Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: MSE finds and removes Trojan three times

04 Sep 2011   #1
bru

Win 7 Home Premium x64
 
 
MSE finds and removes Trojan three times

While on a reputable site for my local newspaper MSE signaled it found TrojanDownloader:JS/Qakbot.H, classifying it as severe. I told it to remove it and it said it succeeded. Ran a Quick Scan right away which came up clean.

12 hours later when I ran CCleaner to clean temp files MSE again found the same Trojan. I had it remove it and it again found it while CCleaner removed the temp files.

So in my history there are three instances of this same Trojan all listed as being removed. Is it really gone?

IF MSE removed the Trojan the first time why did it remain in a temp file? If I had never cleared the temp files using CCleaner it seems to me the Trojan would have remained on my computer. What damage was done in the twelve hours between when MSE initially removed it and it hopefully was removed for good from the temp files?

Is this how MSE is supposed to work? Seems like a flaw if it leaves what it cleans in a temp file? Would a full scan have found the temp file infection?


My System SpecsSystem Spec
.
04 Sep 2011   #2
seth500

Windows 7 Ultimate x64
 
 

I found this info on the trojan I would be changing passwords and such:
Backdoor.Qakbot.H - malware that steals everything | help.artaro.eu

Removal:
Remove Qakbot, W32.Qakbot removal tutorial

I believe it may still be on your system and I would download malwarebytes and run a full sweep of the system after a full update bru.
My System SpecsSystem Spec
04 Sep 2011   #3
Corrine

Windows 7 & Windows Vista Ultimate
 
 

An MSE quick scan checks the places, processes in the memory, and registry files on your computer's hard disk that malicious software is most likely to infect. A full scan checks all files on the hard disk and all currently running programs.

Unless dealing with a rogue such as HDD Defragmenter, which makes it so that certain folders on your computer display no contents, it is generally recommended to run a temp file cleaner prior to scanning. My current preference is TFC by OldTimer.
My System SpecsSystem Spec
.

04 Sep 2011   #4
bru

Win 7 Home Premium x64
 
 

Yes it certainly appears to be a nasty one. But I'm pretty confident MSE did it's job properly. Full Scans using MSE, MBAM and SAS in regular and Safe mode all come up clean.

I spoke with MS support and they said that MSE did it's job by initially preventing the Trojan from downloading. They also said it was residing in a temp file waiting for a chance to infect my system but CCleaner and/or MSE also removed it from there (I'm still a bit unsure of this part). Apparently it's a good thing I regularly clean temp files. I'm not sure everyone does.

I have used TFC in the past on another computer. I probably should revisit it. The fact that it hasn't been updated in two years was one reason I was a bit hesistant to install it on my new system.

What is disturbing is that this was a very reputable website. It probably gets thousands if not millions of visitors a day. Who knows how many of them are now infected.

It's truly scary out there. Even safe surfing doesn't mean much anymore.

Crossing fingers that this one is solved. And am happy MSE did it's job.
My System SpecsSystem Spec
04 Sep 2011   #5
DBone

Windows 7 Home Premium x64 SP1
 
 

For this reason, and this reason alone is why virtualization should be your first line of defense, not MSE. Sandboxie is a great tool to prevent drive-by infections.
My System SpecsSystem Spec
15 Sep 2011   #6
FranzB

Windows 7 Home Premium 32bit, Linux Mint Julia, in dual boot mode
 
 

Quote   Quote: Originally Posted by bru View Post
Yes it certainly appears to be a nasty one. But I'm pretty confident MSE did it's job properly. Full Scans using MSE, MBAM and SAS in regular and Safe mode all come up clean.

I spoke with MS support and they said that MSE did it's job by initially preventing the Trojan from downloading. They also said it was residing in a temp file waiting for a chance to infect my system but CCleaner and/or MSE also removed it from there (I'm still a bit unsure of this part). Apparently it's a good thing I regularly clean temp files. I'm not sure everyone does.

I have used TFC in the past on another computer. I probably should revisit it. The fact that it hasn't been updated in two years was one reason I was a bit hesistant to install it on my new system.

What is disturbing is that this was a very reputable website. It probably gets thousands if not millions of visitors a day. Who knows how many of them are now infected.

It's truly scary out there. Even safe surfing doesn't mean much anymore.

Crossing fingers that this one is solved. And am happy MSE did it's job.
That's the whole problem, viz. that it happens with very reputable sites. You would think those people would have their security organized. Apparently not, so you have to do it. I want to repeat here again that e.g. my internet provider
let's me log into my account where i can also change my password (!) on a not encrypted website, although there is also an https webpage at the same time.
That really beats me (why not remove the not encrypted webpage?) and i complained but i only received a silly answer that you have to check it all. So the whole problem is also caused by the people behind the websites.
I personally use CCleaner a few times a day. You can always make a backup and use the restore function should something go wrong. Of course, any good cleaner would do as the one mentioned by Corrine.
The use of sandboxie as DBone suggests is probably the only safe solution and although i am using Linux Mint when i am surfing it's sometimes not convenient, especially since i use Windows Live Mail and want to click on a link that someone (always known to me but who knows...) sends to me. So i have to get that sandboxie. Thanks, DBone, for mentioning it over and over again, not just here.
My System SpecsSystem Spec
Reply

 MSE finds and removes Trojan three times




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Activation product key removes on disable
On the laptop Im using, I had activated the product ok when the LAN was enabled in the BIOS but when I disabled the LAN in the BIOS the activation product key asks to be activated again with the 3 days, does any body have an idea or work round to this issue? The operating system loaded in Win 7...
Windows Updates & Activation
PC Reverts to Old Settings and removes any changes after EVERY reboot
Good morning, I'm having an issue with a Windows 7 | 64Bit PC that I've been unable to resolve after several days of continuous troubleshooting. The computer is for a customer and was put together by their former IT guy so it'll be difficult to elaborate on various hardware components if asked;...
General Discussion
Trojan called 'Trojan.Generic.2582177' on my system
Hi, I have Window7 Ultimate 64 bit on my system. I use Bitfender as my antivirus software. This morning it informed me that it has found a file infected with a virus called 'Trojan.Generic.2582177' which it cannot clean. I've contacted Bitfender to see if they know what I should do but haven't...
System Security
PS3 finds music, finds playlists but not the music in them
As the title says, I turned my ps3 on for the first time in a good month or more tonight, planning to stream music and just have a relaxing night, but lo and behold its not working for me. I can see all my music, I can see my playlists as folders, but when i try to go into these folders, it...
Music, Pictures & Video
System restore removes malware?
Hello! Does a system restore disc or USB removes malware or any viruses? Thank you
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 02:14.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App