Author Topic: "Win32:Small-HUF [trj]" help.  (Read 11620 times)

0 Members and 1 Guest are viewing this topic.

paul101

  • Guest
"Win32:Small-HUF [trj]" help.
« on: July 17, 2009, 09:14:58 PM »
Avast detected Win32:Small-HUF [trj] when i was running a routine scan. Anybody know what it does and how to remove it?

Jtaylor83

  • Guest
Re: "Win32:Small-HUF [trj]" help.
« Reply #1 on: July 17, 2009, 10:32:37 PM »
what is the filename and location of the malware? Please check your warning log.

C:/Program Files/Alwil Software/Avast4/DATA/log/warning.txt
« Last Edit: July 17, 2009, 10:40:20 PM by Jtaylor83 »

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 33579
  • malware fighter
Re: "Win32:Small-HUF [trj]" help.
« Reply #2 on: July 17, 2009, 10:41:43 PM »
Hi paul101,

If you located where the virus was flagged (see avast log), you can scan the file(s) in question against the scanners of virustotal.com.
In the past this detection was also reported as a false positive, so we have to check this.
If it is the real malware, a dangerous trojan, then look for these traces to be present on your computer:

Kill the following processes
mul_.exe, msgked.exe, services.exe, msgked.exe, msgked.exe
Unregister the following DLLs and reboot
2.01.00.dll.
ljo.dll, mjice.dll, plenb.dll in Windows\system32\
objna.dll in Windows\system\
Delete these registry entries
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\msmc
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\services process
Remove the following files
2.01.00.dll, mul_.exe.
ljo.dll, mjice.dll, msgked.exe, plenb.dll in Windows\system32\
services.exe in Windows\system32\config\
msgked.exe, objna.dll in Windows\system\
msgked.exe in Windows\temp\

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

paul101

  • Guest
Re: "Win32:Small-HUF [trj]" help.
« Reply #3 on: July 18, 2009, 10:58:08 PM »
hello, the file name is c:\windows\MEMORY.DMP
Also i cant move it to the avast chest as there is not enough disk space.
I cant find any of the processes youve mentioned, which i hope is a good thing?
Im gonna have a look for the DLLs youve mentioned, shortly. Hopefuly it is just a false positive.
thanks

paul101

Offline mathboyx215

  • Avast Evangelist
  • Poster
  • ***
  • Posts: 449
Re: "Win32:Small-HUF [trj]" help.
« Reply #4 on: July 18, 2009, 11:09:33 PM »
Recommend you read this topic  http://forum.avast.com/index.php?topic=46800.0
Follow Davidr's instruction in that topic and you should be fine
It is not possible to divide anything by zero