Hello guys. This is my first posting on avast’s site, although I’ve been an avast! user for years now.
This is one Trojan I really had a problem getting the “Move to chest” button to work on. It simply didn’t work; or maybe it did, and it just kept finding spawned copies of the Trojan again? (??)
Problems I’m having at the moment with avast!
The file is in my temp file and if I click on “Move to chest” (well the information has changed now from what it was earlier) – at first there was an error, saying it couldn’t be moved because another program was using it. Now the error states “Cannot process” - There is not enough space on the disk.
- How was it detected? What was scanning, you yourself or the back-ground scanner? When did the message occur on a download, unzipping, opening a file, mail or mail-attachment, etc.?
Reading on this forum I’ve discovered it is a “Backdoor Trojan”.
I’ll have to say this problem was caused by me clicking on a link. I was looking at a supposed MSNBC link and I clicked on it to read the news. Things started to get hung up, I click CTL-ALT-DEL to force IE to close. I got 2 Not Responding messages.
Then I had avast!'s Nuclear warning go off, saying it had found a virus, the one I listed above in this post Win32:Agent-MYB [trj] rhcl9tj0end.exe
When I tried to move the file to the chest, avast! gave an error message that stated that it wasn’t able to move it, because the file was being used elsewhere.
For about an hour now I have been doing an avast! Virus Cleaner Tool scan, and earlier I scanned with AdAware. AdAware didn’t find anything wrong with my system with this new Trojan I think I found.
It’s possible the name of this virus is so new, it’s not really “out there” yet. I did a google search and only found one reference to it on a Germany site w/a broken link.
- What was the source of the file, where did the file come from?.: e.g. address, URL, source.
I felt a chill of regret as I looked back at the MSNBC file I received in my email. The email sender was malariap1958@yahoo.com. I knew I had screwed up.
-
When was it downloaded or received?
About 12.20pm, Wednesday August 13, 2008. -
What is the exact file name with extension.
[b]Win32:Agent-MYB [trj]
rhcl9tj0end.exe[/b]
It is referred to as being a “helpful antivirus software program” called “Antivirus XP 2008”
- What was the exact wording of the message that the AV program came up with? This is important for later.
“A Trojan Horse Was Found!”
Available actions (Move/rename - Delete - Move to Chest)
Recommended action: Move to chest
(I filled out a Virus report about this virus.)
Important!!! CLICKING on “Move to chest” isn’t working as it usually does – brings up a red, avast! error saying at first that it could not be moved because the file was being used by another program. (I’m assuming in this case it was Internet Explorer.) Now it’s saying there isn’t enough room on the disk to move the file - not sure if they’re talking about the temp file? I don’t know what this means, I have about 200 gigs left on my hard drive. (Plz forgive my ignorance here.)
- Now go back and do nothing yet. Scan the particular file once again with your AV product.
If I right click on the file in its location to do an avast! scan (C:\Program Files\rhcl9tj0end1) - nothing happens!
I have tried to end the process of rhcl9tj0end1.exe in Windows Task Manager (CTL-ALT-DEL) but nothing happens. The Trojan is using 37,788K.
I have WinXP SP3 w/all updates. There was just an update last night that I installed as well. AdAware and SpyBot is up to date.
I was real worried about Adaware not finding anything wrong w/my computer, so I’m running a scan again.
EDIT! I forgot to add a couple of details that also happened during the infection of my computer. There’s a bright blue screen that replaced my own BG image and it says “Warning! Spyware detected on your computer! Install an antivirus or spyware remover to clean your computer.”
Also in the first few minutes of the virus, it had installed a small icon in my processes area - over there were avast! is located. Every once in a while it would pop up a note saying my computer was infected w/1795 viruses or so. The icon is gone, but the process of the trojan .exe file is still appearing in my Task Manager.