I think I have a Trojan

[Dispatcher]

I'm running XP and have McAfee. Last week McAfee started putting up a notice
that says "access denied" and it lists this, "
C:\System Volume
Information\_restore{8871662E-88B6-4F13-8F00-94BC07FEDDD9}\RP268\A0022058.ex
e\A0022058.EXE. It also calls it "DOWNLOADER DA?. Is this a Trojan? It won't
let me delete it and keeps popping up. How do I get it out of my computer.

Thanks in advance

Bill

 

[Will Denny]

Hi

Yes, you have a virus in the System Restore folder. To delete this virus:

Right click on My Computer, select Properties and then the System Restore tab. Turn SR off on all drives, reboot, then re-enable SR and re-boot again. SR will then have created a new point for you.

Please note - this is the way to delete viruses from SR, but it will delete all SR points that you already had.

Will

 

[emen]

hi,

If you think that might be a trojan just go to
www.sarc.com and search for it or go to google.com and
search. I think you might be able to download manual
trojan removal tools form wwww.sarc.com.

thx

 

[Dispatcher]

Will,
I did what you said and I'm not getting anymore McAfee alerts for that one
but now I'm getting this
C:\windows\wintrim.exe\WINTRIM.EXE and it says that it is Downloader-DA.
What do I need to do with this? It won't let me delete it.

Thanks again,

Bill


Hi

Yes, you have a virus in the System Restore folder. To delete this virus:

Right click on My Computer, select Properties and then the System Restore
tab. Turn SR off on all drives, reboot, then re-enable SR and re-boot
again. SR will then have created a new point for you.

Please note - this is the way to delete viruses from SR, but it will delete
all SR points that you already had.

Will

 

[Will Denny]

Hi

You've still got a Trojan.

Try a search here:

http://www.symantec.com/search/

Try a free scan here:

http://www.trendmicro.com/en/home/global/enterprise.htm

Does MacAfee have a virus database on their web site that might give you some info on this Trojan?

Will

 

[John Liebson]

Will,
I did what you said and I'm not getting anymore McAfee alerts for that one
but now I'm getting this
C:\windows\wintrim.exe\WINTRIM.EXE and it says that it is Downloader-DA.
What do I need to do with this? It won't let me delete it.

Thanks again,

Bill


Hi

Yes, you have a virus in the System Restore folder. To delete this virus:

Right click on My Computer, select Properties and then the System Restore
tab. Turn SR off on all drives, reboot, then re-enable SR and re-boot
again. SR will then have created a new point for you.

Please note - this is the way to delete viruses from SR, but it will delete
all SR points that you already had.

Will

Take a look here, perhaps it will help:

http://www.f-secure.com/v-descs/wintrim.shtml

 

[Chuck]

I'm running XP and have McAfee. Last week McAfee started putting up a notice
that says "access denied" and it lists this, "
C:\System Volume
Information\_restore{8871662E-88B6-4F13-8F00-94BC07FEDDD9}\RP268\A0022058.ex
e\A0022058.EXE. It also calls it "DOWNLOADER DA?. Is this a Trojan? It won't
let me delete it and keeps popping up. How do I get it out of my computer.

Thanks in advance

Bill

The first samples of this software were received on 23rd of June. It appears
that a number of people had this software installed on their system and they
were unaware of it.
This software used to install itself without authorization from the user and
given its degree of intrusiveness we added detection for it.
We have not found anything directly malicious or destructive from this
program. As far as we see, this program is currently distributed from web
pages with clear disclaimers explaining its behaviour. We won't be adding
detection of any new versions of this software as long as the disclaimers
are clearly visible to end users.
This software creates the sub-folder "wintrim" under the main Windows
folder. Where it will store its own files and other components downloaded
from the Internet.
It will, as well, add an entry pointing to itself

%windir%/wintrim/wintrim.exe
to the Windows Registry at:


[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
or


[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
Although, this entries in the Windows Registry might not always be added.

To remove this software it is enough to delete its files.

 

[Dispatcher]

Hi

Yes, you have a virus in the System Restore folder. To delete this virus:

Right click on My Computer, select Properties and then the System Restore
tab. Turn SR off on all drives, reboot, then re-enable SR and re-boot
again. SR will then have created a new point for you.

Please note - this is the way to delete viruses from SR, but it will delete
all SR points that you already had.

Will