Hey. Ive encoutered a trojan problem and would like to hear some opinions…
Yesterday i scanned my comp and in system32/config/regback folder avast found an infected file called COMPONENTS.OLD
Avast said that the file was infected with Win32:Agent-CWD… I chose to put it into chest and it said that it succeded… So today i restart my comp and scan Windows folder again… And it turns out that i find the same file infected with Win32:Baidubar-B… Ive read that Baidubar is some sort of Chinese toolbar…
It is a bit of a strange file type to get a detection on, .old.
What is strange is that having been sent to the chest, unless there were errors (displayed) then it should be in the chest. If it is regenerated, especially as it is now under a different detected malware name, there is something very strange going on.
Do you have any other security software installed, especially something that would manage registry changes, which could possibly be creating/saving configurations/registry settings ?
If it keeps coming back, there is likely to be an undetected or hidden element to the infection that restores or downloads the file again. What is your firewall ?
If you haven’t already got this software (freeware), download, install, update and run it and report the findings (it should product a log file).
MalwareBytes Anti-Malware, On-Demand only in free version http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe, right click on the link and select Save As or Save File (As depending on your browser), save it to a location where you can find it easily later. - 2. SUPERantispyware On-Demand only in free version.
Don’t worry about reported tracking cookies they are a minor issue and not one of security, allow SAS to deal with them though. - See http://en.wikipedia.org/wiki/HTTP_cookie.
Thanks for the help… I just did a boot scan and an normal scan of that folder again and it found nothing… So it seems that i am “clean”… I was just suprised over that it “re created” itself one time… Never seen that before.
And thanks for the software tips, but i already got both of them