Trojan found

Similar Messages

• Trojan found in Lion and on iPhone 4 backup

  I recently installed MacKeeper on my Mac and Pc's
  I have been having major issues with Lion - see my discussion  there -
  But tonight it found a Trojan in my Users/dr/App Support/MobileSync/Backup file  - This was as I was restoring my iphone 4 from the back up because it was continually slowing & crashing like my Lion is.  So the back up was lost.  I had a backup omn iCloud but because the last vackup was to my Mac it would not restore from iCloud.
  The description is TR/Spy.29184.169
  Is this real? or is my MacKeeper  deluded? Is it on my iPhone or in my Mac (rather was it?)
  dr

  MacKeeper is itself a trojan.
  MacKeeper is an exception to the rule that system modifications should be uninstalled according to the developer's instructions. Although not generally recognized as such, MacKeeper is in fact a trojan, because the developer distributes an uninstaller that purports to delete it, but leaves behind something that causes popup ads to appear in the user’s web browser. Try following the instructions here:
  how to uninstall MacKeeper « Phil Stokes
  I can't personally vouch for the accuracy of those instructions, but others seem to have had success with them.

• Trojan found during installation of AW7

  This is the first time something like this has happened to me during          
  software installation.
  I'm running ZoneAlarm Extreme Security, which found five trojan variants during Authorware 7 installation:
  Trojan.Win32.Krament.ml, associated with Get RTF Object Text Range.exe;
  Trojan.Win32.Krament.mn, associated with Insert RTF Object Hot Text interaction.exe;
  Trojan.Win32.Krament.mi, associated with Save RTF Object.exe;
  Trojan.Win32.Krament.mo, associated with Search RTF Object.exe;
  Trojan.Win32.Krament.mh, associated with Show or Hide RTF Object.exe.
  I'm sure it is semantics. Any thoughts on this problem? Cures?
  Any help is appreciated and thank you in advance for your time and consideration.
  Running XP sp3.
  Regards

  I contacted ZoneAlarm as you recommended and the first thing the support guy said was that it sounded like false positives. He gave me a procedure to follow, which I am going to implement.

• Two Trojans found after TimeMachine backup?

  HelloSeveral weeks ago I and after a weekly manual backup I discovered that I had two Trojans and after several attempts two get rind of then they keep popping up every time I do a TM backup.When I click unlock to delete the Trojans they both disappear until next time I do a TM back.Has anyone else found these on their computers and if so how did you get them off for good?Cheers Colin Please see attached for the little nastiest.

  Hey MiltonX
  Sorry you're having trouble with this. It sounds like the threat is probably being backed up somewhere in the time machine.
  First thing to do is take a look at the path where the threats are located. You can usually find this in the quarantine manager after  you authenticate as administrator. If you don't see it listed in the scan results, you can either click "reveal in finder" from the quarantine manager, or if you can't find the full path that way, pull up the scan log by clicking the small gear icon in the "scans" menu and selecting "View scan log."
  Once you've found the full path to the threat, take a look at this article. I'm guessing the path will be located somewhere in /Backups.backupdb/. If that's the case, you can skip to step 18 and follow the instructions under the Time Machine Archive heading. That will walk you through removing the backedup threat and hopefully prevent it from coming back anymore.
  Hope that makes sense, but if you have any questions, let me know! 

• Trojan found - has it been made safe?

  McAfee has just 'done' its weekly full scan of my computer. The security report says it detected 1 trojan. It also says that my system is secure and no action required.
  This may be an obvious question - but is there anything I should do to remove the found Trojan? If so I can't find a way to remove it. Or, which I hope is the case, has McAfee dealt with it and I have nothing further to worry about?
  I always look at the security report and this is the first time it has indicated that something has been found.
  Solved!
  Go to Solution.

  there is nothing to do as McAfee will have either deleted or put in quarantine.  probably came with something you downloaded
  If you like a post, or want to say thanks for a helpful answer, please click on the Ratings star on the left-hand side of the post.
  If someone answers your question correctly please let other members know by clicking on ’Mark as Accepted Solution’.

• TROJAN FOUND In Acrodistdll.dll (Acrobat V9.5.2)

  Good day,
  My Avira Antivirus found the trojan VILSEL.BELL in Acrodistdll.dll
  Since this DLL has been moved to quarantine, I am now unable to generate PDFs from WORD or EXCEL!!
  Please, how can I repair my Adove V9? Where can I safely download the good version of Acrodistdll.dll??!
  Thanks for your help ASAP!

