I have a Windows 2003 server with avast server version 4.8 installed and uptodate. It deosn’t detect a trojan that I have discover because each time a logon the programm SAFESRUF is run (I never install this soft). I stop the process and delete all the files in c:\windows\system 32\3com_dni\1\1\ including safesurf.exe and all the entry in windows registry. But after a logoff logon sequence the soft re appear. Avast doesn’t detect it. Does any body have a solution ?
send us (virus@avast.com) the file(s) to analyze. You can use processMonitor (http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx) to find which process creates it.
The problem is that I don’t have any infected files. No anti virus detect the Trojan. I have detected it because safesurf.exe is run on each logon and a windows appear with the lunch process of safesurf.exe
The exact description of this Trojan is http://www.viruslist.com/sp/weblog?weblogid=208187928 It includes all files and programs run. The problem is that it use only “Legal” progams that are not detected by any antivirus. According the ling above Kasperky calls it : Trojan-Clicker.Win32.FrusEfas I have used Kaspersky trial version but it didn’t detect anything.
Please help.
Try to use processMonitor to see what is causing the safesurf to run, or adding to registry for launching during logon.
Please send me e-mail, if you are still interested in copy of safe-surf virus files.
Just three days ago, I had same situation as described in original post.
It wasn’t difficult to trace and remove, but it took over the server not allowing for any access to it from outside.
Avast found only some .tmp files created by that virus.
I created c:\program files\microsoft directory.
I have it saved.
Please let me know if you still need a copy for research.
ps. link to the Microsoft tool you posted earlier in this thread does not work.
could you please update it?