trojan.backdoor.small.FB

[Guest]

Whenever I run a scan with Microsoft antispyware beta this "trojan" keeps
coming up. Is there any way to permanently block this threat, or is it even
a real threat? Any info will be appreciated.
Thanks

 

[Guest]

Hi Redmunds

When the scan finishes and it shows the results page click the + next to the
Trojan.Backdoor entry and let us know where its located and what the filename
is, You can also check the scan history to see if its the same file that
keeps being detected or if its regenerating after removal. Open Microsoft
Antispyware, Goto 'Tools' then 'Spyware Scan' and click 'View Spyware Scan
History' left click one of the logs where its detected this trojan and from
the menu on the right click 'View Full Details Of Scan' you can then copy and
paste that back if you need more help.

If its in system volume information then thats easily fixed by clearing the
restore points, if its showing the file in another location then let us know
where as it will be alot easier to determine if its a real threat.

If you find the location and its showing a file (Not a registry entry) then
upload it at a malware scan site, Jotti or VirusTotal will be best as they
use most of the main AV scanners to check the file.

http://virusscan.jotti.org/

http://www.virustotal.com

Next Download Ewido Anti-Malware and run a full system scan

http://www.ewido.net/en/download

When installing, under "Additional Options" uncheck "Install background
guard" .

Click on update in the left menu, then click the Start update button. After
the update finishes from the main menu click on 'scanner' then click
'Complete System Scan' , If ewido finds something, it will pop up a
notification. Select "Remove" and check the boxes "Perform action with all
infections" and "Create encrypted backup" then click on ok.When the scan
finishes, click on "Save Report" and save it to your desktop or c:/drive and
post back the results if it detects any malware (except cookies).

Ewido works fine after the 14 day trial expires and just stops the
background guard and auto updates, its one of the best malware scanners
around due to the amount of updates they make (Sometimes Daily) so its worth
keeping on the system as it will still scan and remove malware and you can
update it manually anytime you want.

Let us know if Ewido detects anything and where Microsoft's scanner if
finding the Trojan

Regards

Andy

 

[Guest]

I also have a problem with trojan.backdoor.small.FB. When I run Microsoft
Antispyware it often reports this trojan and refers to the following file:
C:\Documents and Settings\Admin\Local Settings\Temp\34.tmp. This file has
size 0.

It removes it satisfactorily but I believe it is a false positive. 34.tmp
only seems to recur when I read a news message in CommSecPro.exe which is a
share trading program. This generates a file 34.tmp.pdf which is the message.
34.tmp is dated a minute before 34.tmp.pdf.

If I run other antispyware programs before asking Microsoft Antispyware to
remove it they do not report a problem. How can I prevent the detection of
this false positive?

 

[Bill Sanderson]

This could, indeed, be a false positive.

If we needed to make it possible for Microsoft to replicate this
issue--where can they find more information about CommSecPro--is this the
correct link?

https://www.comsec.com.au/

--

 

[Guest]

Yes, Bill, that is the correct link. They have two programs. The newer one is
CommSecPro.exe, I don't use that because, although it has more bells and
whistles, it is less stable than the first version PTrader.exe, that is the
one I use.

 

[Bill Sanderson]

Thanks!

--

Yes, Bill, that is the correct link. They have two programs. The newer one
is
CommSecPro.exe, I don't use that because, although it has more bells and
whistles, it is less stable than the first version PTrader.exe, that is
the
one I use.

 

[Guest]

Hi Andy,
Thanks for all the info. I will try these things and let you know what
happens. The "spyware" trojan is showing up in the same file name as
mentioned in velocity's post---my documents/local settings blah blah
34.tmp.--but I do not use the website that he talks about, so I'm not sure
where mine is coming from. I'll get back to you. Thanks again. Randy Edmunds

 

[Guest]

Hi Andy,
O.K.--this is the file where the "trojan" is found--c:\documents and
settings\Randy\Local Settings\Temp\34.tmp----When I do a search for "all
files and folders" with the 34.tmp extension, I sometimes also find the same
file with 134.tmp or 234.tmp. I did the Ewido scan and it found nothing.
Virustotal also found nothing. In Virusscan.jotti, one of the scanners,
"BitDefender", found something it called "Generic.Malware.E.12225FB7" and
MPA_Bot.rar. None of the other scanners found anything.
I really don't know what else to do. I keep deleting the 34.tmp files, but
they return everytime my daughter gets on the computer. So far there doesn't
seem to be any damage done. Should I be worried?? Thanks for everything
Randy