Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Kaspersky: Trojan.Win32.AutoRun.atq. Has it been detected on MSE yet?

13 Nov 2010   #1
cheewongken

Windows 7 Ultimate 64 bit
 
 
Kaspersky: Trojan.Win32.AutoRun.atq. Has it been detected on MSE yet?

Hey again guys..

This time its a virus problem I'm having. A friend of mine (A) who uses KAV2011 detected this (Trojan.Win32.AutoRun.atq) on his thumbdrive. His thumbdrive was passed to me, which i passed to another friend of mine (B), who passed it back to him.

A uses KAV2011 and no anti-malware and is on 32 bit (OS unknown)
B uses Mcafee (just uninstalled) and MSE and Malwarebytes, on Win 7 x64

I use MSE as my main protection with Malwarebytes and Spybot S&D as scanners while using Win 7 32 bit

I haven't scanned my computer since using the thumbdrive and I plan to do so when i get home tomorrow.

But right now I've spoken to B who've just done a partial scan with Mcafee, full scan with MSE and MBAM, with no results. Definitions were updated.

This is why I was wondering, has the trojan been detected by MSE or MBAM yet?

According to Kaspersky's site, they've detected it since Nov 09 (Trojan.Win32.AutoRun.atq - Securelist)

And as a site note, what does the trojan do to the computer anyway?

Anyway, thanks for all your time.


My System SpecsSystem Spec
.

13 Nov 2010   #2
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

That drive needs to be disinfected!! http://download.bleepingcomputer.com...isinfector.exe

*** Note: Be sure to insert your flashdrives before you begin!
Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
Wait until it has finished scanning and then exit the program.
Reboot your computer when done.
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.

PS ... my antivirus was claiming that a virus wanted access to my computer when I clicked on the disinfector link. It's a direct download, and it's safe!
My System SpecsSystem Spec
13 Nov 2010   #3
cheewongken

Windows 7 Ultimate 64 bit
 
 

The thing is, the thumb's his and his AV managed to remove it successfully? I don't think I need it... All i'm worried about is the uncertainty if I, or B has it since MSE and MBAM had no results on B's computer.
My System SpecsSystem Spec
.


13 Nov 2010   #4
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

.Win32.AutoRun.atq is Backdoor.SDBot. This means that it is a password stealer, plus the worm provides an attacker remote access to the affected machine, and may also steal sensitive information and initiate Denial of Service attacks.
My System SpecsSystem Spec
13 Nov 2010   #5
erica647

windows 7 Ultimate x64
 
 

My System SpecsSystem Spec
13 Nov 2010   #6
cheewongken

Windows 7 Ultimate 64 bit
 
 

I saw that one already, but the one i posted above seems to be quite new. But guessing from that page, the new atp variant isn't detected yet?
My System SpecsSystem Spec
13 Nov 2010   #7
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

My System SpecsSystem Spec
14 Nov 2010   #8
cheewongken

Windows 7 Ultimate 64 bit
 
 

yeah. its not listed.

I still haven't gotten an answer to my main question though..

Has it been detected on MSE?
My System SpecsSystem Spec
14 Nov 2010   #9
jimbo45

Linux CENTOS 7 / various Windows OS'es and servers
 
 

Hi there
Since ANY AV software can NEVER be guaranteed to be 100% effective how can you assume that a VIRUS REMOVER is also 100% effective.

Especially for something like a password stealer -- I would have NO hesitation here about either doing a COMPLETE RESTORE of a KNOWN clean system backup or a COMPLETE DISK FORMAT via security erase ( write Binary zeros on every sector --not just the standard format) and then RE-INSTALL WINDOWS.

I certainly would NEVER EVER trust a previously infected computer that hat merely been cleansed by some AV software.

It's moot as to whether its been detected on MSE or not -- if you don't get Viruses in the first place its difficult to find out --

What IS more important is that your computer has been infected and what you should do about it.

Cheers
jimbo
My System SpecsSystem Spec
14 Nov 2010   #10
Airbot

Windows 7 Ultimate x64 SP1
 
 

Quote   Quote: Originally Posted by cheewongken View Post
yeah. its not listed.

I still haven't gotten an answer to my main question though..

Has it been detected on MSE?



Only .atq variants listed for MSE are these 3. So sounds like possibly it hasn't yet.

Encyclopedia Search Results: atq - Learn more about malware - Microsoft Malware Protection Center
My System SpecsSystem Spec
Reply

 Kaspersky: Trojan.Win32.AutoRun.atq. Has it been detected on MSE yet?




Thread Tools





Similar help and support threads
Thread Forum
Trojan.Win32.Jorik.Midhos.axf
I let SuperAntivirus and then Microsoft Security essentials try and take care of the problem. I suspect something is still wrong and I am wondering if some files are missing as the computer is not behaving normally. Any ideas to find out if I am missing part of windows 7 now and if this is...
System Security
Trojan:Win32/FakeSysdef
This computer again: http://www.sevenforums.com/browsers-mail/214851-ie9-32bit-context-menu-fails-w7-pro-64bit.html Here is some of what I know about the box build. I was asked to cleanup the aftermath of this: Encyclopedia entry: Trojan:Win32/FakeSysdef - Learn more about malware -...
System Security
Trojan:Win32/Comroki!rts
Downloaded and ran the Microsoft Safety Scanner and it found this. Trojan:Win32/Comroki!rts Safety Scanner removed so it says. All I found with Google besides sales pitches to buy things is this at MS. Encyclopedia entry: Trojan:Win32/Comroki - Learn more about malware - Microsoft Malware...
System Security
Win32/Lethic is a trojan
MSRT January
Security News
Trojan: Win32/Bumat!rts detected from ImgBurn
So, I was formatting my computer and reinstalling today and I went to the ImgBurn website and downloaded from their "preferred mirror" from BetaNews..it was the 1st mirror listed. Upon install, MSE went off and detected Trojan: Win32/Bumat!rts and stopped it in it's tracks. Another example,...
System Security
Trojan-Downloader.Win32.VB.bbl
I found this awesome virus "Trojan-Downloader.Win32.VB.bbl" and analyzed its behaviour in a VirtualBox and quickly found a weaknes :p It is very hard to remove, it closes antivirus setups and then deletes them, closes all windows containg anything about antivirus tools (even if you google anything...
System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 22:55.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App