Got a Trojan

Discussion in 'malware problems & news' started by Albinoni, Sep 19, 2005.

Thread Status:
Not open for further replies.
  1. Albinoni

    Albinoni Registered Member

    Joined:
    Feb 17, 2005
    Posts:
    709
    Location:
    Perth, Western Australia
    Well what bad luck for me, I was today doing a virus scan on my PII machine using Bitdefender Pro 9 Security Suite and a window popped up telling me that I had a Trojan in the Crap Cleaner prog file. The Trojan is Trojan.Banker.VB.15E70689. Bitdefender blocked the Trojan, but not sure if it removed it.

    I than went to Add/Remove Progs and Deleted Crap Cleaner from there etc and re-booted my PC, than went back into C drive, Prog files and tried to delete the folder from there but it wouldnt let me, I could only delete the uninstall file icon but not the CCleaner icon, as it wouldnt let me.

    I'm now running Adaware to see what happens, though it seems to be taking a while to run.

    I've tried Google and cannot seem to find any info on how to remove this Trojan, plus how dangerous is it.
     
  2. Get

    Get Guest

    Best you can do is post a hijackthislog here , but when you don't want to do that you can get rid of the icon with Killbox (fill in the icon's full path, choose "Delete on reboot", click the red circle with the white cross in it and on the "All selected files will be deleted on next reboot"-screen -> click yes and reboot). That's how you could get rid of it, but before you do that you should scan again with bitdefender, Ewido-free and a-squared-free and to be even more "sure" the trojan is removed also do an online-scan . When nothing is found shutdown system restore, empty tempfolders, use killbox, reboot and start system restore (if you think it's a nice windowsgadget of course...otherwise shut it down and keep it shutdown).
     
    Last edited by a moderator: Sep 19, 2005
  3. Albinoni

    Albinoni Registered Member

    Joined:
    Feb 17, 2005
    Posts:
    709
    Location:
    Perth, Western Australia
    Now this is very strange. What I did last night (after having a gut full) I uninstalled CCleaner, but there was still the folder left in C, Prog Files. When I went into that to delete this folder, I could not do it, due to some error that said something something .dll is still in use (see my original post re this topic on top). Also ran a full C drive scan with Bitdefender Pro 9 Security Suite and it popped up warning me about this Trojan.

    So what I did was re-boot the PC in Safe Mode, ran Adaware SE Pro from there, and also deleted the CCleaner from Safe Mode, which actually caused it to finally delete. Great I thought, re-booted the PC, all clear and re ran a fresh scan of the C drive again using BD. This time nothing found, great I thought. She's all clean.

    Well I decided to re-install CCleaner and update to their latest verison, that part all went well etc. The latest version being V1.23.160. Once all was done and I opened to run the prog, guess what, BD popped up with its window and warned me about this Banker Trojan.

    So is the latest version of CCleaner infected with a Trojan.
     
  4. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    It is possibly a false positive. you need to run a couple of online scans, look in my signature ( online scans and more) and try a couple and see if they detect it.
     
  5. Albinoni

    Albinoni Registered Member

    Joined:
    Feb 17, 2005
    Posts:
    709
    Location:
    Perth, Western Australia
    Ok I'm currently running a scan using ewido, than will follow with Spybot, Adaware SE Pro and a2-Squared and see how I go.

    I thought with it having a name like Banker Trojan it couldnt be a false positive, but than again I could be wrong.

    BTW What do you mean by a false positive ?
     
  6. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    your antivirus could be mistakenly identifying CC as having a trojan (false positive)
     
  7. Albinoni

    Albinoni Registered Member

    Joined:
    Feb 17, 2005
    Posts:
    709
    Location:
    Perth, Western Australia
    Ok so your saying probably there isnt a Trojan on my PC at all, assume this is true, than why and where does that name Banker Trojan pop up from and why would it pop up. I mean this trojan has to be in the PC somewhere for BD to detect it.

    Its like me saying if I did not have MS Word prog in my PC, than I would not see or be able to use MS Word.
     
  8. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    No that is not how it works, if bitdefender has a definition file for the banker trojan and it comes across a data string such as might be in CC and it is very close to the banker defs it has it could be falsly detecting it on your computer. that is why it is recomended to run a couple of online scans to see if anything else detects it. If they don't detect it then there is a very good chance it was a false positive. All av's will have a false positive everyonce in a while.
     
  9. Albinoni

    Albinoni Registered Member

    Joined:
    Feb 17, 2005
    Posts:
    709
    Location:
    Perth, Western Australia
    Ok sorry I get you. Basically what your telling me is that the program code/string in CC might be a very close match to the definition file to that of BD, that during a scan it virtually matches up, and this is what causes BD to pop up.

    Like I said I did try to Google this and nothing found, though there were other Banker Trojans on the Google search engine, but this one just could not be found.

    Assume is this is a fault with BD than will they correct it.

    Hopefully so.
     
  10. Beefcarver

    Beefcarver Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    263
    Location:
    michigan
    Did you email bitdfenders support and tell them about it? heres the address
    if indeed it is a false positive they can update there sigs and release an update to correct this. Did you do a search for the signatures of that virus cslid?
    and possibly match them with the dll files of cc? there has to be something triggering this. Support@bitdefender.com
     
  11. tom772

    tom772 Guest

    Hi, Bitdefender recently did the same to myself, by detecting CCleaner, Safe XP as the Banker Trojan, had to reinstall both programs due to bitdefender quaratining them!! Once i updated bitdefender to the latest sig files it seems to have sorted the problem. (Its a pain that you cannot Unquaratine a file), T
     
  12. -----

    ----- Guest

    Bitdefender like most AVs will lock the file from being accessed even if you ignore.

    So you have to disable bitdefender's active shield first, if you want to uninstall and/or remove the file bitdefender is complaining about.

    It happened to me too with a copy of browser cache files.
     
  13. MLB0715

    MLB0715 Guest

    Got a Trojan--JS/Wonka HELP!

    I did a virus scan and this Trojan came up. It is just sitting there on the screen because I am afraid to shut anything down in fear that I won't get it back. I have tried to clea, quarantine and delete, but am not able to do any of these. How to I get rid of this JS/Wonka Trojano_Oo_O?? Help!
     
Loading...
Thread Status:
Not open for further replies.