Solved trojan.ransom found by malwarebytes

October 23, 2012 at 10:28:06
Specs: Windows XP, pentium 4 3 ghz / 1 gb
I've been running scans with AVG and never found any virus ; my computer seems to run ok . I just decided to double check with malwarebytes program and it says it found trojan.ransom in escndv.exe .
escndv.exe has to do with my epson printer software . So I am not a virus expert ... what the heck does this mean ? Do I really have a trojan ? How did this happen ?

See More: trojan.ransom found by malwarebytes

Report •

✔ Best Answer
October 24, 2012 at 10:54:36
This problem has been reported as false positive :
http://forums.malwarebytes.org/inde...


#1
October 23, 2012 at 12:37:19
"How did this happen ?"
Malware Prevention
http://www.malwarevault.com/index.html
"There is no magic involved. The majority of malware is installed by the user themselves"

"Do I really have a trojan ?"
Run ComboFix
http://www.bleepingcomputer.com/dow...
http://download.bleepingcomputer.co...
http://www.techsupportforum.com/sec...
http://www.forospyware.com/sUBs/Com...
A guide and tutorial on using ComboFix
http://www.bleepingcomputer.com/com...
Note:
Do not mouseclick combofix's window while it is running. That may cause it to stall.
If after running Combofix you discover none of your programs will open up, and you recieve the following error: "Illegal operation attempted on a registry key that has been marked for deletion". Then the answer is to REBOOT the machine, and all will be corrected.
Can't Install an Antivirus - Windows Security Center still detects previous AV
http://www.experts-exchange.com/Vir...
We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:
* Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found in this topic.
http://www.bleepingcomputer.com/for...
Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.
When finished, clear away any of the files and folders that were created by ComboFix.
Start > Run, Copy and Paste > ComboFix /uninstall and click OK.
Qoobox is a folder created by Combofix to quarantine any infected files.


Report •

#2
October 23, 2012 at 13:11:34
Sorry if I sound rude but this sounds like an advert for something called ComboFix . Plus I already know that virus's are downloaded but i don't remember downloading anything suspicious and I always run AVG after i download something .

I am puzzled by why AVG couldn't find anything but this malwarebytes detects that I have something . That is my question .

And specifically why is an executable having to do with my Epson printer software infected when that is not something i downloaded ?; i installed from cd .

I suspect that malwarebytes is full of bs . Is that possible ?


Report •

#3
October 23, 2012 at 13:29:48
Hi it happened to me exactly the same

malwarebytes found trojan.ransom in escndv.exe in 2 DIFFERENT PC'S AT THE SAME TIME. Isn't it strange?? 2 different pc's infected at the same time in the same file????

this morning I run full scan on both of them and they were clean


Report •

Related Solutions

#4
October 23, 2012 at 13:40:40
I hit the same problem today too. Been using Epson scan and Malwarebytes for years without problem

Report •

#5
October 23, 2012 at 13:45:01
Now we are 3. Actually 4 (I with 2 pc's).
it sounds very strange to me.

Report •

#6
October 23, 2012 at 13:49:08
nboro "Sorry if I sound rude but this sounds like an advert for something called ComboFix"
Combofix is a free tool, and is used by experts to remove viruses from your pc.
We are all helpers who donate our time for free, and if a thread or post looks like spam/advertising we will be the first to let you know or have it removed.

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •

#7
October 23, 2012 at 13:52:03
armageddon1966 and Poof Could you please start your own threads, even though things might sound the same, all three pc's are different and one fix may not fix another.

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •

#8
October 23, 2012 at 14:05:45
MrGoodguy

I appreciate your job. I know you guys do it for free. Anyway just for your info. On a third PC I have just scanned the installation disk EPSON SX410 and MALWAREBYTES found the same trojan.ransom in the escndv.exe. I decided to copy it on the desktop of this one (absolutely clean) and malwarebytes found trojan.ransom in this one too.

waht do you think?? How could the installation disk be infected??


Report •

#9
October 23, 2012 at 14:19:47
Due to the high numbers of this happening today over a few pc's we could be looking at a false positive, but I doubt it.

Please download and run Rougekiller from this link:
http://tigzy.geekstogo.com/roguekil...
Instructions:
•Please quit all programs
•Right-click the RogueKiller file and select "Run as Administrator'
•Press: SCAN
•On the RogueKiller console, click the Registry tab.
•Make sure the entries there are checked.
•Then, press the [Delete] button.

An RKreport Log (Mode: Delete) is created on the Desktop.
Please provide the RKreport Log in your reply.
Restart the computer.

Then TDSSkiller from this link;
http://www.softpedia.com/get/Antivi...

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •

#10
October 23, 2012 at 16:22:51
Here is a good link on how to fix.

As I previously mentioned > Start with Combofix.

http://www.techspot.com/community/t...


Report •

#11
October 23, 2012 at 16:31:51
Another tool to use prior to running Combofix.

Download & run Unhide
http://www.bleepingcomputer.com/for...
http://download.bleepingcomputer.co...
Once the program has been downloaded, double-click on the Unhide.exe icon on your desktop and allow the program to run, it does take some time, be patient. This program will remove the +H, or hidden, attribute from all the files on your hard drives. If there are any files that were purposely hidden by you, you will need to hide them again after this tool is run.


Report •

#12
October 23, 2012 at 20:26:49
IMO Combofix is a BIT harsh to run at the beginning...the OP stated his PC was running OK.

nboro
Try these 2 free fully working trials and run them till they run clean. They find things AV's and other progs miss...seeing it is known as a trojan
1- Trojan Remover
http://www.simplysup.com/tremover/d...
2- Hitman Pro
Good luck

Some HELP in posting on Computing.net plus free progs and instructions 7 Golds


Report •

#13
October 24, 2012 at 10:54:36
✔ Best Answer
This problem has been reported as false positive :
http://forums.malwarebytes.org/inde...

Report •

#14
October 24, 2012 at 13:05:07
Excellent news, thank you for letting us know.

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •

Ask Question