  Still, you cannot download it from Adobe any longer. And if anyone else claimed to offer it, that would surely just be more viruses.

• Trojan found in Adobe software?

  I'm pretty sure this is a false positive, and sorry for posting about it here, I don't know where else do go. The setup of the support forums is confusing me.
  Anyway, AVG Free detected a "Trojan horse Crypt.CFR" in Common Files/Adobe/Installer/and a bunch of numbers and letters/Setup.exe . From what I've read, there is no such thing as a "Trojan horse Crypt.CFR" and that this is probaby a false positive, but just to be on the safe side, I wonder if anyone else has experienced this and knows what to do.

  The file that was detected and you deleted is setup.exe.
  Go to your original install media or download-extract location and just copy that setup.exe to:
  C:\Program Files\Common Files\Adobe\Installers\faf656ef605427ee2f42989c3ad31b8\setup.exe
  that you deleted.
  On my system, I am running the trial while waiting for the box to come, so that setup.exe is in:
  C:\Users\Steve\Downloads\Adobe CS4\Photoshop\Adobe CS4
  because I downloaded the .7z file containing the trial into my Downloads folder and ran its corresponding EXE from there.
  These two setup.exe files are identical, at least in the trial version.
  If you deleted all the files in the folder and not just the setup.exe, there are 8 DLLs and 4 folders within that same folder as contained the setup.exe, then you can probably just run the original installer, again and install over the top of what you have. If that also doesn't work, then maybe run the MSI-clean thing you already mentioned, and then re-run the original install.

• Trojan found on Mac by Avast?

  I know Avast! isn't the best, but this is the only time it's given me an "infection" detection so far. The file was an "alekspack10.jar" file and considered a trojan.
  I already deleted it using Avast! but what I want to know is was that enough? Does that take it off of my computer? Is there any other way I can scan for it on my computer?
  I know this isn't the Avast! forums, but if there's anything else I can do to make sure that (possible) trojan is off of there I would like to know.

  I already had deleted it before posting this but I can check to see if I can still find the file.
  If you have backups, you might be able to find it there. (If you don't, you should drop everything you're doing and focus on starting a backup system. Literally.)
  I'd also point out that the knee-jerk reaction that causes people to immediately delete things detected as malware is a bad one. You should NEVER allow anti-virus software to immediately delete something that it determines is malicious, nor should you delete it yourself until you have done your homework.
  Deleting "infected" files automatically is bad for several reasons:
  * It could be a false positive, and deleting it could destroy valuable data, damage an application or damage your system.
  * If it's actually malicious, it could be a new variant of something else, and ought to be submitted to the security community (via VirusTotal) so they can do a better job of keeping you safe.
  * If it's actually Mac malware, you need to know exactly what it is so that you can find out more about how to get rid of it. Some Mac malware can be removed fairly easily, but other malware should never be removed by any method other than erasing the hard drive and starting fresh.
  For more information on how to properly deal with such things, see:
  How to remove infected files

• Windows search serachprotocolhost.exe opening files with virus/trojans

  I had received a file with was suspected malicious, but was tested online and was passed by 41 different virus engines as
  "No Threats found",  The file was a word document XP447949.doc which contained macro's that were suspected as Malicious.  The file was NOT opened with word as it warned about suspect macro's.
  However much to my surprise our Antivirus software Blocked An attempt to execute code out of the blue the following day, The file was the XP447949.doc and the offending program was windows search!
  This Means that any potential Virus/Trojan/Malware that has been downloaded but not run could be installed when the indexing service does its rounds!  Surely this cant be right...
  Hopefully someone at Microsoft can look into how this can be made more Secure.

  The Trojan found was reported by the antivirus as 'LooksLike.Macro.Downloader.a (v)'
  The Antivirus did not find problems when it scanned the file.  (Neither did 40 other products)
  The active protection part found the file when windows search attempted to access the file, this concerns me somewhat that the search indexer is activating hidden malware.
  If there was no active protection what would have happened?

