Is this really a trojan? How to eliminate?

[FERRANTE]

I got the following message from Trend, and yet when I did a Google on
the Trojan name, nothing came up:
-------------------------------------------
Real-time Scan
Trend Micro PC-cillin Internet Security has detected a virus, spyware
application, or other Internet threat, and performed the action
specified.

Infected file: C:\Documents and Settings\All Users\Start
Menu\Programs\Startup\svchost.exe
Virus name: TROJ_DROPPER.AJE
User name: Owner
Scan action result: The Quarantine action was unsuccessful. Manually
delete the file if you are sure that it is not needed.
Note: If Search for and clean Trojans is enabled and is executed after
scanning, you can click Next to view final scan result information.

 

[David H. Lipman]

From: "FERRANTE" <[email protected]>

| I got the following message from Trend, and yet when I did a Google on
| the Trojan name, nothing came up:
| -------------------------------------------
| Real-time Scan
| Trend Micro PC-cillin Internet Security has detected a virus, spyware
| application, or other Internet threat, and performed the action
| specified.
|
| Infected file: C:\Documents and Settings\All Users\Start
| Menu\Programs\Startup\svchost.exe
| Virus name: TROJ_DROPPER.AJE
| User name: Owner
| Scan action result: The Quarantine action was unsuccessful. Manually
| delete the file if you are sure that it is not needed.
| Note: If Search for and clean Trojans is enabled and is executed after
| scanning, you can click Next to view final scan result information.
| -------------------------------------------
| You help is appreciated.
| Mark

Well you don't search Google. If you have Trend Micros then you search the Trend Micro
library...
http://www.trendmicro.com/vinfo/virusencyclo/default.asp

However, TROJ_DROPPER.AJE is not listed. That's normal.

However, there is NO reason why SVCHOST.EXE should be in ..\Programs\Startup so yes, it is a
goopd find and is very likely a Trojan.

Do what it says and delete the file.

I can also suggest the following...


Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file. http://www.ik-cs.com/multi-av.htm

Additional Instructions:
http://harrisonrj.home.comcast.net/step_by_step_pc_cleaning_process.htm#Step_3_%96_Getting_Help


* * * Please report back your results * * *

 

[Frankster]

Well you don't search Google. If you have Trend Micros then you search

the Trend Micro
library...

http://www.trendmicro.com/vinfo/virusencyclo/default.asp

However, TROJ_DROPPER.AJE is not listed. That's normal.

I've had this happen too. Why is it normal not to have an entry in the Trend
virus encyclopedia about a virus that Trend itself identified? Do they purge
them after a while?

-Frank

 

[Art]

I've had this happen too. Why is it normal not to have an entry in the Trend
virus encyclopedia about a virus that Trend itself identified? Do they purge
them after a while?

It takes time to write descriptions and there's tons of new malware
coming out all the time.

Art
http://home.epix.net/~artnpeg

 

[Befunge Sudoku]

I got the following message from Trend, and yet when I did a Google on
the Trojan name, nothing came up:
-------------------------------------------
Real-time Scan
Trend Micro PC-cillin Internet Security has detected a virus, spyware
application, or other Internet threat, and performed the action
specified.

Infected file: C:\Documents and Settings\All Users\Start
Menu\Programs\Startup\svchost.exe

There's a legit file called that, but it doesn't live in that
folder.
It can't be quarantined in normal Windows as it's locked open.
Try booting to Safe Mode and scanning your drive then.

Why use Trend if you're not going to believe its output?

 

[FERRANTE]

Thanks Dave! What you suggested below seems to have worked. However, a
new problems is happening and this happened earlier last week. My
browser keeps starting up by itself. I close it and it will start up
about two minutes later and has spam. What could be doing that?

Thanks,
Mark

From: "FERRANTE" <[email protected]>

| I got the following message from Trend, and yet when I did a Google on
| the Trojan name, nothing came up:
| -------------------------------------------
| Real-time Scan
| Trend Micro PC-cillin Internet Security has detected a virus, spyware
| application, or other Internet threat, and performed the action
| specified.
|
| Infected file: C:\Documents and Settings\All Users\Start
| Menu\Programs\Startup\svchost.exe
| Virus name: TROJ_DROPPER.AJE
| User name: Owner
| Scan action result: The Quarantine action was unsuccessful. Manually
| delete the file if you are sure that it is not needed.
| Note: If Search for and clean Trojans is enabled and is executed after
| scanning, you can click Next to view final scan result information.
| -------------------------------------------
| You help is appreciated.
| Mark

Well you don't search Google. If you have Trend Micros then you search the Trend Micro
library...
http://www.trendmicro.com/vinfo/virusencyclo/default.asp

However, TROJ_DROPPER.AJE is not listed. That's normal.

However, there is NO reason why SVCHOST.EXE should be in ..\Programs\Startup so yes, it is a
goopd find and is very likely a Trojan.

Do what it says and delete the file.

I can also suggest the following...


Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file. http://www.ik-cs.com/multi-av.htm

Additional Instructions:
http://harrisonrj.home.comcast.net/step_by_step_pc_cleaning_process.htm#Step_3_%96_Getting_Help


* * * Please report back your results * * *

 

[David H. Lipman]

From: "FERRANTE" <[email protected]>

| Thanks Dave! What you suggested below seems to have worked. However, a
| new problems is happening and this happened earlier last week. My
| browser keeps starting up by itself. I close it and it will start up
| about two minutes later and has spam. What could be doing that?
|
| Thanks,
| Mark


Please download, install and update the following software...

* Ad-aware SE v1.06
http://www.lavasoft.de/
http://www.lavasoftusa.com/

* SpyBot Search and Destroy v1.4
http://security.kolla.de/

After the software is updated, I suggest scanning the system in Safe Mode.

I also suggest downloading, installing and updating BHODemon for any Browser Helper Objects
that may be on the PC.

* BHODemon

http://www.majorgeeks.com/downloadget.php?id=3550&file=11&evp=245a87539eea8ed6904332b4b8b8442d