I [might] have a[n undetected] Trojan

August 5, 2012 at 16:36:31
Specs: Windows 7
Some stolen account on steam (a game distribution platform with an IM system) linked me a copy paste of what was obviously a viral .exe
aaaand I opened it. Before you scream "WHHHYYYYYYY" It's because I attempted to open it with avast's sandbox but the "sandbox" thing didn't show up.
Instead the icon blinked for a half second, probably did what it does best. Installing itself in hidden folders, etc.
At this point I was really both confused and annoyed at avast not auto-sandboxing it. (Oops)

I ran a scan http://r.virscan.org/a3fd1c1064a4e4... and reported the account for user misconduct.
Found this: http://pastebin.com/EyCnWJV3
Promptly changed passwords and disabled remote assistance in control panel. Even uninstalled Steam so he can't disable VAC guard (at least not easily).

Sounds like an overreaction I suppose, I have no way to know if I even ran the .exe since I can't tell if I clicked once which caused it to blink/be selected.
Lesson learned: Avast won't auto-sandbox things that blatantly look suspicious to humans, get a program that lets you manually sandbox?

If it actually got a trojan in there I assume it will be able to just switch remote assistance back on and track my passwords however

So what else can I do against an undetected malware?

See More: I [might] have a[n undetected] Trojan

Report •

August 5, 2012 at 16:45:17
Start by running Malwarebytes ( MBAM ) you will have to outsmart the infection, such as renaming & running in Safe mode.

Malwarebytes' Anti-Malware ( MBAM ) Use Quick scan.
If your MBAM log indicates "No action taken." That's usually a result of NOT clicking the Remove Selected button after the scan.
Quick Scan versus Full Scan
Error codes
FAQ - Common Issues, Questions, and their Solutions.
PUM = Potentially Unwanted Modifications.
Action for Potentially Unwanted Modifications (PUM): This option identifies system setting modifications which may have an adverse effect or direct impact of available functionality or resources of the system.
VIPRE Rescue Program
Try it in Safe mode with Networking.
If it won't run, rename the downloaded mbam-setup.exe file to mb.exe to help work around certain malware that will block it from being run.
If it still will not run.
1: Go to Control Panel > Programs and Features and uninstall Malwarebytes.
Next redownload Malwarebytes but rename it before you download it to your desktop. As you are in the process of downloading when you get to the point that the "enter name of file to save to" box appears, in the "filename" slot, rename mbam-setup.exe to something.exe, then click Save.
If it installed but will not run, navigate to this folder:
2: C:\Programs Files\Malwarebytes' AntiMalware
At the top of the page, Tools > Folder Options > View, click > Show hidden files and folders and untick > Hide extensions for known file types.
How to see hidden files in Windows
Rename all the .exe files in the Malwarebytes' Anti-Malware folder and try to run it again.
When it opens, update 1st.
If it won't update after installing, update manually.
Download & install.

Report •

August 5, 2012 at 17:21:56
But the point is that it is undetected by malwarebytes.

Report •

August 5, 2012 at 17:43:31
"But the point is that it is undetected by malwarebytes"
Where did you say that!
virscan dos'nt list it.

"So what else can I do against an undetected malware?"
Undetected malware is the norm, tell us exactly what you have used & how you used it.
In the meantime, run MBAM, you will probably need to run many others as well.

Report •

Related Solutions

August 6, 2012 at 12:32:21
Can I have this Question deleted?

Report •

August 6, 2012 at 23:57:10

Report •

August 14, 2012 at 14:18:55
You could theoretically appeal to a moderator, and given specific reasons, they may be able to. Usually as I have seen there has to be a good reason.

:: mike

edit: some reading in response to protecting the system


Report •

Ask Question