Solved MSE finds and removes Trojan three times

bru

New member
Pro User
Local time
10:38 AM
Messages
417
Location
A suburb of Chicago
While on a reputable site for my local newspaper MSE signaled it found TrojanDownloader:JS/Qakbot.H, classifying it as severe. I told it to remove it and it said it succeeded. Ran a Quick Scan right away which came up clean.

12 hours later when I ran CCleaner to clean temp files MSE again found the same Trojan. I had it remove it and it again found it while CCleaner removed the temp files.

So in my history there are three instances of this same Trojan all listed as being removed. Is it really gone?

IF MSE removed the Trojan the first time why did it remain in a temp file? If I had never cleared the temp files using CCleaner it seems to me the Trojan would have remained on my computer. What damage was done in the twelve hours between when MSE initially removed it and it hopefully was removed for good from the temp files?

Is this how MSE is supposed to work? Seems like a flaw if it leaves what it cleans in a temp file? Would a full scan have found the temp file infection?
 

My Computer My Computer

At a glance

Win 7 Home Premium x64Intel Core i3-540 3.07 GHz4 GB (2 X 2) Dual-Channel PC-10600 DDR3 @ 665...Integrated Intel H57
Computer Manufacturer/Model Number
HP p6608f
OS
Win 7 Home Premium x64
CPU
Intel Core i3-540 3.07 GHz
Motherboard
MS-7613 (Iona-GL8E)
Memory
4 GB (2 X 2) Dual-Channel PC-10600 DDR3 @ 665MHz (9-9-9-24)
Graphics Card(s)
Integrated Intel H57
Sound Card
Integrated Realtek ALC888S Audio
Monitor(s) Displays
17" SDM-HS73 (a vestige from my old computer)
Screen Resolution
1280 X 1024
Hard Drives
750GB SATA 7200 RPM
PSU
250W
Keyboard
HP USB keyboard
Mouse
HP USB optical mouse
Internet Speed
15Mbps/1Mbps

My Computer My Computer

At a glance

Windows 7 Ultimate x64I76 x 1.5V DDR3 DIMM sockets supporting up to 2...GeForce GTX 580
Computer Manufacturer/Model Number
Alienware
OS
Windows 7 Ultimate x64
CPU
I7
Motherboard
GA-X58-USB3
Memory
6 x 1.5V DDR3 DIMM sockets supporting up to 24 GB of system
Graphics Card(s)
GeForce GTX 580
Sound Card
Realtek ALC892 codec 2/4/5.1/7.1-channel
Monitor(s) Displays
NEC Display Solutions E321 Black 32"
Screen Resolution
1366 x 768
Hard Drives
OCZ Colossus LT Series OCZSSD2-1CLSLT1T 3.5" 1TB SATA II MLC Internal Solid State Drive
PSU
XFX Black Edition XPS-850W-BES 850W ATX12V
Case
Antec
Cooling
Zalman
Keyboard
Microsoft
Mouse
Microsoft
An MSE quick scan checks the places, processes in the memory, and registry files on your computer's hard disk that malicious software is most likely to infect. A full scan checks all files on the hard disk and all currently running programs.

Unless dealing with a rogue such as HDD Defragmenter, which makes it so that certain folders on your computer display no contents, it is generally recommended to run a temp file cleaner prior to scanning. My current preference is TFC by OldTimer.
 

My Computer My Computer

At a glance

Windows 7 & Windows Vista Ultimate
OS
Windows 7 & Windows Vista Ultimate
Yes it certainly appears to be a nasty one. But I'm pretty confident MSE did it's job properly. Full Scans using MSE, MBAM and SAS in regular and Safe mode all come up clean.

I spoke with MS support and they said that MSE did it's job by initially preventing the Trojan from downloading. They also said it was residing in a temp file waiting for a chance to infect my system but CCleaner and/or MSE also removed it from there (I'm still a bit unsure of this part). Apparently it's a good thing I regularly clean temp files. I'm not sure everyone does.

