Jump to content

Trojan Advice Pls


Recommended Posts

Hi guys,

New hear so please be gentle.

Ran a scan this morning after 27 days (very slack).

I have a trojan msil.nd2 which is in quarantine.

I've googled that this is serious threat to privacy but on another thread on the false positives forum, yesterday, people are assuming it is a false positive...is this correct and does that mean it's nothing to worry about? Here is the link: http://forums.malwarebytes.org/index.php?showtopic=83019

Or is this serious? Do I need to change all my passwords now?

Thanks

Link to post
Share on other sites

  • Staff

Greetings and welcome :)

To determine if the item was a false positive, update Malwarebytes' Anti-Malware and restore the item from Quarantine, then, before rebooting your computer (this way if it was a real threat, it won't be active, as it cannot load into memory until you reboot), perform another scan to see if it is still detected with the latest updates. If it is not detected, then it was indeed a false positive and you should leave it restored. However, if the item is still detected, even with the latest database update, then it is not a false positive and you should quarantine the threat again and take any necessary actions to secure your information, passwords etc.

If it does turn out to be a real threat and not a false positive, I would also advise you to do the following to verify that there are no other threats present on your system:

Please read and follow the directions here, skipping any steps you are unable to complete. Then create a NEW topic here.

One of the expert helpers there will give you one on one assistance when one becomes available.

Please note that it may take 48 hours or more for you to receive a response in the malware removal forum, as it is often busy at times. Please do not reply to your own post asking for help unless its been more than 48 hours since you originally posted, as this can make it appear as though you are being helped and take longer for you to get help.

If you are unable to do all or any of the steps in the link to the directions above, just post your problem into the forum I gave you a link to anyway and someone will be able to assist you.

If you prefer to be assisted via email you may contact support@malwarebytes.org and one of our support staff members will assist you directly.

If you are a reseller, affiliate, technician, corporate, business, educational, government or non-profit customer then please contact corporate-support@malwarebytes.org and include full contact details along with your Reference # when you do to ensure that you receive prompt assistance.

Thank you :)

Link to post
Share on other sites

Hi exile360

Thanks for your prompt reply.

After the scan was done and I put it into quarantine, then my computer rebooted automatically. I think it's because there was a Windows update,

is it still okay to do the updated scan?

Perhaps I'm being presumptuous... as I'm currently running a developer scan to get the log file. However I didn't restore the trojan beforehand

so I guess it makes it meaningless, should I stop and do as you said?

Thanks again.

Link to post
Share on other sites

  • Staff

Hi exile360

Thanks for your prompt reply.

After the scan was done and I put it into quarantine, then my computer rebooted automatically. I think it's because there was a Windows update,

is it still okay to do the updated scan?

You're welcome :)

That's alright, after quarantining most threats, Malwarebytes' requires a reboot anyway to complete the cleanup process and it wouldn't affect what we're doing now.

Perhaps I'm being presumptuous... as I'm currently running a developer scan to get the log file. However I didn't restore the trojan beforehand

so I guess it makes it meaningless, should I stop and do as you said?

Thanks again.

Yes, it won't detect anything that is already in Quarantine so you'll need to restore the threat first, but make sure you do not reboot after you've restored it from Quarantine, then do the scan to see if it is still detected. Just make certain that before you do the scan, you update Malwarebytes' Anti-Malware so that it is scanning with the latest definitions, the current database version is 6462.

Link to post
Share on other sites

Okay please help.

Took me all day to get to this point, been very busy.

I ran another scan after restoring the trojan this morning (the database was at 6462) and the trojan has come back again, does this definitely mean I am infected?

A number of people posted that it may be a false positive yesterday here: http://forums.malwar...showtopic=83019, so please forgive me for being still unsure. I have no experience of this.

Also now it's the evening here since I've logged back on and I've noticed that the database has updated again a second time, since this morning, will this make a difference if I restore again and run scan or am I definitely infected?

Thanks.

Link to post
Share on other sites

  • Staff

The latest update might make a difference so it's worth giving that a try. At that point, if it is still detected, I would advise you to post in that topic with a copy of the detected file as well so that it can be checked by one of our researchers to verify whether it is a false positive or an actual infection.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.