Help
Hi guys, really hope someone can help...
I have Kaspersky Anti-Virus software on my desktop, with the standard Microsoft Security Essentials still enabled.
Recently i have been receiving a lot of notifications from MSE regarding TrojanDownloader.ASX/Winmad.AT and TrojanDownloader.ASX/Winmad.BX. These have only been detected by MSE and not by Kaspersky... The infected files seem to be disguised as music files.. (locations of files at end of thread). As you can see, they are all located in the designated antimalware folder of MSC yet they are still posing as a threat. I have tried deleting the files, but for some reason the command wont follow through.
Any help is much appreciated.
Many thanks,
Simon
file:C:\$Recycle.Bin\S-1-5-21-1447110156-1115023131-873500096-1001\$R50NM38.mp3->(ASF_Script_Commands)
file:C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\New folder\{0ED11889-8461-487A-B651-DE283C4E1545}-$RV89RAT.mp3->(ASF_Script_Commands)
file:C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\New folder\{24266D31-9E85-4604-8BC9-78BB0919A15C}-i remember deadman5 & kaskade.mp3->(ASF_Script_Commands)
file:C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\New folder\{2892642F-A749-412D-8A47-F44E2F8A7778}-$RV89RAT.mp3->(ASF_Script_Commands)
file:C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\New folder\{7FB44773-36A5-45FB-8CBE-AB43DBA6808E}-relicario cassia eller & nando new single.mp3->(ASF_Script_Commands)
file:C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\New folder\{FFFC0F15-49C2-483F-B88D-083119AC5CD8}-last remaining light (new album).mp3->(ASF_Script_Commands)
file:C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{0ED11889-8461-487A-B651-DE283C4E1545}-$RV89RAT.mp3->(ASF_Script_Commands)
file:C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{24266D31-9E85-4604-8BC9-78BB0919A15C}-i remember deadman5 & kaskade.mp3->(ASF_Script_Commands)
file:C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{2892642F-A749-412D-8A47-F44E2F8A7778}-$RV89RAT.mp3->(ASF_Script_Commands)
file:C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{3AC9912E-00F1-4DF4-A191-D6B7297CF0D0}-relicario cassia eller & nando new single.mp3->(ASF_Script_Commands)
file:C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{43786908-799B-420C-B47B-14CFDC82303B}-i remember deadman5 & kaskade.mp3->(ASF_Script_Commands)
file:C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{57E2FA73-2314-4438-8A29-EF5AA5DAB7AF}-soon enough constantinies (high bitrate).mp3->(ASF_Script_Commands)
file:C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{7FB44773-36A5-45FB-8CBE-AB43DBA6808E}-relicario cassia eller & nando new single.mp3->(ASF_Script_Commands)
file:C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{95676D35-9CDC-449B-B283-9E2CD9D881E2}-last remaining light (new album).mp3->(ASF_Script_Commands)
file:C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{A5A8FB05-3455-4284-8E97-34F2F7472C8A}-soon enough constantinies (high bitrate).mp3->(ASF_Script_Commands)
file:C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{FFFC0F15-49C2-483F-B88D-083119AC5CD8}-last remaining light (new album).mp3->(ASF_Script_Commands)
file:F:\$RECYCLE.BIN\S-1-5-21-1447110156-1115023131-873500096-1001\$RV89RAT.mp3->(ASF_Script_Commands)
filelocalcopy:C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{0ED11889-8461-487A-B651-DE283C4E1545}-$RV89RAT.mp3
filelocalcopy:C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{2892642F-A749-412D-8A47-F44E2F8A7778}-$RV89RAT.mp3
filelocalcopy:C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{3AC9912E-00F1-4DF4-A191-D6B7297CF0D0}-relicario cassia eller & nando new single.mp3
filelocalcopy:C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{43786908-799B-420C-B47B-14CFDC82303B}-i remember deadman5 & kaskade.mp3
filelocalcopy:C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{7FB44773-36A5-45FB-8CBE-AB43DBA6808E}-relicario cassia eller & nando new single.mp3
filelocalcopy:C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{95676D35-9CDC-449B-B283-9E2CD9D881E2}-last remaining light (new album).mp3
filelocalcopy:C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{A5A8FB05-3455-4284-8E97-34F2F7472C8A}-soon enough constantinies (high bitrate).mp3
filelocalcopy:C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{FFFC0F15-49C2-483F-B88D-083119AC5CD8}-last remaining light (new album).mp3
filelocalcopy:\\?\C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{24266D31-9E85-4604-8BC9-78BB0919A15C}-i remember deadman5 & kaskade.mp3
Page 1 of 1
Please Help... 'trojan Downloader' Detected With Microsoft Security Essentials, But Not Kaspersky Virus and Trojan
#1
Simonworrall36 
- Newbie
-
- Group: New Member
- Posts: 3
- Joined: 21-January 12
Posted 21 January 2012 - 02:35 PM
#2
LiveBrianD
- Elite
-
- Group: Members
- Posts: 11,174
- Joined: 31-December 09
- Location:Right behind you... made you look! :D
Posted 21 January 2012 - 04:38 PM
I looked this up, and what these multimedia files do is exploit a bug in the program/codec playing them. Yes, I would delete these. Also, you only want one AV program running at once. (I use MSE myself and it's pretty good.) Can't you delete the files from MSE (in the list of detected files)?
