Hi,

I’m looking for information about Win32:Small-HUF [Trj] (first of all, the behavior of it)
After a BSOD (the first, since I use Windows7) I found some weird device names in the device manager (mtqjxm,wayuia,ijbsgx,wtjrpi), and some entries in registry with the same names, and a record in the Event Log, about a service/driver, named wayuia which can’t be started, but…
No files with these names on my HDD, I’ve tried to scan the machine with many virus/trojan/rootkit scanners (CIS, Avast, Kaspersky, MBAM, SpyBot S&D, Hitmanpro, Bitdefender, MS Security Essentials), they found nothing.

I’d like to know what was it, why I can’t find anything other than these non-plug and play devices and registry entries, what could it done, while it was active, how could it be vanished etc…

Could you help me, please?

http://lmgtfy.com/?q=Small-HUF

If you want help, follow these instructions:
https://forum.avast.com/index.php?topic=53253.0

Microsoft call it TrojanDownloader:Win32/Small
http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=TrojanDownloader%3AWin32%2FSmall#tab=2

Threat behavior TrojanDownloader:Win32/Small is family of Trojans that download unwanted software from a remote Web site. The content could include anything from additional downloader Trojans to imitation security programs.

Typically, TrojanDownloader:Win32/Small will install itself by modifying the registry to run the Trojan as a browser helper object (BHO). The next time Windows is started, TrojanDownloader:Win32/Small runs in the background and attempts to download unwanted software.

Thank you!

Hi Zé Há

Deja-Vu here: https://forum.avast.com/index.php?topic=46877.0
Also read here: http://www.bleepingcomputer.com/forums/t/444862/persistent-trojan-rootkit-problem/
Mind you it can also easily be a false positive detection,

polonus

Thank you, but my biggest problem, that the scanners haven’t found anything.
I found a reference to a driver, named wayuia in the event log. Searching for this name I found for example these topics:
https://forum.avast.com/index.php?topic=114255.0
https://forums.comodo.com/help-cce-b270.0/-t78971.0.html

It looks like if it was a virus. After trying out the idea on Comodo’s forum (set devmgr_show_nonpresent_devices=1 → running devmgmt), I found more weird names, which looks like if they were the traces of the same virus.
I can’t find any trojan/virus/adware/other malware…
It seems as if someone wiped out the virus but it wasn’t me.
The only thing I know: at the end of january the virus inactivated. (this was the first occurance of “wayuia” string in the event log)
Why? How? Have my machine ever been infected? If not, what were these things? I don’t know…

Thank you, but my biggest problem, that the scanners haven't found anything.

see instructions https://forum.avast.com/index.php?topic=53253.0 scroll down to [b]Farbar Recovery Scan Tool[/b] (picture nr #2) .... run as Instructed and attach the two diagnostic logs

when done a malware expert will check