Trojan Horse Downloader.Keenval.J

[mdt6288]

I wanted to post this message just in case there are some people out
there who have had this Trojan Horse trot it's way into thier
C:\Program Files\Common Files\updater\wupdater.exe It's name is Trojan
Horse Downloader.Keenval.J

Althought the AVG virus detector wouldn't heal or remove this virus
(if you want to call it that) manually removing the entire 'updater'
file works, after you stop using the application... What I mean by
'stop using the application' is: hitting Ctrl, Alt and Delete, (if
your using XP)choosing the Processes tab and clicking the wupdater.exe
and clicking 'End Process'. After which you should be able to delete
the actual file and it's contents.

So far, I have had no problems with this Trojan Horse or symptoms of
it's presence save for the initial warning of it's being on the
computer. I know nothing about it except for the assumption that it's
spyware and possibly a cause of trouble while shutting down your
computer.

If there is anything else I should know about this, or some other
suggestions for me concerning this little guy or it's removal please
post and let us all know. Thanks a ton!

 

[Menno Hershberger]

It sounds like you probably got it.
See http://www.bullguard.com/forum/8/Trojan-DownloadKeenvalB_403.html
They recommend deleting the file in safe mode, but you accomplished the
same thing by killing the process and deleting it. If I were you I'd run
AdAware, SpyBot, and whatever else to see what else you've got.

(e-mail address removed) (mdt6288) wrote in @posting.google.com:

 

[mdt6288]

To follow up a little bit, I should tell you all that the Drama
continues...

According to AVG the virus no longer exists on the computer, HOWEVER
windows has detected the exact same Trojan elsewhere on my PC. AVG
does not detect it yet in it's scans. Windows frequently pops up to
say it's there and tells me where it is.

Now it is moved to a folder I cannot access manually on my PC.
C:\System Volume Information\_restore{2AD2B242-1E70-421B-A858-436AF21-ADA96}\RP93\A0006065.exe
AVG sees the folder when I run my scans, but doesn't find anything
wrong with it. The folder can't be accessed or seen by any usual means
in Windows Explorer or even by showing hidden and system files.

And so... I welcome any more advice on how to dispose of it,
downloading a whole bunch of programs in 'unapealing' but I will if I
can't figure it out on my own. It annoys me to have it on my machine
still, though it's temporarily relocated.

 

[t.cruise]

The System Volume Information folder is where your System Restore Points are
stored. Even if you don't manually create a System Restore Point, Windows
XP automatically creates one approximately every 24 hours when certain
criteria are met, depending whether or not you've powered off your system
etc.. Anyway, Antivirus Programs cannot gain access to the System Volume
Information folder to remove viruses from System Restore Points. Symantec
and other companies advise that when are infected with a virus, along with
using your antivirus program or a removal tool to remove the virus, that you
ALSO turn off System Restore, which automatically deletes all Restore
Points. Then reboot your system and then turn System Restore back on. How:
Right click the desktop My Computer icon, left click Properties, click the
System Restore tab, click to put a checkmark in the box to the left of: Turn
Off System Restore, then click the APPLY and OK buttons. Then reboot your
system, and go back and click to REMOVE the checkmark, which will turn
System Restore back on. Restore Points will again automatically be created.

 

[Plato]

Information folder to remove viruses from System Restore Points. Symantec
and other companies advise that when are infected with a virus, along with
using your antivirus program or a removal tool to remove the virus, that you
ALSO turn off System Restore, which automatically deletes all Restore

Agreed. System restore MUST always be shut down and restore point
deleted, hopefully automatically, before you go and run your anti-virus
or special bug kill file to kill a virus/trojan you know you have.