Jump to content

Malwarebytes found Trojan.Downloader with scheduled scan

Recommended Posts

Hi, I have a Dell XPS 8700 PC running Windows 7 Home Premium with a 64-bit operating

system, an Intel Core i7-4770 CPU @ 3.4Ghz, and 16.0 GB of RAM.


Last night, Malwarebytes found something called Trojan.Downloader during its scheduled

daily scan, and I have since quarantined the file. 


I thought Malwarebytes would have automatically quarantined it, but it seems that it didn't

because in Settings > Detection and Protection, I had unwisely chosen "Warn user about

detections" in the PUP (Potentially Unwanted Program) detections section.  I know better



Anyways, I have since re-booted, run Malwarebytes Threat Scan, then a full scan with my

anti-virus software, (McAFee LiveSafe -- InternetSecurity), then downloaded and ran the

64-bit version of HitmanPro.  Nothing was detected.


Should I still be concerned?  I ask this because I've heard that Trojan.Downloader can

download and hide malware.

Link to post
Share on other sites

They call me TwinHeadedEagle around here, and I'll be working with you.
Before we start please read and note the following:
icon_arrow.gif Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
icon_arrow.gif Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time.
icon_arrow.gif Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
icon_arrow.gif Do not paste the logs in your posts, attachments make my work easier. There is a Attach Files option below which you can use to attach your reports. Always attach reports from all tools.
icon_arrow.gif Stay with me to the end, the absence of symptoms doesn't mean that your machine is fully operational.
icon_arrow.gif Note that we may live in totally different time zones, what may cause some delays between answers.
icon_arrow.gif Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
icon_arrow.gif If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
icon_idea.gif I can't foresee everything, so if anything unexpected happens, please stop and inform me!
icon_idea.gif There are no silly questions. Never be afraid to ask if in doubt!
P2P/Piracy Warning:

  • If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.
  • Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now and read the policy on Piracy.




Please re-run 51a46ae42d560-malwarebytes_anti_malware. Malwarebytes' Anti-Malware.

  • Click the History tab.
  • Click Application Logs and double-click the newest Scan Log where Trojan was detected.
  • At the bottom click Export and choose Text file.
  • Save the file to your desktop and include its content in your next reply.
Link to post
Share on other sites

I had copied it to my desktop as soon as I'd found out about the file. I

blanked out my last name in the data, if that's alright. Here's the file:

Malwarebytes Anti-Malware


Scan Date: 8/7/2014

Scan Time: 3:34:14 AM

Logfile: Malwarebytes found trojan.txt

Administrator: Yes


Malware Database: v2014.08.06.06

Rootkit Database: v2014.08.04.01

License: Premium

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Enabled

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: Steven xxxxx

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 331413

Time Elapsed: 8 min, 37 sec

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

Processes: 0

(No malicious items detected)

Modules: 0

(No malicious items detected)

Registry Keys: 0

(No malicious items detected)

Registry Values: 0

(No malicious items detected)

Registry Data: 0

(No malicious items detected)

Folders: 1

Trojan.Downloader, C:\Users\Steven xxxxx\AppData\Roaming\0, , [2c6c675b95e680b6845e158b11f160a0],

Files: 0

(No malicious items detected)

Physical Sectors: 0

(No malicious items detected)


Link to post
Share on other sites

That looks okay, let's perform one more scan:
Please download Farbar Recovery Scan Tool and save it to your desktop.
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Link to post
Share on other sites



Thanks for the help. 


When I ran the 64-bit version of Farbar Recovery Scan Tool,

I got the following error:


Application Error

Exception EAccessViolation in module ERUNT.exe at 00003A62.
Access violation at address 00403A62 in module 'ERUNT.exe'.
Read of address 0000002A.


FRST.txt and Addition.txt are attached:


Link to post
Share on other sites

No need to do it, your PC seems clean.




Below you will find my thoughts about securing your machine. Go ahead through it, you will benefit from some useful advice about safe computing.

Recommended reading:

:excl:MUST READ - general maintenance: What to do if your Computer is running slowly?

Recommended additional software:

icon_arrow.gifTFC - to clean unneeded temporary files.
icon_arrow.gifMalwarebytes' Anti-Malware - to scan your system from time to time in search for malware.
icon_arrow.gifMalwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.
icon_arrow.gifMcShield - to prevent infections spread by removable media.
icon_arrow.gifCryptoPrevent - to secure yourself from very severe CryptoLocker infection.
icon_arrow.gifUnchecky - to prevent from installing additional foistware, implemented in legitimate installations.
icon_arrow.gifFiheHippo.com Update Checker - to keep your programs up-to-date.
icon_arrow.gifAdblock - to surf the web without annoying ads!
The following will implement some post-cleanup procedures:
=> Please download DelFix by Xplode to your Desktop.
Run the tool and check the following boxes below;
checkmark.png Remove disinfection tools
checkmark.png Create registry backup
checkmark.png Purge System Restore
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:\DelFix.txt)
The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.

My help is free for everybody.

If you're happy with the help provided and/or wish to buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif
Thank you!

Stay safe,
TwinHeadedEagle :)
Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.