While running Windows Update on my Windows 2000 machine, Avast! started picking up a number of ‘trojan’ files and recommended that I place them in the chest which I did. However the same files kept popping back up again and again and I also started recieving messages telling me the ‘trojan’ file could not be found. My question is this:
Is Avast! picking up Windows Update files and flagging them as trojan files?
My machine has the Sasser patch already installed and is currently running SP4
One of the trojan files it found is called ‘KEVEJEKIM.exe’
The other puzzling thing is while checking through Windows Task Manager I noticed a number of processes running that I have never seen before:
Hahahah you must be joking this machine was running slower than a elderly tortoise with no legs! I sent that message at work, I’ve just re-installed Win 2K, SP4 and the Sasser Patch. I’m currently using the internet without Avast! installed and I haven’t got around to putting the updates on. Currently the machine is running nice and smooth with the internet running as should be.
I don’t want to go through all that hassle again! Should I put the updates on first then install Avast!? Is Avast! picking up the Microsoft Update files as Trojans?
Spoke to soon system is acting real strange now. Slow doing anything and mouse cursor bouncing all over the screen ‘wiping’ the screen to show what’s underneath. Not happy, here’s the hijackthis log…
Logfile of HijackThis v1.99.1
Scan saved at 00:50:25, on 22/04/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000)
CHECKING HIJACKTHIS, WINDOWS, INTERNET EXPLORER AND FIREWALL :
Old version of Internet Explorer detected, please update.
Your operating system is not up to date. (Latest service pack not installed)
No software firewall detected. If you are not using a
hardware firewall, it is highly recommended to install one.
GENERAL INFORMATION :
All items in the original HijackThis log file which
are not shown here need further investigation.
Internet Explorer Extra ‘Tools’ menuitems and buttons
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
Then Run a boot time scan with avast set to scan inside archives (Open Avast > Menu (top left hand corner) >Boot time scan)
Then run any spyware scanners you have (Spybot/Ad-aware etc)
Then search for and delete these files: (if there)