Trojan horse BackDoor.Generic11.TDY

Status
Not open for further replies.
captaincranky

captaincranky

Posts: 19,684   +8,825
This evening AVG8.5 detected this object; Trojan horse BackDoor.Generic11.TDY in this file; D:\i386\APPS\App23942\win2000\igfxcfg.exe @ 4:28 PM

Later AVG detected this object; Trojan horse BackDoor.Generic11.TDY here; C:\WINDOWS\system32\igfxcfg.exe @6:28 PM

Both objects were sent to the Virus Vault. I suppose one question I have is, "is this just the installer package which didn't fully execute"?

Additionally, the computer was scanned with; M$ Malicious Software Removal Tool (May) Nothing was found.

SUPERantispyware; found 73 tracking cookies from the usual suspects, which were removed.

And also "Ad Aware" free which found only tracking cookies, again from IE, and which also were removed.

My computer is asymptomatic, no problems, and full speed ahead.

Now, I know what you're thinking, this is an Emachines so how could one tell if it was OK in the first place, but it is.

So, my only question is, is this likely the end of this infection issue, or are there more surprises in store?
 
I just had this same trojan pop up on a computer too. The file referenced as infected was: C:\System Volume Information\_restore{5C95B1C6-28A7-479B-9941-74B87D0A1FB1}\RP995\A003271.exe. The problem I'm having is that AVG is not able to clean it up. It says it cannot clean it up because some files cannot be fixed. Any thoughts about getting this resolved?
 
We had the same detection on a few machines yesterday. igfxcfg.exe appears to be an intel utitlity and it wouldn't suprise me if it is a false detection from AVG. it wouldn't be the first time AVG has thrown up flags about a legit program being a trojan.

I'm not worrying about it too much right now.
 
ajmlp said:
I just had this same trojan pop up on a computer too. The file referenced as infected was: C:\System Volume Information\_restore{5C95B1C6-28A7-479B-9941-74B87D0A1FB1}\RP995\A003271.exe. The problem I'm having is that AVG is not able to clean it up. It says it cannot clean it up because some files cannot be fixed. Any thoughts about getting this resolved?
Click to expand...


Well, since it is a restore point you could disable system restore and reboot then reenable it and that will delete all restore points on your machine. There are obvious ramifications of that though.

But your issue may be different then the OP's issue. Are you sure it said A003271.exe? Or was it A0003271.exe (extra "0")?
 
Thanks for the reply bcotti. I just rebooted the machine and things seem to be working now. Didn't disable system restore or anything. Guessing it's time to drop AVG and get something else.
 
I don't know that it is necessary to drop AVG. Avast is another free AV that works well. I was quite disappointed with AVG 8 as it seemed to cause a performance hit on machines but 8.5 does seem better.
 
OK, I'm sort of quoting everybody above....!

As to whether this is an Intel utility, it doesn't seem likely. I've made no driver updates or installs. "igfxtray.exe is an Intel graphics driver tray icon. (I think)This turkey (Emachine T-5026), has Intel 915 integrated graphics

AVG (v 8.5) also found entries in the system registry correlating to the same infection. Total of 4 detections.

The AVG scanner doesn't seem to be detecting them until the other scanners pass over the files. I could be wrong about this, but I don't think any of the detections were made "cold", so to speak.

AVG was able to transfer all files to the Virus Vault! (4 in total 2 files, 2 registry)

ajmlp; I really think you need to disable system restore temporarily to rid yourself fully of those registry entries.

All of you keep in mind that my machine is showing no symptoms! So any popups or whatnot you have may be associated with other problems.

Kritius: I'm working on the logs for you. Thanks very much for offering to check them out!
 
CaptainCranky, you are not really calling your beloved eMachines T-5026 a Turkey, are you? You have probably hurt its feelings, and it is sadly trying to show its displeasure.
 
