1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Isolated Positive Findings (Trend and Avast!)

Discussion in 'Security and Privacy' started by tanya, 2011/05/28.

  1. 2011/05/28
    tanya

    tanya Inactive Thread Starter

    Joined:
    2002/07/28
    Messages:
    264
    Likes Received:
    0
    Hello,
    I hope this is the right group: (vs. the "Malware and Virus Removal" forum).

    In summary:
    The following threat "Threat: Win32:Hostile[Wrm]" (from an unopened email message), is / are in some MozBackUp files on a Dell E520 (profiled in control panel)
    (C | Documents and Settings | My Documents)
    And were on:
    2 flash drives:
    They are not in the mail folder (C | App data | ThunderBird | Profiles -> mail)
    or in the entire Thunderbird folder (C | App data ->Thunderbird)

    The following is very unclear but I include it in case there are any questions:

    *** Start of Unclear Information ***​

    The culprit computer is detailed in the control panel. (Dell E520, Windows XP home SP3 totally up to date).
    Avast! Free version, 5.0.545 completely up to date.

    Email Client: Thunderbird: version 2.0.0.24 (20100228)

    Several months ago, got a suspicious email: made a new mail folder for the message and scanned it with Avast! and a mini program from Trend's Web site. Both came up negative.
    I never opened the message or ran its executable file (fed ex doc.exe(?))

    I deleted the message but kept the new folder.

    Have been using MozBackUp and copying the back up files (*.pcv) to 2 flash drives.

    Yesterday, wanted to transfer files to another PC (Dell Optiplex 780) which runs Trend Microsystems Internet Security (Full version) Program version: 16.60.3021; engine version 9.200.1008; Pattern version: 8.183.50 completely up to date
    Scanned each flash drive which came up with:
    "Item: TSC_GENCLEAN; type: trojan; staus: successfully removed "
    7 files:
    These are quarantined by Trend.

    (Problem: Each instance reports differently with Trend (i.e. Virus found; Trojan and with Avast! ) The identified threats all had different names (But are in same locations etc...
    Trend finds "TROJ_CHEPVIL.H" in the Thunderbird backup files on the flash drives.

    After Trend "fixed" the problem, re-ran flash drives and they are clean.

    Ran the "fixed by Trend" drives through Avast! on the problem PC and they are "clean ".

    Full Avast! scan (5/27/11) on the problem PC is negative.

    However running the backup file(s) through Avast! (e.g.file "Thunderbird 2.0.0.24 (en-US) - 2011-05-27.pcv ") finds (found) a threat. "Threat: Win32:Hostile[Wrm] "
    which Avast! moved to the virus chest.
    Rescanning the file (after Avast!'s fix) is clean.
    I.e. right click - scan for viruses

    The mail (C | App Data | Thunderbird | Profiles -> mail) and the Thunderbird program (C | App Data -> Thunderbird) are both clean according to Avast!

    *** End of Unclear Information ***​


    Malwarebytes is negative.

    Should I move this post to the "Malware and Virus Removal" forum?
    And
    download the programs and run the steps outlined:
    Here
    "Windows BBS - Announcements in Forum : Malware and Virus Removal "
    http://www.windowsbbs.com/malware-virus-removal/announcements.html

    Thank you!
     
    tanya,
    #1
  2. 2011/05/30
    Arie

    Arie Administrator Administrator Staff

    Joined:
    2001/12/27
    Messages:
    15,174
    Likes Received:
    412
    Arie,
    #2


  3. to hide this advert.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...