Video Screencast Help
Search Video Help Close Back
to help
New in the Rewards Catalog: Vouchers for "Symantec Technical Specialist" and "Symantec Certified Specialist" exams.

New Trojan no removal tool

Updated: 21 May 2010 | 8 comments
efif's picture
efif
0 0 Votes
Login to vote
This issue has been solved. See solution.

4/25/2009 21:36 Infostealer Pending Analysis jtmbl.piy File C:\WINDOWS\
4/25/2009 21:36 Infostealer Cleaned by deletion jtmbl.piy File C:\WINDOWS\
4/25/2009 21:35 Trojan Horse Quarantined setup_u.exe File C:\WINDOWS\system32\
4/23/2009 6:16 Tracking Cookie Deleted Unavailable Trackware Unavailable
4/22/2009 15:34 Tracking Cookie Deleted Unavailable Trackware Unavailable
4/22/2009 14:14 Trojan Horse Quarantined M9[1].exe File c:\Documents and Settings\myname\Local Settings\Temporary Internet Files\Content.IE5\OYBHGCB5\
4/22/2009 12:04 Tracking Cookie Deleted Unavailable Trackware Unavailable

This is the log it cleaned the Trojan but the infostealer keeps on recreating itself in the quarantined folder and doesn't stop please help

discussion Filed Under:
, , , , , , , ,

Comments

pete_4u2002's picture
25
Apr
2009
0 Votes 0
Login to vote
pete_4u2002
Symantec Employee

hi, the pending analysis

hi,
the pending analysis threats needs reboot of the machine, it is recommended you scan in safe mode. Then also yu may need tp submit the file fpr SR analysis.
Update the system with the latest signature and scan in safe mode.

Cheers
Pete!!

Cheers!
Pete

Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619

efif's picture
26
Apr
2009
0 Votes 0
Login to vote
efif

Ran in safe mode was still

Ran in safe mode was still recreating itself. Every second it delets a file by the name of  Infostealer and it created a new one. The virus scan gets hung up removing this file and doesn't stop.

How do i submit for SR analysis?

Thanks for your help.

Efi

Beppe's picture
26
Apr
2009
0 Votes 0
Login to vote
Beppe
Symantec Employee
Accredited

to submit a malware

Hi,

to submit a malware sample for the first time it is better to call the technical suppport so they will explain you the procedure (how to find the file, how submit it and how to react to the infection).

Regards,

Giuseppe

tony19's picture
18
May
2009
0 Votes 0
Login to vote
tony19

Update the system with the

Update the system with the latest signature and scan in safe mode.

Sandeep Cheema's picture
18
May
2009
0 Votes 0
Login to vote
Sandeep Cheema

Similar one for us, Just got over it

I saw your logs over there, We had a similar issue too but now Symantec has modified the Eraser and you should have them deleted in the normal mode as well. The definitions after 20090511 has this eraser. This is the excerpt from the email....
----------------------------------------------------------------------------------------------------------------------------------------------
 As I told Mr. *****  today’s certified definitions include vastly superior Eraser definitions for Qakbot which were requested because of the need to avoid reboot or safe mode. I suggested that you should test it on a client on your network to see if it will remove the virus that you are dealing with without having to re-boot or boot into SAFE MODE. PLease let me know how this test goes for you. Thank you.
----------------------------------------------------------------------------------------------------------------------------------------------

And that did the trick for us. We were fighting against a new variant of IRCBot and Harakit and with an outbreak.

De facto when AV does something, it starts jumping up and down, waving its arms, and shouting "Hey!  I found a virus!  Look at me!  I'm soooo goooood!"

SOLUTION
efif's picture
18
May
2009
0 Votes 0
Login to vote
efif

It worked for me at the end a while back

thanks for your help.

Golenz's picture
25
Jun
2009
0 Votes 0
Login to vote
Golenz

Infostealer

I am having similar issue... have tried scanning in regular and safe modes, with System Restore on and off but can't seem to get rid of Infostealer.  The scan identifies 4 files to be cleaned, then reports 3 cleaned.  When I reboot and scan, 4 files to be cleaned again.  Any suggestions?

Thanks.

Grant_Hall's picture
25
Jun
2009
0 Votes 0
Login to vote
Grant_Hall

Yes you should submit the

Yes you should submit the files to Symantec, then download the rapid release that will come after you submit the sample. This is the normal routine to follow when scanning in safemode does not help. Also for future reference to safe yourself some steps you should always just scan with system restore off. The reason we say this is because a virus can put itself into the System restore files, and "restore" itself after the scan in safe mode. Again for future reference you should make a new thread when you have an issue, and link to the thread that is similar to yours. You should do this especially when the thread you are tagging onto is marked "solved" because people are more likely to ignore these threads. It also helps us not to confuse their issue with yours because often they are not exact matches.

Cheers,
Grant

Ps
If you are still having issues or want more clarification feel free to make a new post or PM me and I would be more than happy to help.

Please don't forget to mark your thread solved with whatever answer helped you : )

Technical Support

Symantec.com

Store

Community Stats

Total Content Items
Members
259,054