/download_ccleaner/
If Windows Defender is utilized go to Applications, under Utilities
uncheck "Windows Defender" (so it won't delete the history of WD)
Do not the registry cleaner option in CCleaner!

2.Download/execute David H. Lipman's MULTI_AV Tool
http://www.pctipp.ch/ds/28400/28470/Multi_AV.exe
http://www.pctipp.ch/downloads/dl/35905.asp
English:
http://www.raymond.cc/blog/archives/...irus-for-free/
Additional Instructions:
http://pcdid.com/Multi_AV.htm
--and/or--
Kaspersky's AVPTool
http://downloads5.kaspersky-labs.com/devbuilds/AVPTool/
--and/or--
http://ftp.kaspersky.com/devbuilds/AVPTool/
There's no updating involved since the scanning engine is updated
several times a day and you simply download the updated scanner whenever
you want to do a scan.
--and/or--
Dr.Web CureIt!® Utility - FREE
http://www.freedrweb.com/cureit/
--and/or--
Malwarebytes© Corporation - Anti-Malware
http://www.malwarebytes.org/mbam/program/mbam-setup.exe

3.To flush your System Restore *after* doing the above cleaning steps.
Do this:
Right click "My Computer" icon and select Properties from the drop down
list.
On the system Properties click on System Restore Tab and *check* the box
'Turn off System Restore on all drives'.

Click [Apply] then click [OK]

Reboot.

Right click "My Computer" icon and select Properties from the drop down
list.
On the system Properties click on System Restore Tab and *uncheck* the box
'Turn off System Restore on all drives'.

Note: ensure that under 'Available drives' the Status of Drive does show
'Monitoring'.

And then manually create a Restore point.
Go to:
http://www.microsoft.com/windowsxp/u...emrestore.mspx
And scroll down to: Create a Restore Point.

Done!

Reply With Quote
  #7 (permalink)  
Old 09-29-2008
PA Bear [MS MVP]
 

Posts: n/a
Re: Trojan infecting update.exe?
Unexplained computer behavior may be caused by deceptive software
http://support.microsoft.com/kb/827315

Run a /thorough/ check for hijackware, including posting your hijackthis log
to an appropriate forum.

Checking for/Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://aumha.net/viewtopic.php?t=5878
http://wiki.castlecops.com/Malware_R...:_Introduction
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://defendingyourmachine2.blogspot.com/
http://www.elephantboycomputers.com/...moving_Malware

When all else fails, HijackThis v2.0.2
(http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use (in
conjuction with some other utilities). HijackThis will NOT fix anything on
its own, but it will help you to both identify and remove any
hijackware/spyware with assistance from an expert. **Post your log to
http://spywarehammer.com/simplemachi...php?board=10.0,
http://forums.spybot.info/forumdisplay.php?f=22,
http://aumha.net/viewforum.php?f=30, or another appropriate forum for review
by an expert in such matters, not here.**

If the procedures look too complex - and there is no shame in admitting this
isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA or Geek Squad) computer repair shop.
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
AumHa VSOP & Admin http://aumha.net
DTS-L http://dts-l.net/

ArielZusya wrote:
> I have Kaspersky anti-virus protection on my computer and recently
> received
> a notice that it found Trojan-Downloader.Win32.Turk.a in
> C:\WINDOWS\update.exe. When I ask Kaspersky to show me more information on
> this trojan via their website it loads the website and the site says it
> has
> no entry on this trojan. Kaspersky says it can't "disinfect" and says the
> only treatment is to delete it. I have a few questions:
>
> 1) is there actually a trojan in my update.exe or is this a false positive
> that should be ignored?
>
> 2) I've read on some websites that update.exe should not actually be in
> c:\WINDOWS\. These sites suggest that if it is there it is a trojan or
> virus. Is that true?
>
> 3) If there is a trojan in update.exe, is there a tool (perhaps from MS)
> that can clean it out and fix update.exe?
>
> 4) if there is a trojan in update.exe, can I delete the file outright? If
> so, how do I get a clean copy of update.exe?
>
> In case it's helpful, the size of the file is:
>
> 71.5 KB (73,302 Bytes)
>
> and the size on disk is:
>
> 72.0 KB (73,728 bytes)
>
> Any assistance would be greatly appreciated. Thanks!


Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Brief: Coreflood keeps on infecting under radar Steve Security News 0 08-10-2008 03:30
I think I have a virus infecting a few MAJOR programs TACOLICIOUSLAND microsoft.public.windows.vista.security 8 05-23-2008 00:56
Web attack worm infecting hapless sites Steve Security News 0 05-08-2008 17:50
Botmaster admits infecting 250,000 computers Steve Security News 0 11-10-2007 04:00
Virus Center: Halloween used for infecting PCs Steve Security News 0 11-01-2007 04:11




All times are GMT +1. The time now is 17:24.




Driver Scanner - Free Scan Now

Vistaheads.com is part of the Heads Network. See also XPHeads.com , Win7Heads.com and Win8Heads.com.


Design by Vjacheslav Trushkin for phpBBStyles.com.
Powered by vBulletin® Version 3.6.7
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.6.0 RC 2

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120