NSE did not detect the Dropper Trojan

[whs]

MSE did not detect the Dropper Trojan

A full scan with SAS just revealed that I had the Dropper Trojan on my system. SAS got rid of it.

This despite MSE running all the time and my MSE has all the latest definition updates.

Maybe you want to run a full scan with SAS to make sure.

 

[UsernameIssues]

You did see this thread - right?

http://www.sevenforums.com/system-security/308472-mse-worries-3.html#post2567081

 

[whs]

You did see this thread - right?

http://www.sevenforums.com/system-security/308472-mse-worries-3.html#post2567081

Thanks for pointing that out. I did not remember that thread.

 

[cottonball]

Which Dropper Trojan did you have on the system?

Did MSE or SAS give you more info than just that name?

 

[whs]

This is the name in the SAS log " Trojan.Dropper/Gen-NV "

 

[cottonball]

Any file identified by SAS? It is a good scanner, however, IMO, Malwarebytes is way ahead of the game.

Just to make sure there is nothig 'lurking', let's do the following:

:info: Please go to the Malwarebytes Anti-Malware Download
Save to the Desktop
Double-click the downloaded MBAM file to run it.

When the installation begins, follow the prompts in the setup process.
Do not make any changes to default settings and when the program has finished installing, make sure only the following options are checked:
>Update Malwarebytes’ Anti-Malware
>Launch Malwarebytes’ Anti-Malware
Uncheck:
>Enable free trial of Malwarebytes Anti-Malware PRO
Click on the Finish button.

If an update is found, the program automatically updates itself.
At the program console, on the Scanner tab, and select: Perform Quick Scan

Next, click on the Scan button.

When the Malwarebytes scan is completed, click on: Show Results
When presented with a screen showing the malware detected, make sure everything is Checked, and click on: Remove Selected

When removal is completed, a report opens in Notepad.

:ar: Please copy/paste the entire contents of the MBAM report in your reply.

Note: If MBAM encounters a file that is difficult to remove, you are asked to reboot the computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) prevents MBAM from removing all the malware.

 

[whs]

They look like tracking cookies to me. What do you think ??

Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 7
HKCR\AppID\{F85FA3F2-D2C8-4D4D-BB1C-3181E691AF2B} (PUP.FaceThemes) -> Quarantined and deleted successfully.
HKCR\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199} (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08} (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> Quarantined and deleted successfully.
HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> Quarantined and deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings (PUP.Optional.BProtector.A) -> Quarantined and deleted successfully.
Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{977AE9CC-AF83-45E8-9E03-E2798216E2D5} (PUP.Optional.Iminent.A) -> Data: -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{977AE9CC-AF83-45E8-9E03-E2798216E2D5} (PUP.Optional.Iminent.A) -> Data: Ìéz—ƒ¯èEžây‚âÕ -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 1
C:\Users\whs\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
Files Detected: 2
C:\Users\whs\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\whs\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences (PUP.Optional.BProtector.A) -> Quarantined and deleted successfully.
(end)

 

[cottonball]

PUPs - indicates a Potentially Unwanted Program.
A program that contains adware, installs toolbars, or has other unclear objectives.

You may want to download AdwCleaner to the Desktop.
http://www.bleepingcomputer.com/download/adwcleaner/
•Close all open programs and internet browsers.
•Double-click on AdwCleaner.exe to run the tool.
•Click the Scan button and wait for the process to complete.

If you find entries or programs you wish to keep, please uncheck them.

Click on the Clean button to remove the rest, and follow the prompts.

Once done, press the Uninstall button to remove the program.
If, down the road, you need to use this program again, it is bet to download a new/updated copy.

 

[whs]

I get those tracking cookies a lot. Sometimesd SAS finds over 100 in 3 day intervals.

 

[cottonball]

I call SAS the 'Cookie Monster'!!

 

[whs]

That is certainly true. But it found the trojan too which MSE missed.