Hvl RAT detected by MS Anti-Spyware

  • Thread starter Thread starter Tom
  • Start date Start date
T

Tom

I have a home network. My MS Antispyware has run for weeks
with no detections at all, then about 4-5 days ago, it
detected "Hvl RAT, Remote Access Trojan". I removed it as
suggested. The next day it was back again. I removed it
and the next day it was back again. This time I shut of
my DSL connection overnight, no HvL RAT detected. Last
night I turned off the computer, but left the DSL
connected...this morning the HvL RAT was back. I called
my network guy, who stopped yesterday...he said he has
never heard of this remote access trojan, and when I look
for information on this on the web I can find nothing in
any database, MS or otherwise. Anyone have any suggestions
on how to block it permanently?
 
Please submit a suspected spyware report from the infected machine
using Tools from the Menu

Restart in Safe Mode, open Microsoft AntiSpyware, on the scan page choose
scan options > full system scan (check boxes below) > click "Run Scan Now".
 
I think we need the low level details of what was detected. I tried
checking a competitors database which also claims this detection, but wasn't
able to get any details about what they see constituting this threat.

So--as best you can--see whether it is possible to cut and paste--probably
using keyboard commands--try ctrl-s or ctrl-a. the details of what is
detected on your system.

The next step would be to try to establish the origin of those files--i.e.
are they part of some existing app that has been there forever, or are they
in temp Internet files, etc.

Often when such things recur, it means that something is still in place
which was either incompletely cleaned, or is simply being missed entirely.
D@nnyBoy's advice about cleaning in safe mode can be effective at the
cleaning issue, but if a trojan is in place which is being missed
completely, and is then bringing in this additional threat, you are going to
need other cleaning tools to get it taken care of.

So--I concur with D@nnyBoy's advice, but with the additional remarks I've
made. We also need to consider the possibility of a false
positive--checking into the details carefully will give us some basis for
this.

If you can actually find executable files which constitute the detected
threat on your system, you can also try submitting them to:

http://www.virustotal.com
http://virusscan.jotti.org

for a reading--a pass here doesn't mean that the file is clean, however.
 
Back
Top