What is it ? I cannot find it in other virus databases. Is it known under a different name?
How do I remove all parts of it ? Avast only moves the A0117879.DLL to the virus chest. There must be other parts to it as my PC is still running very slowly and there are no suspicious services running and no significant network traffic.
Unfortunately,we can’t tell you exactly.As matter of fact,1 year ago or so,a new “Trojan horse,info stealer” named carberp was created and was able to infect machines and evade almost all AVs’s detection,carberp is a clone of Zeus & Spyeye(you can google it) but even more sophisticated.The first detection of avast for that virus was Win32:Malob-BH.
Some examples:
http://www.virustotal.com/file-scan/report.html?id=d69efbd13dd8d3cbe9989841c5afb168df8eac819c84453f8301376ee35a4678-1277030353
It can also be something else,but just in case,keep a close(r) look at your banking accounts etc etc.
Btw: the spectrum of malware covered by Win32:MalOb consists of fake antiviruses, fake codecs, spam engines etc.What to imagine behind Win32:MalOb [Cryp] https://blog.avast.com/2009/07/29/what-to-imagine-behind-win32malob-cryp/
How do I remove all parts of it ? Avast only moves the A0117879.DLL to the virus chesthave you run a quick scan with Malwarebytes for a second opinion ?
MalOb-HF should detect various Vundo/Cidox versions… your file comes from restore point according to its name, thus it’s difficult to assign it to some other malware traces…
Malwarebytes shows this;
Malwarebytes’ Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 7993
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
21/10/2011 15:31:49
mbam-log-2011-10-21 (15-31-49).txt
Scan type: Quick scan
Objects scanned: 236512
Time elapsed: 12 minute(s), 19 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (Trojan.Agent) → Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Setup.exe (Trojan.Agent) → Quarantined and deleted successfully.
No mention of what the trojan was !
I am running a full scan now and will post the results in a few hours.
the only difference will be if it find something in system restore…
No mention of what the trojan was !It say Trojan.Agent....what more do you want
Malwarebytes did not find anything else.
I wanted the name of the trojan so that I can do some research to find what it does and how to completely remove it.
analysis result you get if you upload here
Norman Sandbox http://www.norman.com/security_center/security_tools/en-us
Comodo Sandbox http://camas.comodo.com/cgi-bin/submit
ThreatExpert http://www.threatexpert.com/submit.aspx