Kaspersky: Trojan.Win32.AutoRun.atq. Has it been detected on MSE yet?

Page 1 of 2 12 LastLast

  1. cheewongken
    Posts : 56
    Windows 7 Ultimate 64 bit
       New #1

    Kaspersky: Trojan.Win32.AutoRun.atq. Has it been detected on MSE yet?


    Hey again guys..

    This time its a virus problem I'm having. A friend of mine (A) who uses KAV2011 detected this (Trojan.Win32.AutoRun.atq) on his thumbdrive. His thumbdrive was passed to me, which i passed to another friend of mine (B), who passed it back to him.

    A uses KAV2011 and no anti-malware and is on 32 bit (OS unknown)
    B uses Mcafee (just uninstalled) and MSE and Malwarebytes, on Win 7 x64

    I use MSE as my main protection with Malwarebytes and Spybot S&D as scanners while using Win 7 32 bit

    I haven't scanned my computer since using the thumbdrive and I plan to do so when i get home tomorrow.

    But right now I've spoken to B who've just done a partial scan with Mcafee, full scan with MSE and MBAM, with no results. Definitions were updated.

    This is why I was wondering, has the trojan been detected by MSE or MBAM yet?

    According to Kaspersky's site, they've detected it since Nov 09 (Trojan.Win32.AutoRun.atq - Securelist)

    And as a site note, what does the trojan do to the computer anyway?

    Anyway, thanks for all your time.
      My Computer
    Quote Quote

  3. Jacee
    Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       New #2

    That drive needs to be disinfected!! http://download.bleepingcomputer.com...isinfector.exe

    *** Note: Be sure to insert your flashdrives before you begin!
    Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
    The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
    Wait until it has finished scanning and then exit the program.
    Reboot your computer when done.
    Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.

    PS ... my antivirus was claiming that a virus wanted access to my computer when I clicked on the disinfector link. It's a direct download, and it's safe!
      My Computer
    Quote Quote

  4. cheewongken
    Posts : 56
    Windows 7 Ultimate 64 bit
    Thread Starter
       New #3

    The thing is, the thumb's his and his AV managed to remove it successfully? I don't think I need it... All i'm worried about is the uncertainty if I, or B has it since MSE and MBAM had no results on B's computer.
      My Computer
    Quote Quote

  6. Jacee
    Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       New #4

    .Win32.AutoRun.atq is Backdoor.SDBot. This means that it is a password stealer, plus the worm provides an attacker remote access to the affected machine, and may also steal sensitive information and initiate Denial of Service attacks.
      My Computer
    Quote Quote

  7. erica647
    Posts : 76
    windows 7 Ultimate x64
       New #5

    Encyclopedia entry: Trojan:Win32/Autorun - Learn more about malware - Microsoft Malware Protection Center
      My Computer
    Quote Quote

  8. cheewongken
    Posts : 56
    Windows 7 Ultimate 64 bit
    Thread Starter
       New #6

    erica647 said:
    Encyclopedia entry: Trojan:Win32/Autorun - Learn more about malware - Microsoft Malware Protection Center
    I saw that one already, but the one i posted above seems to be quite new. But guessing from that page, the new atp variant isn't detected yet?
      My Computer
    Quote Quote

  10. Jacee
    Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       New #7

    Did you see this? Browse the malware encyclopedia - Learn more about malware - Microsoft Malware Protection Center
      My Computer
    Quote Quote

  11. cheewongken
    Posts : 56
    Windows 7 Ultimate 64 bit
    Thread Starter
       New #8

    yeah. its not listed.

    I still haven't gotten an answer to my main question though..

    Has it been detected on MSE?
      My Computer
    Quote Quote

  12. jimbo45
    Posts : 5,941
    Linux CENTOS 7 / various Windows OS'es and servers
       New #9

    Hi there
    Since ANY AV software can NEVER be guaranteed to be 100% effective how can you assume that a VIRUS REMOVER is also 100% effective.

    Especially for something like a password stealer -- I would have NO hesitation here about either doing a COMPLETE RESTORE of a KNOWN clean system backup or a COMPLETE DISK FORMAT via security erase ( write Binary zeros on every sector --not just the standard format) and then RE-INSTALL WINDOWS.

    I certainly would NEVER EVER trust a previously infected computer that hat merely been cleansed by some AV software.

    It's moot as to whether its been detected on MSE or not -- if you don't get Viruses in the first place its difficult to find out --

    What IS more important is that your computer has been infected and what you should do about it.

    Cheers
    jimbo
      My Computer
    Quote Quote

  13. Airbot
    Posts : 18,404
    Windows 7 Ultimate x64 SP1
       New #10

    cheewongken said:
    yeah. its not listed.

    I still haven't gotten an answer to my main question though..

    Has it been detected on MSE?



    Only .atq variants listed for MSE are these 3. So sounds like possibly it hasn't yet.

    Encyclopedia Search Results: atq - Learn more about malware - Microsoft Malware Protection Center
      My Computer
    Quote Quote

 
Page 1 of 2 12 LastLast

  Related Discussions
Trojan:Win32/FakeSysdef
in System Security

This computer again: https://www.sevenforums.com/browsers-mail/214851-ie9-32bit-context-menu-fails-w7-pro-64bit.html Here is some of what I know about the box build. 220154 I was asked to cleanup the aftermath of this: Encyclopedia entry: Trojan:Win32/FakeSysdef - Learn more about...
Trojan:Win32/Comroki!rts
in System Security

Downloaded and ran the Microsoft Safety Scanner and it found this. Trojan:Win32/Comroki!rts Safety Scanner removed so it says. All I found with Google besides sales pitches to buy things is this at MS. Encyclopedia entry: Trojan:Win32/Comroki - Learn more about malware - Microsoft Malware...
So, I was formatting my computer and reinstalling today and I went to the ImgBurn website and downloaded from their "preferred mirror" from BetaNews..it was the 1st mirror listed. Upon install, MSE went off and detected Trojan: Win32/Bumat!rts and stopped it in it's tracks. Another example,...
I found this awesome virus "Trojan-Downloader.Win32.VB.bbl" and analyzed its behaviour in a VirtualBox and quickly found a weaknes :p It is very hard to remove, it closes antivirus setups and then deletes them, closes all windows containg anything about antivirus tools (even if you google anything...
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 04:52.
Find Us