• Update on Android Attack - Fake Android security fix is really another trojan

  Source from Android Central at http://www.androidcentral.com/fake-android-security-fix-really-another-trojan
  By now most everyone knows that Google has addressed the Droid Dream malware mess in the Android Market, used the kill switch and issued a fix, and is in process of rolling out said fix to all affected users.  But since Android users in general are an impatient lot, some folks have been on the lookout for the files to manually install the fix instead of waiting.
  Don't do it.
  The folks at F-Secure have found that at least one of the so-called security patch files floating around is really just another trojan.  This is social engineering at it's finest -- use the promise of security to really make things worse.  You can read the gory details of the BgServ.A trojan found in the fake patch at the source link, but the important thing is that you need to wait for Google to push you the fix if you downloaded one of the infected files.  Like every other patch for the OS, whether it's an updated version of Android or something less glamorous like a security fix, only install files from Google's servers.
  If you were affected by the malware, you should have received an email from big G, or will soon.  We have the full text of that message after the break, be sure to check that the sender is really Google, and sit tight.  They will get you all patched up. [F-Secure] Thanks Mike and Steven!
  You are receiving this message to inform you of a critical issue affecting
  your Android Market account.
  Hello,
  We recently discovered applications on Android Market that were designed to
  harm devices. These malicious applications ("malware") have been removed from
  Android Market, and the corresponding developer accounts have been closed.
  According to our records, you have downloaded one or more of these
  applications. This malware was designed to allow an unauthorized third-party
  to access your device without your knowledge. As far as we can determine, the
  only information obtained was device-specific (IMEI/IMSI, unique codes which
  are used to identify mobile devices, and the version of Android running on
  your device).
  However, this malware could leave your device and personal information at
  risk, so we are pushing an Android Market security update to your device to
  remove this malware. You will soon be receiving a notification on your device
  that says "Android Market Security Tool March 2011" has been installed. You
  are not required to take any action from there, the update will automatically
  run. You may also receive notification(s) on your device that an application
  has been removed. Within 24 hours of receiving the update, you will receive a
  second email confirming its success.
  To ensure this update is run quickly, please make sure that your device is
  turned on and has a strong network connection.
  For more details, please visit the Android Market Help Center at
  http://market.android.com/support/bin/answer.py?answer=1207928
  Regards,
  The Android Market Team
  ©2011 Google, Inc.
  1600 Amphitheatre Parkway
  Mountain View, CA  94043
  Email preferences:  You are receiving this email to notify you of a critical
  issue affecting your Android Market account.

  I agree this is overblown. By the time it hits the mainstream media, you'll notice it always takes on an alarmist tone. The issue has already been posted on this forum:
  Here
  http://community.vzw.com/t5/Android-Discussions/Android-Exploit-Credential-Theft/m-p/531658 
  And here:
  http://community.vzw.com/t5/DROID-by-Motorola/Android-2-3-4-to-Plug-Massive-Security-Hole-for-your-Droid/m-p/532590

• Potentialy serious problem with Oracle 11g R1

  Today i have download to try Oracle 11g , my system supports database system
  requirerments and into installation progress my antivirus software find some troyan horses and my antivirus software is ordinary not powerfull .Do someone have the same problem?

  Yes, Trojan found in ott.exe. I believe this may be a false alarm because of its filename, which is the name of a known malware. Only some antivirus detected it.
  Since it's just one file, use whatever your antivirus has for isolating it, or just delete it.

• McAfee security

  Having recently upgraded to Broadband option 2, I decided to take advantage of the free download of the McAfee software.It seemed to be impressive enough,but sadly after 6 days useage,a Trojan found it`s way on to my PC.What the trojan did was to shut down Internet Explorer and Mozilla Firefox after about ten minutes.I was able to log back on again almost right away,but no good if you were in the middle of a download.Nothing else on my PC was affected,even Chrome and Safari browsers.McAfee was unable to remove the virus,so I got it removed myself.I was previously using the free Comodo Anti virus/firewall security.In nearly six years of use,not a single virus of any kind got through.I have taken the McAfee of my sytem and reinstalled Comodo.Anybody else have any probs with McAfee? Kenny

  No AV is 100% effective against all attacks all the time, and I'm not aware of any reports that McAfee is notably worse than others in this respect. You can find recommendations for and against most AVs.
  However, there have been many operational complaints about McAfee, as a forum search for NetProtect will reveal. Many advise to steer clear as there are plenty of equally effective free programs available. More here: BT Forum AV Advice.
  PS. Did you run the McAfee removal tool? It has been moved to http://service.mcafee.com/FAQDocument.aspx?id=TS10​1331.
  You can click the white star next to this message if you think it was helpful.