Spoiler
"The Internet will be used for all kinds of spurious things, including fake quotes from smart people." -Albert EinsteinNeed a Windows ISO image?
#3
Simonworrall36
- Newbie
-
- Group: New Member
- Posts: 3
- Joined: 21-January 12
Posted 22 January 2012 - 02:21 AM
Hi,
Thank you for the reply.
For some reason i can not delete them. i have tried numerous times and all i get is a loading bar for eternity.. i have tried right clicking delete, delete key, cut and paste into the recycle bin and dragging into the recycle bin. are there any other techniques i can use?
Whenever MSE detects these threats, it tries to remove them. However, after i click clean computer, the location of the threats is 'not found'.. what does this mean?
Many thanks,
Simon
Thank you for the reply.
For some reason i can not delete them. i have tried numerous times and all i get is a loading bar for eternity.. i have tried right clicking delete, delete key, cut and paste into the recycle bin and dragging into the recycle bin. are there any other techniques i can use?
Whenever MSE detects these threats, it tries to remove them. However, after i click clean computer, the location of the threats is 'not found'.. what does this mean?
Many thanks,
Simon
#4
Simonworrall36
- Newbie
-
- Group: New Member
- Posts: 3
- Joined: 21-January 12
Posted 22 January 2012 - 02:36 AM
Hello,
I have just managed to delete the files.. tho MSE went insane when i moved them out of the Local Copy folder and into the bin. Emptied the recycle bin, and now scanning the PC.
Si
I have just managed to delete the files.. tho MSE went insane when i moved them out of the Local Copy folder and into the bin. Emptied the recycle bin, and now scanning the PC.
Si
#5
SpiritWind
- Expert
-
- Group: Members
- Posts: 2,425
- Joined: 19-August 06
Posted 22 January 2012 - 01:37 PM
Hi Simon :
Except under unusual circumstances, One should NOT have
more than one "antiVIRUS" program on a computer
(MSE and Kaspersky together do NOT come under the
"unusual circumstances" ) . The "files" you MAY have
"detected" MAY be part of a group that have evaded
detection at this time . "Trojan Downloader(s)" are
nothing to mess around with . Seems wise to have your
computer checked out by an experienced, trained,
certified, VOLUNTEER "Malware Removal Specialist" found
on many Advanced malware removal forums ; the One I
recommend is at http://www.geekstogo.com/forum .
Except under unusual circumstances, One should NOT have
more than one "antiVIRUS" program on a computer
(MSE and Kaspersky together do NOT come under the
"unusual circumstances" ) . The "files" you MAY have
"detected" MAY be part of a group that have evaded
detection at this time . "Trojan Downloader(s)" are
nothing to mess around with . Seems wise to have your
computer checked out by an experienced, trained,
certified, VOLUNTEER "Malware Removal Specialist" found
on many Advanced malware removal forums ; the One I
recommend is at http://www.geekstogo.com/forum .
#7
LiveBrianD
- Elite
-
- Group: Members
- Posts: 11,174
- Joined: 31-December 09
- Location:Right behind you... made you look! :D
Posted 05 February 2012 - 11:29 AM
Yep. Somehow yesterday I ran into a malicious PDF, and MSE popped right up and deleted it for me. Apparently it had a javascript exploit or something.
Spoiler
"The Internet will be used for all kinds of spurious things, including fake quotes from smart people." -Albert EinsteinNeed a Windows ISO image?
#8
jasonmaner
- Newbie
-
- Group: New Member
- Posts: 2
- Joined: 10-August 12
Posted 16 August 2012 - 03:30 AM
Simonworrall36, on 21 January 2012 - 02:35 PM, said:
Hi guys, really hope someone can help...
I have Kaspersky Anti-Virus software on my desktop, with the standard Microsoft Security Essentials still enabled.
Recently i have been receiving a lot of notifications from MSE regarding TrojanDownloader.ASX/Winmad.AT and TrojanDownloader.ASX/Winmad.BX. These have only been detected by MSE and not by Kaspersky... The infected files seem to be disguised as music files.. (locations of files at end of thread). As you can see, they are all located in the designated antimalware folder of MSC yet they are still posing as a threat. I have tried deleting the files, but for some reason the command wont follow through.
