Jump to content
gearyboy

Cannot remove trojan backdoor Jan 12

Recommended Posts

Hi there

Like a couple of other users on this forum, have come across a backdoor agent that none of the programs I've tried so far seem to completely remove. (It's the one in that ends up in the registry)

Below is a copy of the scan log from one of my original attempts using your Pro trial software. Each time I delete it using the SAS software, another scan reveals it's still there, albeit with a slightly different title - at least SAS spots it, other software tried doesnt even tell me it's there! Same trojan tho. Not sure if it's a coincidence but my AVG won't function properly and Microsoft Security Essentials and Windows Firewall are unable to start or be updated (window updates fail too).

Might there be a diagnostic solution to this one? Running out of possible ideas for getting rid of it, hope you can help!

SUPERAntiSpyware Scan Log

https://www.superantispyware.com

Generated 01/11/2012 at 04:58 PM

Application Version : 5.0.1142

Core Rules Database Version : 8121

Trace Rules Database Version: 5933

Scan type : Quick Scan

Total Scan Time : 00:08:11

Operating System Information

Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)

UAC On - Limited User (Administrator User)

Memory items scanned : 749

Memory threats detected : 0

Registry items scanned : 64823

Registry threats detected : 1

File items scanned : 8003

File threats detected : 0

Malware.Trace

HKU\S-1-5-21-210253645-849558031-2135496171-1000\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON#SHELL

Thanks in advance!

Matthew

Share this post


Link to post
Share on other sites

Hi there

Like a couple of other users on this forum, have come across a backdoor agent that none of the programs I've tried so far seem to completely remove. (It's the one in that ends up in the registry)

Below is a copy of the scan log from one of my original attempts using your Pro trial software. Each time I delete it using the SAS software, another scan reveals it's still there, albeit with a slightly different title - at least SAS spots it, other software tried doesnt even tell me it's there! Same trojan tho. Not sure if it's a coincidence but my AVG won't function properly and Microsoft Security Essentials and Windows Firewall are unable to start or be updated (window updates fail too).

Might there be a diagnostic solution to this one? Running out of possible ideas for getting rid of it, hope you can help!

SUPERAntiSpyware Scan Log

https://www.superantispyware.com

Generated 01/11/2012 at 04:58 PM

Application Version : 5.0.1142

Core Rules Database Version : 8121

Trace Rules Database Version: 5933

Scan type : Quick Scan

Total Scan Time : 00:08:11

Operating System Information

Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)

UAC On - Limited User (Administrator User)

Memory items scanned : 749

Memory threats detected : 0

Registry items scanned : 64823

Registry threats detected : 1

File items scanned : 8003

File threats detected : 0

Malware.Trace

HKU\S-1-5-21-210253645-849558031-2135496171-1000\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON#SHELL

Thanks in advance!

Matthew

Is there a solution yet?

Share this post


Link to post
Share on other sites

Hi Matthew,

Create a ticket at www.superantispyware.com/csr so I can send you a diagnostic and we can check out the shell value.

Hi,

I have a similar problem with this WINLOGON shell. Am using AVAST which Action Center could not see and my research led me to this forum. I created a ticket so hopefully you can help.

Larry

Share this post


Link to post
Share on other sites

Hi Gearyboy and others ,

If its a reappearing trojan the best thing to do would be to momentarily turn off System Restore, then run SAS in safe mode, restart, re-run SAS if no trojans are found turn on System Restore and run SAS one last time.

Share this post


Link to post
Share on other sites

Thanks for the tip GuiltySpark but unfortunately this malware just keeps on coming back. I tried several times with protection off but as soon as I log on the malware is created everytime.

I did open a ticket and had SAS customer care look at it and after running some diagnostics they say they cannot find anything wrong. They advise to put it on the "Trust/allow" list. Not sure I like this idea to much but then again I am no expert. Is this what they call a false positive?

Regarding symptoms of this particular reported Malware I have no idea of what to look out for. Everything appears to be normal but is it really. If anybody else has this particular problem and is is aware of acute symptoms then perhaps they can share them.

I would like to get to the bottom of this and understand what happened so I can have confidence in my use of it. All advise appreciated.

Thanks,

Share this post


Link to post
Share on other sites

Kilraha ,

I understand your concern however if SAS customer... say it's nothing to worry about then you may have to accept this, just make sure you have a decent Anti Virus program running Real time protection and with a built in Behaviour monitor.

Share this post


Link to post
Share on other sites

GuiltySpark, I fell happy enough about accepting it ..... cause I actually believe this happened sometime ago. I came across the Malware by accident when researching an issue with Action Center not detecting my AV (this is how I came by SuperAntiSpyware) so I thing its been there for some time.

I user Avast and I'm happy with that too. solved the Action Center problem by using Avast uninstall tool and re-installing again.

All the same I'll continue to research as I learning quiet a bit too and that's not a bad thing now is it:).

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×