• Elements 13 Program highjacked

  Opened Elements 13. Have very good AVG security software & it's always running. Suddenly the Elements 13 screen said you need to pay $79.95 to get rid of the Trojan.  It also said AVG couldn't eliminate it. I won't repeat what I said, but immediately  closed Elements 13, ran AVG & M/S security software. No Trojan found. No message received from Adobe or AVG for a heads-up. Won't run Adobe without disconnecting from the internet.

  First, this has nothing to do with Adobe or its software, unless you’re being creative about complain that a PSE upgrade costs $80. 
  Apparently you are infected with “ransomware” of some sort, which is generally beyond the scope of these forums; however, some general advice would be that besides AVG and MSS try SuperAntiSpyware and MalwareBytes.   It would also help to Google for the exact name of the Trojan along with the word removal to see what sort of process it takes to remove it.  I would suggest doing the downloading and searching using a different computer than the one that is infected so that the infection cannot interfere.  You might even burn the installers to a CD to make sure that you’re not infecting the flash drive or whatever you’d be using to transfer the installers.

• Supposed Virus in Mac Mail

  When i send emails to most people from Mac Mail if get the following response:
  Message contains a virus or other malicious code
  550 (Phishing.Heuristics.Email.SpoofedDomain)
  (full response below)
  I have downloaded 3 anti virus scanners (ClamXav - which detected infected emails which i deleted, Virus Barrier X6 which did the same, I quarantined this time and lastly MacScan which  quarantined 41 Trojans found). This still hasnt stopped my emails from bouncing.
  I have just upgraded to Lion as it upgrades Mail and this hasnt helped either.
  Any ideas anyone?
  SMTP error from remote server after transfer of mail text:
  host mx.daily.co.uk[195.26.90.18]:
  550-Message contains a virus or other malicious code
  550 (Phishing.Heuristics.Email.SpoofedDomain)
  --- The header of the original message is following. ---
  Received: from [10.0.1.13] (cpc1-dals2-0-0-cust994.hari.cable.virginmedia.com [82.35.75.227])
      by mrelayeu.kundenserver.de (node=mreu3) with ESMTP (Nemesis)
      id 0MSTdP-1QxeBe2XWt-00TYNl; Thu, 28 Jul 2011 14:52:01 +0200
  From: Brett Jefferson Stott <[email protected]>
  Content-Type: multipart/alternative; boundary="Apple-Mail=_13AF1900-857E-474E-B7A3-0140183E6F2E"
  Subject: test
  Date: Thu, 28 Jul 2011 13:52:01 +0100
  Message-Id: <[email protected]>
  To: London Street Photography Festival <[email protected]>
  Mime-Version: 1.0 (Apple Message framework v1244.3)
  X-Mailer: Apple Mail (2.1244.3)
  X-Provags-ID: V02:K0:myvTxaHm4aFpD2UhbLWXUofRrpa24Dg7jy4GU+UOpkC
  v1qcfBj/8iyGwd8zL/R+L/YVMHL2IE3LSfFwpVYEeKFWIpQvt1
  ZfGDYKsnUyd7XWqZjLNuRA+FIAChrDzVZ7aAHFO951f/kdo5SL
  E2miHol1JgA0cztWu5UBxMo9akEwPwb5YNHogeIpvg+sOYisuW
  1i4HFPZ7Cq7C0RynM2trGno7+rjt89o1ogHUuG0Kcc=

  I have two e-mail addresses.  One is working normally.  The other was, but now e-mails sent to that address appear momentarily, then disappears.  It is not in Trash for that address.  Any ideas how I can fix this?

• HT5228 What if we have 10.5 Leopard Mac OS? No patch for us?

  Anything we need to do, are we also vunrable to this virus?
  Thanks.

  will I miss it?
  Not likely.  JavaScript (not related) has grown up a lot since Java was postulated as the way to run client side code.  These days most web sites use JavaScript and DO NOT use Java.
  What does it do?
  Java can be used for a lot of stuff, but in this case it was intended as a way for web sites to run client side code in a safe sandbox with very limited access to the client system.  The problem is the Flashback trojan found a hole in the code that allowed it access outside its sandbox.
  Maybe i can turn it on just when essential?
  Yes.  But it is unlikely you will need to do this.