trojan

A0079861.exe C:\system volume information_restore… win32:Fraudo (trj)
ieupdates.exe C:\WINDOWS\system32 win32:Fraudo (trj)
zs880000[1].exe C:\Documents and settings\my name… win32:Fraudo (trj)

Hi guys Avast has come up with the above i have moved these to the fault but to be honest don’t know what it means or what to do with the files for the best. I understand that its a trojan but thats about it. whats the best advice for these files that you can give bearing in mind i am not a computer genius and don’t really understand a lot about spy ware etc etc etc.
Thankyou

The win32.fraudo is the same as these antivirus 2008 style fake virus alerts trying to extract money (fraudulently) by having you buy the program.

Since this has been detected I would also suggest you run these other tools, see below. I would also suggest you clear your temporary internet files and temporary folders, etc.

If you haven’t already got this software (freeware), download, install, update and run it, preferably in safe mode and report the findings (it should product a log file).

  1. SUPERantispyware On-Demand only in free version.

  2. MalwareBytes Anti-Malware freeware version http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe, right click on the link and select Save As or Save File (As depending on your browser), save it to a location where you can find it easily later.

Thanks David this makes sense as not to long ago i did get av2009 come up and even when i tried to stop the install it ignored my requests and avast alerted me i’ll download both items you suggest.

Malwarebytes’ Anti-Malware 1.28
Database version: 1226
Windows 5.1.2600 Service Pack 3

02/10/2008 20:40:05
mbam-log-2008-10-02 (20-40-05).txt

Scan type: Full Scan (C:|D:|)
Objects scanned: 95978
Time elapsed: 20 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Ok so here are the results of the malware scan with the trj still in the avast chest i hope i’ve got this right will post results of SUPER once i can get the software on comp

everytime i try and get the SUPER i keep getting corrupt installation detected???

leave those files in the chest
It is really strange that MBAM did not find any additional Fragments from a fraudo infection
you can try and get SAS working
or how about an online scan with Kaspersky (use IE)
spybot search and destroy and A-squared are also reliable scanners
(due to possible False Positives always quarantine - do not remove/ delete

you can read the stickie at the top of this forum and post a Hijack this
read all the instructions

so -second opinion time
another AV scan
another Spybot/antimalware scn

Are you using a download manager to download SAS ?
You could try another location to download - http://www.filehippo.com/download_superantispyware/.

Also Try this tool, RogueRemover, available here http://www.malwarebytes.org/rogueremover.php

av2009 might well have something to hide components so some more tools.
Also see, anti-rootkit, detection, removal & protection http://www.antirootkit.com/software/index.htm. Try these as they are some of the more efficient and user friendly anti-rootkit tools.