Any help is much appreciated.
Many thanks,
Simon
file:C:\$Recycle.Bin\S-1-5-21-1447110156-1115023131-873500096-1001\$R50NM38.mp3->(ASF_Script_Commands)
file:C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\New folder\{0ED11889-8461-487A-B651-DE283C4E1545}-$RV89RAT.mp3->(ASF_Script_Commands)
file:C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\New folder\{24266D31-9E85-4604-8BC9-78BB0919A15C}-i remember deadman5 & kaskade.mp3->(ASF_Script_Commands)
file:C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\New folder\{2892642F-A749-412D-8A47-F44E2F8A7778}-$RV89RAT.mp3->(ASF_Script_Commands)
file:C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\New folder\{7FB44773-36A5-45FB-8CBE-AB43DBA6808E}-relicario cassia eller & nando new single.mp3->(ASF_Script_Commands)
file:C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\New folder\{FFFC0F15-49C2-483F-B88D-083119AC5CD8}-last remaining light (new album).mp3->(ASF_Script_Commands)
file:C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{0ED11889-8461-487A-B651-DE283C4E1545}-$RV89RAT.mp3->(ASF_Script_Commands)
file:C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{24266D31-9E85-4604-8BC9-78BB0919A15C}-i remember deadman5 & kaskade.mp3->(ASF_Script_Commands)
file:C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{2892642F-A749-412D-8A47-F44E2F8A7778}-$RV89RAT.mp3->(ASF_Script_Commands)
file:C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{3AC9912E-00F1-4DF4-A191-D6B7297CF0D0}-relicario cassia eller & nando new single.mp3->(ASF_Script_Commands)
file:C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{43786908-799B-420C-B47B-14CFDC82303B}-i remember deadman5 & kaskade.mp3->(ASF_Script_Commands)
file:C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{57E2FA73-2314-4438-8A29-EF5AA5DAB7AF}-soon enough constantinies (high bitrate).mp3->(ASF_Script_Commands)
file:C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{7FB44773-36A5-45FB-8CBE-AB43DBA6808E}-relicario cassia eller & nando new single.mp3->(ASF_Script_Commands)
file:C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{95676D35-9CDC-449B-B283-9E2CD9D881E2}-last remaining light (new album).mp3->(ASF_Script_Commands)
file:C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{A5A8FB05-3455-4284-8E97-34F2F7472C8A}-soon enough constantinies (high bitrate).mp3->(ASF_Script_Commands)
file:C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{FFFC0F15-49C2-483F-B88D-083119AC5CD8}-last remaining light (new album).mp3->(ASF_Script_Commands)
file:F:\$RECYCLE.BIN\S-1-5-21-1447110156-1115023131-873500096-1001\$RV89RAT.mp3->(ASF_Script_Commands)
filelocalcopy:C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{0ED11889-8461-487A-B651-DE283C4E1545}-$RV89RAT.mp3
filelocalcopy:C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{2892642F-A749-412D-8A47-F44E2F8A7778}-$RV89RAT.mp3
filelocalcopy:C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{3AC9912E-00F1-4DF4-A191-D6B7297CF0D0}-relicario cassia eller & nando new single.mp3
filelocalcopy:C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{43786908-799B-420C-B47B-14CFDC82303B}-i remember deadman5 & kaskade.mp3
filelocalcopy:C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{7FB44773-36A5-45FB-8CBE-AB43DBA6808E}-relicario cassia eller & nando new single.mp3
filelocalcopy:C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{95676D35-9CDC-449B-B283-9E2CD9D881E2}-last remaining light (new album).mp3
filelocalcopy:C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{A5A8FB05-3455-4284-8E97-34F2F7472C8A}-soon enough constantinies (high bitrate).mp3
filelocalcopy:C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{FFFC0F15-49C2-483F-B88D-083119AC5CD8}-last remaining light (new album).mp3
filelocalcopy:\\?\C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{24266D31-9E85-4604-8BC9-78BB0919A15C}-i remember deadman5 & kaskade.mp3
I have Kaspersky Anti-Virus software on my desktop, with the standard Microsoft Security Essentials still enabled.
Recently i have been receiving a lot of notifications from MSE regarding TrojanDownloader.ASX/Winmad.AT and TrojanDownloader.ASX/Winmad.BX. These have only been detected by MSE and not by Kaspersky... The infected files seem to be disguised as music files.. (locations of files at end of thread). As you can see, they are all located in the designated antimalware folder of MSC yet they are still posing as a threat. I have tried deleting the files, but for some reason the command wont follow through.
Any help is much appreciated.
