Detected Trojan.Win32.Buzus.Eaji-- Please Help!

View previous topic View next topic Go down

Detected Trojan.Win32.Buzus.Eaji-- Please Help!

Post by wunnepog on Wed May 19, 2010 2:40 am

Hello, I am quite unfamiliar with trojans and virus removal-- assistance on this would be greatly appreciated! I have contacted the Kaspersky Virus Labs and have yet to receive a response, so I came here.

Yesterday 5/17/10 my Kaspersky Anti-virus 2009 (Kaspersky Internet Security 8.0.0.454 running on Windows Vista) gave about 8 different responses to a detected trojan. 4 of them were deleted and 4 were postponed and untreated. I am unsure what this means. They all originate from the same two files-- where I rebooted my computer in safe mode, after it disinfected, and deleted the folders which only contained "note/readme" files.

I have attached a screenshot of the reports.

Also I have reports of "detected vulnerabilities", but my computer has been running fine with those up until this point where these trojans have been detected.

From what I can tell my computer is running normally, if not a tad slow on the internet (connection here is shoddy), and I have rescanned my computer, but nothing is detected.

I am still worried-- I have read that malware and trojans can hide in the system reboot(?).

What does this particular trojan-- Trojan.Win32.Buzus.Eaji-- do? Where does is originate from (as in how did it get on my computer)? How can I be sure the trojans have been removed?

I am willing to provide extra information on my computer-- downloads I have made, sites I have visited, etc-- PLEASE HELP!

wunnepog
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-05-19
Gender Gender : Female
OS OS : Vista
Points Points : 24011
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Detected Trojan.Win32.Buzus.Eaji-- Please Help!

Post by Dr Jay on Wed May 19, 2010 5:18 am

Hello, and welcome to GeekPolice.

Please note the following information about the malware forum:
  • Only Tech Officers, Global Moderators, Administrators, and Malware Advisors are allowed to give advice on removing malware from your computer.
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by the staff I noted above.
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • If you have already asked for help somewhere, please post the link to the topic you were helped.
  • We try our best to reply quickly, but for any reason we do not reply in two days, do one of two things:

    Reply to this topic with the word BUMP, or
    see [You must be registered and logged in to see this link.].

  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.





Please visit this webpage for a tutorial on downloading and running ComboFix:

[You must be registered and logged in to see this link.]

See the area: Using ComboFix, and when done, post the log back here.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13716
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302112
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Detected Trojan.Win32.Buzus.Eaji-- Please Help!

Post by wunnepog on Wed May 19, 2010 6:17 am

Ok. Bump.

wunnepog
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-05-19
Gender Gender : Female
OS OS : Vista
Points Points : 24011
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Detected Trojan.Win32.Buzus.Eaji-- Please Help!

Post by Dr Jay on Wed May 19, 2010 3:15 pm

Is there a problem?

What did you bump for?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13716
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302112
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Detected Trojan.Win32.Buzus.Eaji-- Please Help!

Post by wunnepog on Wed May 19, 2010 8:44 pm

I'm sorry, the message stated to persist until my computer was free of problems. I still have yet to receive an answer to my original query-- I've never encountered a trojan and I am worried about the damage it may do to my computer.

I won't bump again, I will continue to wait patiently until I get feedback. Sorry about that.

wunnepog
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-05-19
Gender Gender : Female
OS OS : Vista
Points Points : 24011
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Detected Trojan.Win32.Buzus.Eaji-- Please Help!

Post by Dr Jay on Wed May 19, 2010 11:00 pm

The trojan you write above is a backdoor trojan which gets distributed through email/greeting card messages.

It is also a worm downloader, which installs a worm on to your computer, so it can successfully spread the same trojan to other computers through the means of USB devices, network transfer, etc.

Lastly, it tweaks certain settings in Windows to reduce its functionality, making it rather difficult to remove.

Does that sum it up?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13716
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302112
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Detected Trojan.Win32.Buzus.Eaji-- Please Help!

Post by wunnepog on Fri May 21, 2010 5:48 am

Yes, thank you-- I think this virus downloaded after I accidentally opened some spam mail.

I guess my research was right, it hides in other programs... So is there anyway to go about deleting it or detecting it to make sure it's gone from my computer?

wunnepog
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-05-19
Gender Gender : Female
OS OS : Vista
Points Points : 24011
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Detected Trojan.Win32.Buzus.Eaji-- Please Help!

Post by Dr Jay on Fri May 21, 2010 5:56 am

Please do a scan with [You must be registered and logged in to see this link.]

Click on the Accept button and install any components it needs.

  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer.
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13716
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302112
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Detected Trojan.Win32.Buzus.Eaji-- Please Help!

Post by wunnepog on Fri May 21, 2010 5:48 pm

Ah, the Kaspersky will not download because I already have Kaspersky Internet Protection 8.0, so should I disable Kaspersky and try again?

wunnepog
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-05-19
Gender Gender : Female
OS OS : Vista
Points Points : 24011
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Detected Trojan.Win32.Buzus.Eaji-- Please Help!

Post by Dr Jay on Fri May 21, 2010 7:23 pm

Please run a free online scan with the [You must be registered and logged in to see this link.]
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13716
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302112
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Detected Trojan.Win32.Buzus.Eaji-- Please Help!

Post by wunnepog on Sat May 22, 2010 5:06 pm

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=77edc5655d948943b4d05be7a4a5fd63
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-05-22 01:14:15
# local_time=2010-05-22 09:14:15 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=1281 16774525 100 100 24926795 56218324 0 0
# compatibility_mode=5892 16776573 100 100 0 111115138 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=323313
# found=6
# cleaned=6
# scan_time=17644
C:\Downloads\RegistryMighty_Setup.exe multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Program Files (x86)\AskSBar\bar\1.bin\A2PLUGIN.DLL a variant of Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files (x86)\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL Win32/Toolbar.AskSBar application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files (x86)\Registry Mighty\MightyUpdate.exe Win32/Adware.RegistryGreat application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files (x86)\Registry Mighty\RegistryMighty.exe probably a variant of Win32/Adware.RegistryEasy application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\SwSetup\AOLIMS\setup.exe probably a variant of Win32/Agent trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

wunnepog
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-05-19
Gender Gender : Female
OS OS : Vista
Points Points : 24011
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Detected Trojan.Win32.Buzus.Eaji-- Please Help!

Post by Dr Jay on Sat May 22, 2010 9:37 pm

Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.].
Alternate link: [You must be registered and logged in to see this link.].
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Copy and paste the entire report in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13716
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302112
# Likes # Likes : 10

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum