Ok. This weird virus was reported to me by a friend of mine. It’s an .exe file named “Instalar.exe”(Install.exe). When trying to delete it, both with avast! and automatically, it failed. The trojan keep returning. I said to him to send me the virus, but his email blocked it saying it was a virus, hotmail blocked the attachment, and gmail did the same. The log on his email is the one that follows:
VIRUS ALERT
Our content checker found
virus: Trojan.Bancos-8570
in an email to you from unknown sender:
?@localhost.localdomain
claiming to be: <ed.robson@enxuto.com.br>
Content type: Virus
Our internal reference code for your message is 29769-16/O0IPoEiOmq10
First upstream SMTP client IP address: [127.0.0.1] localhost.localdomain According to a 'Received:' trace, the message originated at: [127.0.0.1],
webmail.enxuto.com.br (localhost.localdomain [127.0.0.1])
Return-Path: <ed.robson@enxuto.com.br>
Message-ID: <23391775.123241203441395747.JavaMail.root@webmail.enxuto.com.br>
Subject: Virus
The message has been quarantined as: virus-O0IPoEiOmq10
Please contact your system administrator for details.
The virus that was detected by his SMTP system(Trojan.Bancos-8570)wasn’t found on the internet, nor in the avast! database. He sent me the file by skype, but avast! doesn’t accuse anything. If you need the file, I can post it.
Sorry for the bump, and for the double reply, but anyway, that solution didn’t fix our problem. If you can send me more information about those “banker fixes”, and what the virus might be, I’ll be thankful
Can he access this forum ? If so get him to run and post a log
Download & Run HijackThis.exe
[*]Download HJTInstall.exe to your Desktop.
[*]Doubleclick HJTInstall.exe to install it.
[*]By default it will install to C:\Program Files\Trend Micro\HijackThis .
[*]Click on Install.
[*]It will create a HijackThis icon on the desktop.
[*]Once installed, it will launch Hijackthis.
[*]Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
[*]Copy/Paste the log to your next reply please.
Don’t use the Analyse This button, its findings are dangerous if misinterpreted. Don’t have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.
Hello essexboy, I hope you don’t mind me sending a message to you, I am currently experiencing same incident, I have a Trojan on my desktop that doesn’t leave, please help me, I dint know what to do. I followed your advise by down loading “trend micro hijack”. can I send you the notepad “Copy/Paste the log”? Please help me I dont know what to do…to give you an over view, there is a pop-up screen in the center of my desktop that says “SAY NO TO DRUGS” flashing, no matter what I do it doesn’t get off. Again…Please help me?
Junah, better will be opening a new thread only for your problem.
Until there, I suggest:
Disable System Restore and reenable it after step 3.
Clean your temporary files.
Schedule a boot time scanning with avast with archive scanning turned on.
Use SUPERantispyware and/or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.