« previous next »
Pages: [1]   Go Down

Author Topic: New Trojan?  (Read 2726 times)

0 Members and 1 Guest are viewing this topic.

FiscoKid

  • Guest
New Trojan?
« on: November 17, 2010, 01:56:22 AM »
Avast identifies a trojan as "AILI trj" but cant get rid of it. Trojan replicates itself in the window temp directory when an attempt to delete it is made by manual or by avast. This occurs as well during a bootup scan. Any suggestions. OS is WinXP pro.
Logged

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89182
  • No support PMs thanks
Re: New Trojan?
« Reply #1 on: November 17, 2010, 02:11:12 AM »
What is the file name ?

When it is replicated is the file name the same or are these file names randomly named ?

If it keeps coming back, there is likely to be an undetected or hidden element to the infection that restores or downloads the file again. What is your firewall ?

If you haven't already got this software (freeware), download, install, update and run it and report the findings (it should product a log file).

Don't worry about reported tracking cookies they are a minor issue and not one of security, allow SAS to deal with them though. - See http://en.wikipedia.org/wiki/HTTP_cookie.
Logged
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.4.6112 (build 24.4.9067.762) UI 1.0.803/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

FiscoKid

  • Guest
Re: New Trojan?
« Reply #2 on: November 17, 2010, 08:58:53 PM »
file name is 4ce3fcaf.qsp and changes.
Logged

FiscoKid

  • Guest
Re: New Trojan?
« Reply #3 on: November 17, 2010, 09:04:52 PM »
Running Endian Firewall. Tried mbam, boot with Avast scanning, Panda online scan, Dr. Web. Still came back
Logged

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89182
  • No support PMs thanks
Re: New Trojan?
« Reply #4 on: November 17, 2010, 09:23:13 PM »
Does anything in this link ring any bells, e.g. do you happen to have this software installed ?

http://www.file-extensions.org/qsp-file-extension
Logged
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.4.6112 (build 24.4.9067.762) UI 1.0.803/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

FiscoKid

  • Guest
Re: New Trojan?
« Reply #5 on: November 17, 2010, 10:10:40 PM »
No, doesn't ring any bells. I noticed that it first started out creating temp files in the users temp directory. When I deleted those while watching process explorer it started to create the qsp files in the windows/temp folder. Symantec finds it the files and now quarantines them, but I cannot discover the source. I am now running another antivirus check in safe mode over night to see if that shows up anything.
Logged

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89182
  • No support PMs thanks
Re: New Trojan?
« Reply #6 on: November 17, 2010, 11:08:08 PM »
You haven't got symantec installed at the same time ?
As that can bring its own sort of pain in the form of conflict.
Logged
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.4.6112 (build 24.4.9067.762) UI 1.0.803/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security
Pages: [1]   Go Up
« previous next »