I call my long time friend, and venerable computing machine a "turkey", for in doing so I deprive others of the pleasure of so doing! :p

I think she, (or he as the case may be), would understand that my motives are pure, and I am protecting her from further abuse at the hands of those who simply don't grasp the beauty of our relationship. :rolleyes:
 
captaincranky said:
As to whether this is an Intel utility, it doesn't seem likely. I've made no driver updates or installs. "igfxtray.exe is an Intel graphics driver tray icon. (I think)This turkey (Emachine T-5026), has Intel 915 integrated graphics

AVG (v 8.5) also found entries in the system registry correlating to the same infection. Total of 4 detections.

The AVG scanner doesn't seem to be detecting them until the other scanners pass over the files. I could be wrong about this, but I don't think any of the detections were made "cold", so to speak.

AVG was able to transfer all files to the Virus Vault! (4 in total 2 files, 2 registry)

ajmlp; I really think you need to disable system restore temporarily to rid yourself fully of those registry entries.

All of you keep in mind that my machine is showing no symptoms! So any popups or whatnot you have may be associated with other problems.

Kritius: I'm working on the logs for you. Thanks very much for offering to check them out!
Click to expand...

igfxcfg.exe is the legitimate name of an intel utility. google is your friend. so am i - it isn't a big deal. false alarm.

i can't post links yet but search google with the terms igfxcfg.exe & avg. go to the sixth link down and then follow that thread to the bottom. some solid info there - plus a few links (that i can't post here because i don't have 5 posts yet) to online AV engines to scan your PC if you are really worried.
 
bcotti said:
igfxcfg.exe is the legitimate name of an intel utility. google is your friend. so am i - it isn't a big deal. false alarm. .
Click to expand...

OK, I think we have sort of a semantic miscommunication here.

Yes, you are correct that "igfxcfg.exe" is a legitimate process. The tray process, igfxtray.exe, is the icon that summons this driver's console, more than likely.

But, what happened is this; AVG found this object "Trojan horse BackDoor.Generic11.TDY" in the file, "igfxcfg.exe".

"Trojan horse BackDoor.Generic11.TDY" is also appearing in a Windows system file, and 2 registry entries.
 
You must be serving it oceans of lotion. You must have the record for long life, but we better not find out that it is really a Packard Bell in that case.
 
8 Step Logs........

kritius said:
Perhaps there are more, want to post a log to see?
Click to expand...

Here are the 3 logs after several scans to get rid of tracking cookies.

I ran CCleaner.

I disabled system restore on all drives.

Please find also attached a jpeg screen cap of the original AVG alert, this is from the current status of the "virus vault".

Are we good to go?
 
8 Step Logs........

Will somebody please take a quick look at my logs? I don't think this is going to turn into a project. AVG isolated the trojan, mbam & SUPERantispyware show nothing, but I can't read the HJT, at least not all of it. Thanks

Bump!
 
HJT is clean,

One orphan to remove,

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

I'd like to see if there actually is anything there or if AVG was having one of it's funny moments,

f_Logo1m_7c1b64d.png
Run Kaspersky Online AV Scanner

In order to use it you have to use Internet Explorer.
Go to Kaspersky and click the Accept button at the end of the page.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
  • Read the Requirements and limitations before you click Accept.
  • Allow the ActiveX download if necessary.
  • Once the database has downloaded, click Next.
  • Click on "My Computer"
  • When the scan has completed, click Save Report As...
  • Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
  • Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
Attach the report into your next reply

If you are having trouble with the scan, please see this animated guide.

>>>Animated Guide<<<
 
Status
Not open for further replies.

Similar threads

midian182
Ad for a cheap BMW was used as Trojan horse in Russian cyberattack on Ukrainian diplomats
Replies
1
Views
340
Jaabaaar
Jaabaaar
E
Utah Supreme Court says suspects can refuse to hand over phone passwords to the police
2
Replies
29
Views
749
scavengerspc
scavengerspc
midian182
Study suggests China's online gaming restrictions might not be achieving intended results
Replies
2
Views
312
toooooot
T

Latest posts

Back