Page 1 of 4 123 ... LastLast
Results 1 to 15 of 48
  1. #1
    Lounger
    Join Date
    Sep 2010
    Location
    Canberra, ACT, Australia
    Posts
    30
    Thanks
    7
    Thanked 0 Times in 0 Posts

    Trojans keep appearing in Window Defender AND weird behaviour

    Hi

    Had Windows 10 clean installed mid April. It reduced boot time. ran faster and
    prevented most crashes. Still trying to bed it in in between major
    personal challenges.

    Do frequent definition updates and full scans. Details show affected
    files in my email {Eudora) current attachment folder or one briefly
    used after re-installation, both on drive E.

    Extensive Googling turns up what I suspect are removal scans but
    nothing on recurring infection without quarantining on arrival.

    Worrying intermittent events include:

    Can't update virus definitions (fixed with SLOW system restore)
    Trojan showing only once as quarantined before scan (at end of scan with only browser obviously open)
    Possible unexpected rebooting.

    I wonder if:

    Defender removal has been incomplete OR
    New notifications are false alarms

    Are others having similar issues?

  2. #2
    WS Lounge VIP
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    8,203
    Thanks
    49
    Thanked 989 Times in 919 Posts
    I think a fresh scan would be a good starting point. Try the Panda online USB scanner.

    cheers, Paul

  3. #3
    Lounger
    Join Date
    Sep 2010
    Location
    Canberra, ACT, Australia
    Posts
    30
    Thanks
    7
    Thanked 0 Times in 0 Posts
    Thanks fo responding.

    I agree an alternate scan would be useful

    However I checked the Panda site to be told it uses cookies if you browse or close the page, which concerns me.

    What alternate checker is effective and beyond reproach?

    And I would like to know of other reports of trojans reappearing.

  4. #4
    Super Moderator
    Join Date
    Aug 2012
    Location
    Durham UK
    Posts
    6,645
    Thanks
    147
    Thanked 884 Times in 845 Posts
    Kaspersky Rescue Disk, perhaps created on another machine.

    http://support.kaspersky.co.uk/viruses/rescuedisk

  5. #5
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    4,492
    Thanks
    284
    Thanked 577 Times in 480 Posts
    You think you have a trojan infection but you're worried by a cookie - sheesh...

    Whichever scanner you use, please post the results of the scan(s).

  6. #6
    Lounger
    Join Date
    Sep 2010
    Location
    Canberra, ACT, Australia
    Posts
    30
    Thanks
    7
    Thanked 0 Times in 0 Posts
    Not worried by using cookies but by having them imposed without consent.

  7. #7
    Lounger
    Join Date
    Sep 2010
    Location
    Canberra, ACT, Australia
    Posts
    30
    Thanks
    7
    Thanked 0 Times in 0 Posts
    Thanks. I'll try that tomorrow.

  8. #8
    Super Moderator
    Join Date
    Aug 2012
    Location
    Durham UK
    Posts
    6,645
    Thanks
    147
    Thanked 884 Times in 845 Posts
    System requirements only go up to Win 8 and Server 2012 but I think it will be okay to scan Win 10 outside of Windows.

  9. #9
    Lounger
    Join Date
    Sep 2010
    Location
    Canberra, ACT, Australia
    Posts
    30
    Thanks
    7
    Thanked 0 Times in 0 Posts
    May I have a Windows 10 scanning suggestion?

  10. #10
    4 Star Lounger
    Join Date
    Dec 2009
    Location
    Paducah, Kentucky
    Posts
    430
    Thanks
    40
    Thanked 69 Times in 66 Posts
    #alexamac -- When you said,
    "Defender removal has been incomplete OR
    New notifications are false alarms"
    Were you saying that you have removed something using Windows Defender?

    You asked, "May I have a Windows 10 scanning suggestion?".
    Other posters have suggested Panda and Kaspersky. If you don't like either of those, you can perform an online search (Google, DuckDuckGo, etc.) and find several more scanning options available.

    And IMHO, since you think you've gotten a trojan, to object to the creation of a cookie (which you can certainly delete afterward) is like the old saying about "strain at a gnat, and swallow a camel". Personally, if I suspected that my computer had a trojan (or any other kind of malware) I'd be very eager to confirm or deny that. (I certainly wouldn't care about receiving a simple cookie in the process.)

  11. The Following User Says Thank You to RockE For This Useful Post:

    satrow (2016-05-28)

  12. #11
    Lounger
    Join Date
    Sep 2010
    Location
    Canberra, ACT, Australia
    Posts
    30
    Thanks
    7
    Thanked 0 Times in 0 Posts
    Defender keeps telling me I have 1 or 2 of 3 or 4. Removes them. They come back. Repeat.

    As I said earlier, my objection to Panda is that it essentially tells you that no matter what you do or don't do it's going to put a cookie on your computer. I find that alarming as a way to operate. I haven't heard of them. I am already battling so many challenges that I don't want to be bothered trying to work out how to remove the cookie at this time.

