PDA

View Full Version : My antivirus finds trojan on my computer help.



WillyT
2006-12-05, 04:48
Hello guys.
I had a thread before that I think it was this same problem. At the time I was not using Bit Defender and I was doing and online scan using Panda. Panda would report it found some "trojan urlspoof" thing. I believe LonnyRJones helped me with that case. After we tried many things including scans with diferent anti viruses and not finding it and deleting all my old email mesages we decided that Panda may have been finding a non issue. Well I installed Bit Defender and every time I do a scan it find what I believ is the same thing. This report is more detailed though. I think it even provides some sort of registry key or something. I set BD to quarantine or delete. BD tries to move to quarantine but it can't, then it says it deleted the file but I scaned two more times and the same thing is found after supposedly being erased. I will paste the BD report and post a link to that old thread. Please let me know what I need to do to get rid of this. Many thanks to you guys for a great work!! :bow:

Old case thread: http://forums.spybot.info/showthread.php?t=7612

Bit defender repor:


//-----------------------------------------------------------------
//
// Product: BitDefender 9 Professional Plus
// Version: 9.5
//
// Created on: 04/12/2006 19:27:19
//
//-----------------------------------------------------------------


Statistics

Scan path : A:\
C:\
D:\
E:\
Folders : 3116
Files : 224588
Archives : 5015
Packed files : 18214
Identified viruses : 1
Infected files : 1
Warnings : 0
Suspect files : 0
Disinfected files : 0
Deleted files : 1
Copied files : 0
Moved files : 0
Renamed files : 0
I/O errors : 83
Scan time : 01:05:46
Scan speed (files/sec) : 56

Virus definitions : 324435
Scan plugins : 14
Archive plugins : 38
Unpack plugins : 6
Mail plugins : 6
System plugins : 1

Scan options

Detection
[X] Scan boot sectors
[X] Scan archives
[X] Scan packed files
[X] Scan email

File mask
[ ] Programs
[X] All files
[ ] User defined extensions:
[ ] Exclude extensions: ;

Action

Infected objects
[ ] Ignore
[ ] Disinfect
[ ] Delete
[ ] Copy to quarantine
[X] Move to quarantine
[ ] Rename
[ ] Prompt user

Second action
[ ] Ignore
[X] Delete
[ ] Copy to quarantine
[ ] Move to quarantine
[ ] Rename
[ ] Prompt user

Scan options
[X] Enable warnings
[X] Enable heuristics
[ ] Show all files in log
[X] Report file: C:\Program Files\Softwin\BitDefender9\Logs\vscan_1165289239.log


Summary:

C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{E91B807B-338C-43D7-9D57-F5381E8CD4C8}\Microsoft\Outlook Express\Inbox.dbx=>(message 2)=>[Subject: Problems with your Earthlink account.][Date: Sat, 20 Dec 2003 21:01:09 -0400 (EST)]=>(MIME part)=>(message body) Infected: Trojan.Exploit.Urlspoof.D
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{E91B807B-338C-43D7-9D57-F5381E8CD4C8}\Microsoft\Outlook Express\Inbox.dbx=>(message 2)=>[Subject: Problems with your Earthlink account.][Date: Sat, 20 Dec 2003 21:01:09 -0400 (EST)]=>(MIME part)=>(message body) Move failed
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{E91B807B-338C-43D7-9D57-F5381E8CD4C8}\Microsoft\Outlook Express\Inbox.dbx=>(message 2)=>[Subject: Problems with your Earthlink account.][Date: Sat, 20 Dec 2003 21:01:09 -0400 (EST)]=>(MIME part)=>(message body) Deleted
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{E91B807B-338C-43D7-9D57-F5381E8CD4C8}\Microsoft\Outlook Express\Inbox.dbx=>(message 2)=>[Subject: Problems with your Earthlink account.][Date: Sat, 20 Dec 2003 21:01:09 -0400 (EST)]=>(MIME part) Update
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{E91B807B-338C-43D7-9D57-F5381E8CD4C8}\Microsoft\Outlook Express\Inbox.dbx=>(message 2) Update
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{E91B807B-338C-43D7-9D57-F5381E8CD4C8}\Microsoft\Outlook Express\Inbox.dbx Update failed

LonnyRJones
2006-12-11, 12:19
Hello

I wonder if this might help. make a new account in your emal software, get it set up the same way your original account is then delete the old one.

WillyT
2006-12-13, 04:08
I found the suspected file but it would not allow me to delete it. I did what u suggested and deleted the mail identity and then deleted the suspected folder. A new scan did not detected the virus this time:bigthumb: . This thread can be close now. Thanks Lonny:bow:

Happy holidays to you and the team!! :present:

LonnyRJones
2006-12-13, 13:18
Good job

Surd safe, have a good Holiday Season.