martedì 22 novembre 2011

Persistent Trojan

Q: My computer crashed with error Bccode;100008e BCP1;C000001d BCP2;845B1609 BCP3:844D6BC8 BCP4:00000000  05Ver:5_1_2600   SP:3_0 Product: 768_1. On running a scan I found Trojan AGENT/GEN and Trojan AGENT DROPPER/CCOC.

I ran SUPERAntiSpyware through in Safe Mode and normal mode and deleted restore points as suggested in your magazine. I also deleted all temp folders as instructed. But computer remained unusable so I did a recover from the hidden partion. I ran SUPERAntiSpyware again and it still picked up AGENT/GEN. Norton Internet Security 2010 keeps getting turned off and I can only turn it back on by rebooting, I have no other programs installed. Should I have reinstalled using the four recovery disks?

A: Agent/Gen is a generic detection for a Trojan program that drops a malicious payload on the PC. It will usually place a .exe file in the Startup folder and a .dll in the Windows\System32 folder, it will also add registry entries to enable it to run when Windows starts and will try to shut down security programs.

The problem with tracking down malware like this is that it uses randomly generated file names so it’s hard to spot if you’re trying to delete the files manually. Running a malware scan in Safe Mode should ensure that the files aren’t in use and can therefore be removed by the scan program. Removing restore points and temporary files should also be carried out in Safe Mode to ensure that the Trojan can’t sneak back in at a restart. It’s worth running an online scan using something like TrendMicro HouseCall to get a second opinion when you reboot to normal mode after removal.

Restoring the system from a hidden recovery partition probably doesn’t so a complete reinstall, so there is a chance that the malware may still be lurking on your PC. Using the recovery discs should do a complete reinstall and format the disc, but you will need to reinstall any other software and make sure you have a backup of your important files.

You can use an online scanner such as HouseCall to verify virus detections You can use an online scanner such as HouseCall to verify virus detections

Originally featured in PCU134


Nessun commento:

Posta un commento