Many thanks,
Simon
file:C:\$Recycle.Bin\S-1-5-21-1447110156-1115023131-873500096-1001\$R50NM38.mp3->(ASF_Script_Commands)
file:C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\New folder\{0ED11889-8461-487A-B651-DE283C4E1545}-$RV89RAT.mp3->(ASF_Script_Commands)
file:C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\New folder\{24266D31-9E85-4604-8BC9-78BB0919A15C}-i remember deadman5 & kaskade.mp3->(ASF_Script_Commands)
file:C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\New folder\{2892642F-A749-412D-8A47-F44E2F8A7778}-$RV89RAT.mp3->(ASF_Script_Commands)
file:C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\New folder\{7FB44773-36A5-45FB-8CBE-AB43DBA6808E}-relicario cassia eller & nando new single.mp3->(ASF_Script_Commands)
file:C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\New folder\{FFFC0F15-49C2-483F-B88D-083119AC5CD8}-last remaining light (new album).mp3->(ASF_Script_Commands)
file:C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{0ED11889-8461-487A-B651-DE283C4E1545}-$RV89RAT.mp3->(ASF_Script_Commands)
file:C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{24266D31-9E85-4604-8BC9-78BB0919A15C}-i remember deadman5 & kaskade.mp3->(ASF_Script_Commands)
file:C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{2892642F-A749-412D-8A47-F44E2F8A7778}-$RV89RAT.mp3->(ASF_Script_Commands)
file:C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{3AC9912E-00F1-4DF4-A191-D6B7297CF0D0}-relicario cassia eller & nando new single.mp3->(ASF_Script_Commands)
file:C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{43786908-799B-420C-B47B-14CFDC82303B}-i remember deadman5 & kaskade.mp3->(ASF_Script_Commands)
file:C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{57E2FA73-2314-4438-8A29-EF5AA5DAB7AF}-soon enough constantinies (high bitrate).mp3->(ASF_Script_Commands)
file:C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{7FB44773-36A5-45FB-8CBE-AB43DBA6808E}-relicario cassia eller & nando new single.mp3->(ASF_Script_Commands)
file:C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{95676D35-9CDC-449B-B283-9E2CD9D881E2}-last remaining light (new album).mp3->(ASF_Script_Commands)
file:C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{A5A8FB05-3455-4284-8E97-34F2F7472C8A}-soon enough constantinies (high bitrate).mp3->(ASF_Script_Commands)
file:C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{FFFC0F15-49C2-483F-B88D-083119AC5CD8}-last remaining light (new album).mp3->(ASF_Script_Commands)
file:F:\$RECYCLE.BIN\S-1-5-21-1447110156-1115023131-873500096-1001\$RV89RAT.mp3->(ASF_Script_Commands)
filelocalcopy:C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{0ED11889-8461-487A-B651-DE283C4E1545}-$RV89RAT.mp3
filelocalcopy:C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{2892642F-A749-412D-8A47-F44E2F8A7778}-$RV89RAT.mp3
filelocalcopy:C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{3AC9912E-00F1-4DF4-A191-D6B7297CF0D0}-relicario cassia eller & nando new single.mp3
filelocalcopy:C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{43786908-799B-420C-B47B-14CFDC82303B}-i remember deadman5 & kaskade.mp3
filelocalcopy:C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{7FB44773-36A5-45FB-8CBE-AB43DBA6808E}-relicario cassia eller & nando new single.mp3
filelocalcopy:C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{95676D35-9CDC-449B-B283-9E2CD9D881E2}-last remaining light (new album).mp3
filelocalcopy:C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{A5A8FB05-3455-4284-8E97-34F2F7472C8A}-soon enough constantinies (high bitrate).mp3
filelocalcopy:C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{FFFC0F15-49C2-483F-B88D-083119AC5CD8}-last remaining light (new album).mp3
filelocalcopy:\\?\C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{24266D31-9E85-4604-8BC9-78BB0919A15C}-i remember deadman5 & kaskade.mp3
My PC was also infected with a threat namely Trojan.Downloader.Waledac.R and the condition was similar as you are going through right now! However, being a novice, I decided to take the help of an expert. May be you should try this one here:
http://www.microsoft...aASX%2fWimad.AT
#9
johhny
- Advanced Member
-
- Group: Members
- Posts: 102
- Joined: 07-August 12
Posted 17 August 2012 - 12:14 AM
First of all, install only one antivirus program on your computer as it degrades the performance of it. That is good if you have MSE installed on your system then no need to go for the Kaspersky Antivirus. You need to update MSE and perform a complete scan on your system. Try repairing the files detected as infected. In future, scan every external storage device while connecting to your system. Also install kaspersky Internet Security suite if you use internet.
This post has been edited by johhny: 17 August 2012 - 12:15 AM
Share this topic:
Page 1 of 1