Found a trojan downloader on my system

Hi,

My PC has been kind of running slow since the last couple of days and when I opened NOD32 Control Center today I got that message:

probably a variant of Win32/Genetik trojan found in operating memory. System memory infection originated from file C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe.


Here's an example of threats found and that I deleted:

C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe - probably a variant of Win32/Genetik trojan

It mentioned that these files could be deleted, which I did.
I hope this is what I had to do and that I did not damage my pc even more.

Can someone help me with this please? What do do with the trojan downloader that I can't delete while running the scan?

Thanks,
Sylvie

 

@ Sylvie


Hello! You'd better have posted in ESET's section .

C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

While it is possible for the above to be fake ones , in my opinion this is a false positive detection . Make sure your ESET software is up-to-date and perform full scan

Running slow doesn't always mean you are infected.

 

run SAS it'll find it...

 

I runned Spybot.

Then I runned NOD32 again and it is no longer there.

I deleted all the files that NOD32 indicated I could delete the first time I did the scan.

I'll bring my pc to a friend who is way more knowledgeable than I and he will see if it has been deleted or not.

Thanks for your help,
Sylvie

 

Another person who got that trojan used Combofix and SAS to remove the infection. Also they updated their Java program since trojans tend to attack outdated Java versions. You can go to any tech support forum to ask for help in reading your system log reports to be sure that the system is clean.

 

In my humble opinion this is likely to have been a false detection. These aren't unusual, with most security programs, from time to time. Anytime the detection has the words "generic" or "heuristic" included is a bit of a clue; means that it thinks the program exhibits behaviour similar to the flagged item. Means it's quite possibly malware, or malware-like, but not necessarily.
In this case, jusched is the auto updater for Java (which I've found does nothing, really, except slightly slow the system startup, since it puts itself in the start list.)
So you are better off checking your Java updates manually.
I think the current version is 1.6.040.
If you just "google" "verify java" and click on the first sun java entry that matches the search term, you'll be taken to the sun java page that can check this for you.

 

It is special purpose utility for removing some malware samples and it can repair registry issues too. But if it hasn't got some sample in the database, it doesn't remove it. It generates logfile. It includes informations, which are important for other using this utility (only advanced users can use it ).


danebe: Maybe there can be infector.

 

always use Drwebs Cureit, to cure your computer

 

Thanks everyone for your replies.

My friend told me that NOD32 had been corrupted so we removed it and installed AVG and runned a full scan as well as ad-adware and both came back normal with no threats found. They had NOD32 installed on every PC at his work place and he downloaded it from there in my PC last year...my version was up-to-date.

I wonder if I should keep AVG or install Norton Internet Security 2008 that I just bought.

My PC works just fine now.

I did check Java and it is up-to-date.

What do you mean when you talk about a false positive detection?

I am not computer litterate and I forgot to ask my friend about that.

Sylvie

 

False positive means false detection (when AV detects correct e.g. system file as malware).

 

Also check that there are no old Java versions left behind. If the old version is still present (and the old version isn't removed by installing the new) any vulnerability the old version has can still be there.

If the computer runs well with AVG, and you like it, that's good. If it also runs well with Norton, and you've paid for it, seems a shame to waste the purchase price. Up to you.