Mal/behav-160 + Mal/Bredo-A

Spysweeper picked this up to block installation of these two things. Should NOD32 2.7 have noticed this?

Am running a Local Disc scan right now. Is that my best option to go looking for this?

 

The local disk sweep found two instances of Win32/Injector.QJ trojan but not the item in my subject header.

Should I be using a different scan in NOD32? Is the local disk sufficient? Or is In-depth analysis or on demand a better option?

Would really appreciate some guidance,
Chamlin

 

I'd run a scan with MalwareBytes. Excellent program and removing/cleaning todays trojans/malware/rogues.

 

Thanks for the response. Free version sufficient?

 

Is it unusual to not find any reference to the Mal/behav items above if Spysweeper blocked them from initiating? Wouldn't that mean that they are resident somewhere on my system? Here's what my 2 scans found:

NOD32 2.7 identified and quarantined:
C:\System Volume Information\_restore{D230EADD-7F55-418C-8030-A0ACEEF21B5D}\RP798\A0274480.exe »NSIS »iexplorer.exe - probably a variant of Win32/Injector.QJ trojan - was a part of the deleted object
C:\System Volume Information\_restore{D230EADD-7F55-418C-8030-A0ACEEF21B5D}\RP799\A0275534.exe »NSIS »iexplorer.exe - probably a variant of Win32/Injector.QJ trojan - was a part of the deleted object

Malwarebytes Anti Malware 1.41 quarantined and removed:
Files Infected:
C:\$ISR\1\WINDOWS\system32\cpnprt2.cid (Trojan.Agent) -> Quarantined and deleted successfully.
C:\$ISR\3\WINDOWS\system32\cpnprt2.cid (Trojan.Agent) -> Quarantined and deleted successfully.
C:\$ISR\4\WINDOWS\system32\cpnprt2.cid (Trojan.Agent) -> Quarantined and deleted successfully.
C:\$ISR\8\WINDOWS\system32\cpnprt2.cid (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cpnprt2.cid (Trojan.Agent) -> Quarantined and deleted successfully.

What should I do next

 

Looks like you got infected.

I would advice you to run Combofix to be sure that there is no deep infection left.

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Poste the log here and i will have a look at it!

 

I'd suggest that you scan your disk with ESET Online Scanner. It's based on v4 and as such detects more threats than v2.

 

Never got any input on the above stuff from any scan. Will let go of concern for it at this time.

Submitted request for help with ESET. ESET advised to upgrade to v4 and custom scan with all options checked. Did so. Uncovered one more nasty:
...mail994.eml » MIME » Dfbd26414.zip » ZIP » Dfbd26414.exe - a variant of Win32/Kryptik.AMB trojan - was a part of the deleted object

QUESTION:
In v4, in the Threat Sense Engine "options" in Thunderbird's setup, everything is checked except "potentially unsafe applications". That seems more of a threat than "potentially unwanted applications" (which is checked.)

Why is the default set up that way? And oops, if I don't get a response I'll move over to the appropriate forum...