Win32/Waledec.KA trojan

Discussion in 'NOD32 version 2 Forum' started by jamest, Jul 22, 2009.

Thread Status:
Not open for further replies.
  1. jamest

    jamest Registered Member

    Joined:
    Jan 2, 2007
    Posts:
    4
    Hi there

    I'm a long time user of NOD32 and never been infected before (I think!). I have been infected today and would appreciate any advice on how to ensure my computer is now clean.

    Today at 12:05 I got a NOD32 warning message about the file:

    "http://u8r.in/se/1.exe"

    which was identified as "a variant of the Win32/Waledac.KA trojan"

    I first opted to block this. But the message appeared twice again over the next 25 minutes and on both these occasions I chose the Terminate option.

    After the 3rd warning, I looked in my task manager and saw the process:

    wpv121248215369.exe

    I killed this process. Reading about something called trojan.bredolab I discovered this exe file in the folder windows\temp and deleted from there (the file was created at 12:05).

    I also found the file rncsys32.exe in my programs\startup group, although I am not sure if this has any connection. I deleted that too.

    I have rescanned my computer a couple of times and nothing was found.

    However, as NOD32 did not remove the infection, I am concerned it may reappear.

    How can I be sure this is gone?
    Also if anyone knows how I got this, please let me know?

    Any advice greatly appreciated

    James
     
    jamest, Jul 22, 2009
    #1
  2. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    Download an application such as MalwareBytes or SuperAntiSpyware and do a scan.
     
    elapsed, Jul 22, 2009
    #2
  3. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,456
    Maybe nothing was found because v2 detects less threats than v3/v4. Unless you use Windows 9x or have NOD32 for Exchange installed, I'd strongly suggest that you upgrade to v4.
     
    Marcos, Jul 22, 2009
    #3
  4. jjavierv17

    jjavierv17 Registered Member

    Joined:
    Jul 17, 2009
    Posts:
    7
    Location:
    Monagas, Venezuela
    Hi There! You can also use "Trojan Remover". It's not a freeware but it helps a lot when talking about Trojans. the current version is 6.7.9, I think. Bye ;-)
     
    jjavierv17, Jul 22, 2009
    #4
  5. jamest

    jamest Registered Member

    Joined:
    Jan 2, 2007
    Posts:
    4
    Thanks for these suggestions.

    I have installed NOD32 v4 and rescanned but no threats were found.

    Prior to that, I installed SuperAntiSpyware and scanned - no threats.

    I also scanned with MalwareBytes. This found one infected file also created a 12:05:
    c:\documents and settings\****\Application Data\wiaserva.log

    What bothers me is that apart from this file found by Malwarebytes all of the files/process to be removed have been identified by me. This does not give me much confidence I am in the clear.

    Does anyone know what these threats are (rncsys32.exe, wpv[numbers].exe), how they got on my computer, and how I can be sure I'm rid of them?

    I have searched on the eset website and cannot find any information.

    Kind regards

    James
     
    jamest, Jul 24, 2009
    #5
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...