I have used TFC in the past on another computer. I probably should revisit it. The fact that it hasn't been updated in two years was one reason I was a bit hesistant to install it on my new system.

What is disturbing is that this was a very reputable website. It probably gets thousands if not millions of visitors a day. Who knows how many of them are now infected.

It's truly scary out there. Even safe surfing doesn't mean much anymore.

Crossing fingers that this one is solved. And am happy MSE did it's job.
 

My Computer My Computer

At a glance

Win 7 Home Premium x64Intel Core i3-540 3.07 GHz4 GB (2 X 2) Dual-Channel PC-10600 DDR3 @ 665...Integrated Intel H57
Computer Manufacturer/Model Number
HP p6608f
OS
Win 7 Home Premium x64
CPU
Intel Core i3-540 3.07 GHz
Motherboard
MS-7613 (Iona-GL8E)
Memory
4 GB (2 X 2) Dual-Channel PC-10600 DDR3 @ 665MHz (9-9-9-24)
Graphics Card(s)
Integrated Intel H57
Sound Card
Integrated Realtek ALC888S Audio
Monitor(s) Displays
17" SDM-HS73 (a vestige from my old computer)
Screen Resolution
1280 X 1024
Hard Drives
750GB SATA 7200 RPM
PSU
250W
Keyboard
HP USB keyboard
Mouse
HP USB optical mouse
Internet Speed
15Mbps/1Mbps
For this reason, and this reason alone is why virtualization should be your first line of defense, not MSE. Sandboxie is a great tool to prevent drive-by infections.
 

My Computer My Computer

At a glance

Windows 7 Home Premium x64 SP1
OS
Windows 7 Home Premium x64 SP1
Yes it certainly appears to be a nasty one. But I'm pretty confident MSE did it's job properly. Full Scans using MSE, MBAM and SAS in regular and Safe mode all come up clean.

I spoke with MS support and they said that MSE did it's job by initially preventing the Trojan from downloading. They also said it was residing in a temp file waiting for a chance to infect my system but CCleaner and/or MSE also removed it from there (I'm still a bit unsure of this part). Apparently it's a good thing I regularly clean temp files. I'm not sure everyone does.

I have used TFC in the past on another computer. I probably should revisit it. The fact that it hasn't been updated in two years was one reason I was a bit hesistant to install it on my new system.

What is disturbing is that this was a very reputable website. It probably gets thousands if not millions of visitors a day. Who knows how many of them are now infected.

It's truly scary out there. Even safe surfing doesn't mean much anymore.

Crossing fingers that this one is solved. And am happy MSE did it's job.

That's the whole problem, viz. that it happens with very reputable sites. You would think those people would have their security organized. Apparently not, so you have to do it. I want to repeat here again that e.g. my internet provider
let's me log into my account where i can also change my password (!) on a not encrypted website, although there is also an https webpage at the same time.
That really beats me (why not remove the not encrypted webpage?) and i complained but i only received a silly answer that you have to check it all. So the whole problem is also caused by the people behind the websites.
I personally use CCleaner a few times a day. You can always make a backup and use the restore function should something go wrong. Of course, any good cleaner would do as the one mentioned by Corrine.
The use of sandboxie as DBone suggests is probably the only safe solution and although i am using Linux Mint when i am surfing it's sometimes not convenient, especially since i use Windows Live Mail and want to click on a link that someone (always known to me but who knows...) sends to me. So i have to get that sandboxie. Thanks, DBone, for mentioning it over and over again, not just here.
 
Last edited:

My Computer My Computer

At a glance

Windows 7 Home Premium 32bit, Linux Mint Juli...Intel Celeron 900 @2.2 GHzDDR3 2048 Mbytes
Computer Manufacturer/Model Number
Acer Extensa 5235
OS
Windows 7 Home Premium 32bit, Linux Mint Julia, in dual boot mode
CPU
Intel Celeron 900 @2.2 GHz
Motherboard
Acer BA50-MV(U2E1)
Memory
DDR3 2048 Mbytes
Sound Card
Conexant HD Audio
Back
Top