Detecting new files created, but not the creator

Discussion in 'NOD32 version 2 Forum' started by jvandecar, Apr 13, 2006.

Thread Status:
Not open for further replies.
  1. jvandecar

    jvandecar Registered Member

    Joined:
    Feb 7, 2006
    Posts:
    5
    Nod32 2.5, updated 4/13/06

    I was plagued with Baidu Bar before January. But I thought I was able to get it cleaned. I have Microsoft AntiSpyware installed, and just recently, beginning on April 6th, my home URL has been trying to change to , Microsoft detects and prevents it, but I want the files that are trying to make it do that, gone.

    Nod32 is detecting two things as well.

    ~snip~ Links to possible malware removed - Ron

    4/13/2006 20:24:11 AMON file C:\Documents and Settings\-------\Local Settings\Temporary Internet Files\Content.IE5\8XGHOV83\mputoo[1].exe a variant of Win32/TrojanDownloader.QQHelper trojan quarantined - deleted ----- Event occurred on a new file created by the application: C:\WINDOWS\Explorer.EXE. The file was moved to quarantine. You may close this window.

    4/13/2006 20:24:05 AMON file C:\WINDOWS\SYSTEM32\WBEM\setup7.exe a variant of Win32/TrojanDownloader.QQHelper trojan quarantined - deleted ----- Event occurred on a new file created by the application: C:\WINDOWS\Explorer.EXE. The file was moved to quarantine. You may close this window.

    4/13/2006 20:23:35 IMON self-extracting archive a variant of Win32/TrojanDownloader.QQHelper trojan -----

    From the above logs, it seems my browser is randomly going out and redownloading QQHelper trojan. Then explorer tries to open it and run it and Nod32 detects, quarantines and deletes it?

    Any suggestions?

    ESET's Nod32 (A,D,E,IMON all active), Microsoft AntiSpyware (All Checkpoints Active), Javacoolsoftware's Spyware Blaster (All Protection Enabled) are all I run. I use Firefox 1.5 on XP Pro SP2.
     
    Last edited by a moderator: Apr 13, 2006
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
  3. jvandecar

    jvandecar Registered Member

    Joined:
    Feb 7, 2006
    Posts:
    5
  4. jvandecar

    jvandecar Registered Member

    Joined:
    Feb 7, 2006
    Posts:
    5
  5. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Ehm, didn't you get a reply by email? PM me the email address you sent it from.
     
  6. jvandecar

    jvandecar Registered Member

    Joined:
    Feb 7, 2006
    Posts:
    5
    Your inbox is too full.
     
  7. jvandecar

    jvandecar Registered Member

    Joined:
    Feb 7, 2006
    Posts:
    5
Thread Status:
Not open for further replies.