Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Kaspersky: Trojan.Win32.AutoRun.atq. Has it been detected on MSE yet?


13 Nov 2010   #1

Windows 7 Ultimate 64 bit
 
 
Kaspersky: Trojan.Win32.AutoRun.atq. Has it been detected on MSE yet?

Hey again guys..

This time its a virus problem I'm having. A friend of mine (A) who uses KAV2011 detected this (Trojan.Win32.AutoRun.atq) on his thumbdrive. His thumbdrive was passed to me, which i passed to another friend of mine (B), who passed it back to him.

A uses KAV2011 and no anti-malware and is on 32 bit (OS unknown)
B uses Mcafee (just uninstalled) and MSE and Malwarebytes, on Win 7 x64

I use MSE as my main protection with Malwarebytes and Spybot S&D as scanners while using Win 7 32 bit

I haven't scanned my computer since using the thumbdrive and I plan to do so when i get home tomorrow.

But right now I've spoken to B who've just done a partial scan with Mcafee, full scan with MSE and MBAM, with no results. Definitions were updated.

This is why I was wondering, has the trojan been detected by MSE or MBAM yet?

According to Kaspersky's site, they've detected it since Nov 09 (Trojan.Win32.AutoRun.atq - Securelist)

And as a site note, what does the trojan do to the computer anyway?

Anyway, thanks for all your time.


My System SpecsSystem Spec
.

13 Nov 2010   #2
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

That drive needs to be disinfected!! http://download.bleepingcomputer.com...isinfector.exe

*** Note: Be sure to insert your flashdrives before you begin!
Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
Wait until it has finished scanning and then exit the program.
Reboot your computer when done.
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.

PS ... my antivirus was claiming that a virus wanted access to my computer when I clicked on the disinfector link. It's a direct download, and it's safe!
My System SpecsSystem Spec
13 Nov 2010   #3

Windows 7 Ultimate 64 bit
 
 

The thing is, the thumb's his and his AV managed to remove it successfully? I don't think I need it... All i'm worried about is the uncertainty if I, or B has it since MSE and MBAM had no results on B's computer.
My System SpecsSystem Spec
.


13 Nov 2010   #4
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

.Win32.AutoRun.atq is Backdoor.SDBot. This means that it is a password stealer, plus the worm provides an attacker remote access to the affected machine, and may also steal sensitive information and initiate Denial of Service attacks.
My System SpecsSystem Spec
13 Nov 2010   #5

windows 7 Ultimate x64
 
 

My System SpecsSystem Spec
13 Nov 2010   #6

Windows 7 Ultimate 64 bit
 
 

I saw that one already, but the one i posted above seems to be quite new. But guessing from that page, the new atp variant isn't detected yet?
My System SpecsSystem Spec
13 Nov 2010   #7
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

My System SpecsSystem Spec
14 Nov 2010   #8

Windows 7 Ultimate 64 bit
 
 

yeah. its not listed.

I still haven't gotten an answer to my main question though..

Has it been detected on MSE?
My System SpecsSystem Spec
14 Nov 2010   #9

W7 X-64 W8.1 X-64 Opensuse 13.1 W2003 Server
 
 

Hi there
Since ANY AV software can NEVER be guaranteed to be 100% effective how can you assume that a VIRUS REMOVER is also 100% effective.

Especially for something like a password stealer -- I would have NO hesitation here about either doing a COMPLETE RESTORE of a KNOWN clean system backup or a COMPLETE DISK FORMAT via security erase ( write Binary zeros on every sector --not just the standard format) and then RE-INSTALL WINDOWS.

I certainly would NEVER EVER trust a previously infected computer that hat merely been cleansed by some AV software.

It's moot as to whether its been detected on MSE or not -- if you don't get Viruses in the first place its difficult to find out --

What IS more important is that your computer has been infected and what you should do about it.

Cheers
jimbo
My System SpecsSystem Spec
14 Nov 2010   #10

Windows 7 Ultimate x64 SP1
 
 

Quote   Quote: Originally Posted by cheewongken View Post
yeah. its not listed.

I still haven't gotten an answer to my main question though..

Has it been detected on MSE?



Only .atq variants listed for MSE are these 3. So sounds like possibly it hasn't yet.

Encyclopedia Search Results: atq - Learn more about malware - Microsoft Malware Protection Center
My System SpecsSystem Spec
Reply

 Kaspersky: Trojan.Win32.AutoRun.atq. Has it been detected on MSE yet?




Thread Tools



Similar help and support threads for2: Kaspersky: Trojan.Win32.AutoRun.atq. Has it been detected on MSE yet?
Thread Forum
Trojan.Win32.Jorik.Midhos.axf System Security
Trojan:Win32/FakeSysdef System Security
Solved Trojan:Win32/Comroki!rts System Security
Win32/Lethic is a trojan Security News
Trojan: Win32/Bumat!rts detected from ImgBurn System Security
trojan downloader:win32/cutwail.ba HELP! System Security
Trojan-Downloader.Win32.VB.bbl System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 12:15 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33