    I am also concerned if Kaspersky is not suited for windows 10. I have heard of them so would be willing to use them.

    I have already spent many hours using Google to try to track down what may be going on here and the information is inconsistent or unconvincing. I came to Windows Secrets in the hope that I would get authoritative advice.

    I suspect that it could have got in, by my error, during the intense period after I installed Windows 10 In mid April and had to do a full installation of all programs. Generally, I am scrupulous about not clicking on executable files or downloading programs that may be suspect. I update Defender definitions daily and use Malwarebytes Premium.

    I am extremely concerned at the idea that I have a Trojan and am looking for a solution.

    I particularly come back to my original question: have there been any reports of misleading Defender reports about Trojan viruses?

  13. #12
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    4,492
    Thanks
    284
    Thanked 577 Times in 480 Posts
    All AVs have false positives from time to time, can you access the details from Defender for us to look at?

  14. #13
    Lounger
    Join Date
    Sep 2010
    Location
    Canberra, ACT, Australia
    Posts
    30
    Thanks
    7
    Thanked 0 Times in 0 Posts
    Defender keeps telling me I have 1 or 2 of 3 or 4. Removes them. They come back. Repeat.

    As I said earlier, my objection to Panda is that it essentially tells you that no matter what you do or don't do it's going to put a cookie on your computer. I find that alarming as a way to operate. I haven't heard of them. I am already battling so many challenges that I don't want to be bothered trying to work out how to remove the cookie at this time.

    I am also concerned if Kaspersky is not suited for windows 10. I have heard of them so would be willing to use them.

    I have already spent many hours using Google to try to track down what may be going on here and the information is inconsistent or unconvincing. I came to Windows Secrets in the hope that I would get authoritative advice.

    I suspect that it could have got in, by my error, during the intense period after I installed Windows 10 In mid April and had to do a full installation of all programs. Generally, I am scrupulous about not clicking on executable files or downloading programs that may be suspect. I update Defender definitions daily and use Malwarebytes Premium.

    I am extremely concerned at the idea that I have a Trojan and am looking for a solution.

    I particularly come back to my original question: have there been any reports of misleading Defender reports about Trojan viruses?


    Latest Defender report:

    "Category: Trojan Dropper
    097M/DOonoff
    27/5/2016
    Severe

    Description: This program is dangerous and installs other programs.

    Recommended action: Remove this software immediately.

    Items:
    containerfile:E:\Changing Files\Eudora 2016\Eudora Data\ATTACH\2015-25-05_0048.docm
    containerfile:E:\Changing Files\Eudora 2016\Eudora Data\ATTACH\2015-25-05_797739.docm
    file:E:\Changing Files\Eudora 2016\Eudora Data\ATTACH\2015-25-05_0048.docm->word/vbaProject.bin
    file:E:\Changing Files\Eudora 2016\Eudora Data\ATTACH\2015-25-05_797739.docm->word/vbaProject.bin"

    The ATTACH folder was in use soon after installingWindows 10 but hasn't been for many weeks. However earlier reports have sometimes pointed to the relevant current folder.

  15. #14
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    4,492
    Thanks
    284
    Thanked 577 Times in 480 Posts
    You need to delete the affected emails from within Eudora (those from 2015-25-05 that have those Word Macro attachments) and then clean up the email folder (completely remove deleted items + compress the folder). Close Eudora, use webmail to delete the same infected emails from the server.

    Quote Originally Posted by alexamac View Post
    I particularly come back to my original question: have there been any reports of misleading Defender reports about Trojan viruses?
    All AVs have false positives from time to time

  16. #15
    Lounger
    Join Date
    Sep 2010
    Location
    Canberra, ACT, Australia
    Posts
    30
    Thanks
    7
    Thanked 0 Times in 0 Posts
    I have deleted the most recent files in the attachment folder and the email that they may have come with (the time was out by exactly one hour which could have been an error of time stamping). I couldn't find any emails with the right time for the previous lot of files so was only able to delete the files in the attachment folder.

    I had some information about earlier Trojans but those files were gone from the attachment folders and from the emails.

    I have compressed the folders.

    My web mail didn't have any attachment shown for the email I thought the most recent one had come from. Nor were there any emails for the time of the next most recent one. It looks like earlier ones had been deleted by Defender.

    This is all on the assumption that they were just coming in at the time stamp of the files rather than being put there by a Trojan downloaded at some earlier time.

    I get an awful lot of emails so I would have had to open them all to find out any attachment names and in any case only still have on the server about 10 days worth.

    So if the files are just coming in now, then Defender seems to be catching them, by quarantining them until I can do a full scan of the E drive.

    Is there any way to check out whether there are some Trojans sitting somewhere ready to come to action every reboot?

Page 1 of 4 123 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •