Jump to content
jammer09

SUPERAnitSpyware found 3 TROJAN DROPPER/GEN HELP PLEASE!

Recommended Posts

Heilsa!

I am working on a friend of mines laptop, an HP Pavilion dv6000 running Windows Vista Home Premium and uninstalled with Norton Removal tool the Norton AV it had on it and the AVG AV running at the same time and placed ZoneAlarm, Avast and SUPERAntiSpyware on it instead. :D

Well, all went well on install of all three and did scan with Avast and it found and quarantined 3 Adware. I then ran a thorough scan with SUPER and it found THREE TROJAN DROPPER/GEN and quarantined them and says it wants to remove them on next boot (restart).

Well my question is this, I have never ran SUPER or any of the three ZoneAlarm, Avast and or SUPER on a Vista machine before and the three quarantined Trojans are in an area I am not sure of, as in removing sure of.

Should I remove these they are in these areas.

The first one is here; C:\USERS\MIGUEL\APPDATA\LOCAL\TEMP\_UNPS.EXE

The second one is here; C:\USERS\MIGUEL\APPDATA\LOCAL\TEMP\WZSE0.TMP\PROGRAM FILES\SIERRA WIRELESS\SWUSBDRIVERS\GENERIC\REMINFS.EXE

The third one is here; C:\USERS\MIGUEL\APPDATA\LOCAL\TEMP\WZSE1.TMP\PROGRAM FILES\SIERRA WIRELESS\SWUSBDRIVERS\GENERIC\REMINFS.EXE

What is throwing me off here is the part "SIERRA WIRELESS\SWUSBDRIVERS", if it hadn't had this or some similar legitimate sounding part to the address I would've already rebooted and let it remove them at will as they are in a TEMP folder.

Can I just remove these? Or are they a legitimate part of this machines wireless setup and or drivers etc...?

And what about that first one_UNPS.EXE it should just be removed no problem I would think being in a TEMP folder like that. I did a couple of cleanings with REVO Uninstaller thought that would've clean those TEMP folders out before the scans, I guess not.

Can anyone help me out here, need to get this machine back to my friend as soon as possible?

Thank you very much!

Share this post


Link to post
Share on other sites

Heilsa!

Can't stay long but here is what you asked for

SUPERAntiSpyware Scan Log

https://www.superantispyware.com

Generated 05/13/2009 at 08:34 AM

Application Version : 4.26.1002

Core Rules Database Version : 3890

Trace Rules Database Version: 1838

Scan type : Complete Scan

Total Scan Time : 02:32:11

Memory items scanned : 694

Memory threats detected : 0

Registry items scanned : 9071

Registry threats detected : 0

File items scanned : 171318

File threats detected : 3

Trojan.Dropper/Gen

C:\USERS\MIGUEL\APPDATA\LOCAL\TEMP\WZSE0.TMP\PROGRAM FILES\SIERRA WIRELESS\SWUSBDRIVERS\GENERIC\REMINFS.EXE

C:\USERS\MIGUEL\APPDATA\LOCAL\TEMP\WZSE1.TMP\PROGRAM FILES\SIERRA WIRELESS\SWUSBDRIVERS\GENERIC\REMINFS.EXE

C:\USERS\MIGUEL\APPDATA\LOCAL\TEMP\_UNPS.EXE

Here is what Avast found and has quarantined

C:\Program Files\HP Connections\6811507\Program\Interop.SHDocVw.dll

C:\Program Files\HP Connections\6811507\Program\HPBWSetup\Interop.SHDocVw.dll

C:\Windows\HPCPCUninstall-6811507\Interop.SHDocVw.dll

Thank you for the very quick response!

Share this post


Link to post
Share on other sites

Heilsa!

Ok, will do. Thank you. Would you care to take a stab at what Avast found or should I ask them?

I will report back as to anything else that goes on, thank you again.

Ves Heill! Farr Heill!

Share this post


Link to post
Share on other sites

Heilsa!

i did what you said, I restored those three files and then did another scan it found only those three files again so I sent off a false positive report on them and then restored them again. I was supposed to restore them again wasnt I?

Concerning those other Adware that Avast found I am on Avast forum going to see what they recommend doing with what Avast found. I couldnt find a section to send or upload any files for analysis there on superantispyware dot com at all. I must be missing something maybe you could give me direct link or an explanation as to how to go about doing that. If you would thtat is.

Thank you for all of your help!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×