Win32/Injector.ADEC trojan

Discussion in 'ESET Smart Security' started by lugnut86, Apr 13, 2013.

Thread Status:
Not open for further replies.
  1. lugnut86

    lugnut86 Registered Member

    Joined:
    Mar 30, 2013
    Posts:
    4
    Location:
    United States
    When initially booting my computer, I received a notification from SmartSecurity that a trojan was in my system and not able to be cleaned. The logs is below. It appears that at least one of the files is in the Windows Updater. I searched the threat encyclopedia and also the forums using the terms in the log, but didn't find anything. Should I go into safe mode and delete these files? Is there a better way to clean them.

    4/13/2013 10:44:58 AM Startup scanner file Operating memory » C:\PROGRA~3\MICROS~3\NTIBCP~1.EXE a variant of Win32/Injector.ADEC trojan unable to clean Mike-PC\Mike
    4/13/2013 10:44:57 AM Startup scanner file Operating memory » C:\ProgramData\Microsoft Webupdater0\ntibcpsaq.exe a variant of Win32/Injector.ADEC trojan unable to clean Mike-PC\Mike

    Many thanks for the assistance.
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Googling for ntibcpsaq.exe didn't yield any results so it's a highly suspicious file, most likely malware as detected by ESET. Please submit it to ESET along with a SysInspector log (created via the SysInpector shortcut in the Start menu) to ESET Malware research lab as per the instructions here.
     
  3. er34

    er34 Guest

    There is no legitimate folder with the name Microsoft Webupdater0 in this location - this is 99% malware. Go into Safe Mode and start ESET on-demand scan with the cmd :
    http://kb.eset.com/esetkb/index?page=content&id=SOLN2272
     
  4. lugnut86

    lugnut86 Registered Member

    Joined:
    Mar 30, 2013
    Posts:
    4
    Location:
    United States
    Wish I had better results to the guidance provided. When I tried to zip the file to submit to eset lab, the zip applications keep saying that it cannot be opened. I don't know whether or not to try to email it without compressing it first. I ran a scan while in safe mode, but when finished smart security didn't show any results. When I tried to find the log to send to eset, I cannot find a log for that scan, only one I ran a couple of weeks ago. When I tried to manually delete the file in safe mode, I get a message that I don't have permission to delete, even though I am in the administrator account. The file is still there, in the Webupdater0 folder, I can find it with a search, so it wasn't cleaned during the scan. Curiously, it was only found the one time when booting my computer, and hasn't been found by eset during multiple other boots. Many thanks in advance for any additional recommendations.
     
  5. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Try renaming the file's extension (e.g. to ex_) in safe mode so that it doesn't start next time. Then try to submit it again.
     
Thread Status:
Not open for further replies.