| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 128202 | 2012-12-06 00:08:00 | Trojan Heads Up | linw (53) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 1316718 | 2012-12-06 00:08:00 | Just dealt with two machines where Malwarebytes had signalled a Trojan presence. MBAM removed the executable but on a rerun still reported the Trojan. In both cases the executable was in the user's AppData\Local\Temp folder. The file name was random letters. The Trojan installer had entered a Load entry into the Registry and it had changed the Permissions so that the entry couldn't be deleted. This is what MBAM was responding to on subsequent runs. The registry entry was at HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows. Under the Windows entry was the Load exe entry. The permissions for 'Windows' only had Everyone with no rights. I ticked Full Control and was then able to delete the Load line. MBAM ran clean after this. That registry entry needs to be checked, it seems, as a 'Load' entry is executed at boot time. |
linw (53) | ||
| 1316719 | 2012-12-06 00:53:00 | Use ccleaner and it should delete whats in the temp folders. USe tdsskiller, and scan it for rootkits. Use something like trojan remover, and scan it as well after you update it | Speedy Gonzales (78) | ||
| 1316720 | 2012-12-06 02:56:00 | Actually Ccleaner doesn't get all the temp files. Try running TFC, that really cleans out the lot. www.bleepingcomputer.com |
wainuitech (129) | ||
| 1 | |||||