I have my first trojan???

Discussion in 'malware problems & news' started by timj, Jun 25, 2004.

Thread Status:
Not open for further replies.
  1. timj

    timj Registered Member

    Goodday All. I did an online scan with Symantec Security and was told I have a trojan. I tried ex av, trend av and edwido scan but nothing was found.

    C:\WINDOWS\NtServicePackUnstall\reg00139 is infected with Vbs.Cuerpo

    Is it possible this is a false positive. Need help on this one. Timj
    Last edited: Jun 25, 2004
  2. ronjor

    ronjor Global Moderator

    Symantec has instructions here
  3. Jooske

    Jooske Registered Member

    Hi there, if you still have the file, could you please be so kind as to zip it and submit it to the lab for further advice for you at submit@diamondcs.com.au ?
    After that, to see if you're really clean please look in this thread at [thread]15913[/thread] and post in that forum your hijackthis log for expert review and further advice, as that infection --if it did run-- does make some changes which need correction.
    In the servicepack, is that an original SP from the MS site or could it have been infected afterwards?
    I wou6ld suggest you also upload the file at www.kaspersky.com/remoteviruschk.html to have a scan result in a few seconds.
  4. timj

    timj Registered Member

    Thank you both for your reply to my post. I submitted my uninstall files to Kaspersky online scanner,(they were clean) a zip to Diamonds, and posted results from 'hijack this'. I followed the link to Symantex removal site but could not understand the info. offered. Ran another scan with Symantex online scan with the same results, infected with "Vbs. Cuerpo". I think Symantex might be in error since Panda, Ez-thrust, and trend all stated negative for Cuerpo.
Thread Status:
Not open for further replies.