Exploit Trojan Fake Codec .. did 8 Steps 1st

[TheWildInside]

I found thisTrojan in my AVG's Web Shield line-up .. though as there was nothing in the "result" column (cleaned, deleted, healed, quarantined, etc.), I have no idea if it's actually resident on my laptop or not.

I ran MBAM, SAS and HijackThis .. logs attached for all three .. as well as loaded a new device called Threatfire that was recommended to me. None of them came up with anything more than tracking cookies. However, what little I was able to find on this trojan before attempting to clean it was that it tends to interfere with anti-virus programs, firewalls and system monitoring tools (as well as disabling Windows Registry editing tools), so perhaps it has already corrupted my guardian software. I updated everything before running, with no difficulty though.

Is there any clue in my logs as to whether or not this thing is actually resident on my laptop?

Many thanks for whatever assistance you can provide .. I'm lost otherwise

Karan

 

[B00kWyrm]

Hello Karan:wave:

Obviously, your MBAM and SAS logs look good. :grinthumb
Nothing significant jumps out at me in the HJT log, though I hope one of the experts here will review it, in case I missed something.

I wonder if AVG blocked the installation of this trojan?
When (under what circumstances) did you get the popup/alert?

AVG is a good product, when it doesn't cause problems (You can read other threads about this).
Some here will highly recommend other products, because of
1) problems they have seen in some situations (not all) with AVG8.
2) the fact that sometimes one AV package will catch some thing(s) that another missed.

As long as it is working well for you, and you are able to do updates, there is probably no strong reason to switch. But listen to your expert helper on this...

I would say, wait for one of the experts to weigh in...
and,
If you want to try another AV to see if it finds something that AVG missed, make sure that you follow the right steps to preserve what you have paid for, that you _fully_ uninstall it, and install the new package while off line, that you fully update the new package as soon as you go back on line.
The reason for uninstalling one av product before installing another is that they may (probably will) conflict with each other, and thus may leave you more exposed than if you have only one.

Be patient... One of the experts who so generously donates their time here will be able to provide good counsel for you.

 

[TheWildInside]

Hangin' in there

It had occurred to me that perhaps AVG had in fact blocked installation of the Trojan .. when I found nothing in the "result" column, it was my first thought. But I hate to assume anything when dealing with malware. (And I tend to get online less frequently when there's a possibility)

An AVG alert popped up in the middle of the screen with the Trojan name when my brother was surfing around on some video site. He closed the browser, hollered to me, and I immediately opened AVG to see what, if any, additional information might be there.

I downloaded and installed Threatfire because a TechSpot expert (Mike) suggested it and also mentioned that it works quite well with other AVs because it works differently, almost like a firewall. Unfortunately, I did install it while I was still online .. with several browsers open. Perhaps I should uninstall and start over?

I've updated and run everything again and still get nothing evident but tracking cookies .. I think when I had a problem with a trojan interfering with an AV before, it wouldn't even let me update, so I'm feeling a little less apprehensive, but still concerned.

Will await further word ...

Thanks,

Karan

 

[terrys321]

I just had a similar alert when I opened a message named "LOL Video" on Facebook. According to the info on the AVG ALERT window (free help) "The threats have already been blocked, and have not been allowed to get into your computer at all." A complete computer scan with AVG after this seemed to prove this.