Trojan Alert

#1
Hi ! I just got this while on this forum. I'm thinking maybe some thing going on here. I didn't have any thing open except Windows Forum.
Might be worth a look! This is the second warning I have gotten. One was from Google and I also reported it
Here you go. WD just stopped this Trojan!
Capture48.JPG
 


#2
Here's the bottom line. Not much scares this old country boy, but I think I'll log off the forum until I get someones attention here.
There's some thing going on here. The last time I saw these things was when the Chinese was trying to hack me. That was many moons ago.
They tried 720+ times and never succeeded. Not my first Rodeo! I've seen similar things happen while logged on to help forums!
BYE!
 


#3
I am not experiencing the same issues with this site.
Will report if I do.
 


RichM

Active Member
#4
It's real Gary and it is not the easiest to remove though WD does remove it and it may come back.
Remember a Trojan is a doorway but to do damage it needs something else to come in with it. I would run
Mbam Anti rootkit to be sure there is nothing else there.
http://answers.microsoft.com/en-us/...n-kovter/e47fe06a-5d88-4a36-b03e-ca7425d86ce5
 


#5
The question is "Where did it come from" We've been talking on this thread about malware and infections and bam, I get hit with a Trojan.
That's is a little strange, don't you think? I'm not trying to cause panic here. I'm just trying to get someones attention.
I'm setting on the forum with no other pages open and WD pops up with a warning that it has just stopped a potential threat to my computer . Maybe I am over excited! How do you explain this?? I'm reading the recent replies on this thread and nothing else, and that happens. I just ran MBAM Anti-Rootkit. If you read all this thread, you will see it found nothing. It says this was a Trojan. Why would I run a rootkit scan? I'm not infected because WD stopped this.
Do you have a answer?? Your the big malware King. What's going on??
 


Last edited:
#6
Here you go @RichM No malware ! What's next??
Capture48.JPG
 


RichM

Active Member
#7
I told you the Trojan is the "doorway" Gary but by itself it cannot really do anything so the real danger is what came through the doorway and that is why I suggested you run a rootkit scan. Needless to say run Mbam AntiMalware scan also or Rogue Killer or both.
As to why it was there, you do realize that when you see it is not necessarily when it entered and usually you won't see the infection until it is thoroughly planted in your system which means it could have entered at anytime so no reason to assume it came from this forum. An infection can lay anywhere at any site.
 


#8
I'm doing a rootkit scan at the moment. What your saying is this Trojan was just setting there on my PC; and WD just now, while I'm setting on this forum decided to find it, warn me, and then stop this Trojan. You say no reason to assume it came from here and then you say it can lay anywhere at any site. I'm totally confused. I haven't been to any other site. Are you saying my PC could get infected and WD may wait a week to inform me that I'm infected. I have some real cheap bridges for sale! How many do you want??
Thanks for your help, but this is the first time I have ever heard these things and I have been on more help forums than the law allows.
I will post the rootkit scan and MBAM. Are there any more scans I should run??
Why did you blame a rootkit and was your first choice to run??
 


Axel PC

Well-Known Member
#9
@holdum333 I didn't get any kind of trojan or virus warnings from my AV, Kaspersky. Yeah what @RichM is saying is right. That trojan could have been sitting on your system for a while, recently, etc. and Windows Defender just detected it.I think WD is fine, but only for when you're just coming off a clean install or purchasing a brand new machine. And you have it for just downloading your main antivirus and malware protection. I don't like it for main AV protection, as it's just not the best for zero day. And I would venture to say further that it's almost bad for Microsoft to come out and make a great AV because that's a business threat to all the other AV companies out there. Then we start getting back into the early 90's Microsoft vs web browsers law suit type stuff. But that's going a bit off topic here.

Man I'd personally recommend you go with a more robust AV like Bitdefender or Kaspersky. Their zero day protection is fantastic! And have tons of features to tweak that WD just doesn't. And you seem like the type that likes to delve into all the tweaking.

Here's a great YouTube channel that does testing of all the major/minor and free malware software out there. He did a test of Windows Defender back in 2015.

 


#10
My thinking is that WD and MBAM pro are running in real time monitoring my PC, and when a threat is detected they will warn me and quarantine the threat at that time, not a week later or even a hour later. I could be very wrong. It wouldn't be the first time, but it would be some thing I have never heard of before! Here you go Rich. What do you want next. Maybe a ESET on line scan.
I'm not trying to scare anyone here. I'm trying my best to notify the staff and report what is happening.
 


#11
I have just finished a rootkit scan and it came up clear, but won't let me attach the screen shot. What could be the reason for that?
What is going on?
 


Neemobeer

Windows Forum Team
Staff member
#12
Did you look in the quarantine to see what it blocked?
 


#13
Did you look in the quarantine to see what it blocked?
Yes sir!The forum will not allow me to attach any Screen shots, so I can't show you. I don't know what's going on??
I already posted the Trojan before. Thanks for your reply!
 


#14
What do you want me to do next. MBAM rootkit showed clear. I'm now running MBAM Pro! OK I can now attach screen shots. This is crazy Sxxxx!
 


Attachments

Neemobeer

Windows Forum Team
Staff member
#15
Unless you have network monitoring you'll probably not be able to determine where it came from.
 


Neemobeer

Windows Forum Team
Staff member
#16
If you didn't delete the trojan can you zip it and upload it here? It should be in C:\ProgramData\Microsoft\Windows Defender\LocalCopy
 


#17
Unless you have network monitoring you'll probably not be able to determine where it came from.
I just want it gone. I really don't care where it came from. I'm not trying to blame this forum. This is the first time I have ever seen a Trojan and I just wanted to report it. It happened while I was on this forum. I have never heard of a Trojan laying dormant and then popping up later.
I guess I'm learning some thing new. For awhile I couldn't attach screen shots and now I can. I do not have a freaking clue what's going on.
You want me to do some thing; Just tell me and I'll try to get it done!!
MBAM is almost through. I will try to attach a screen shot when it's done.
 


#18
If you didn't delete the trojan can you zip it and upload it here? It should be in C:\ProgramData\Microsoft\Windows Defender\LocalCopy
Hi friend the screen shot is in reply #48. Thanks for helping. This is driving me crazy!
 


Neemobeer

Windows Forum Team
Staff member
#19
Well it's already quarantined so, just check the box and select remove
 


#20
Hy guys Thanks for helping! Here's MBAM scan no threats found! Before this site would not allow me to attach any screen shoots and now it does. What's next friends??
Capture48.JPG
 


This website is not affiliated, owned, or endorsed by Microsoft Corporation. It is a member of the Microsoft Partner Program.