Endpoint Protection

 View Only
Back to discussions
Expand all | Collapse all

Trojan Horse detections on filepath: c:\windows\system32\btjunghu.dll

  • 1.  Trojan Horse detections on filepath: c:\windows\system32\btjunghu.dll

    Posted Feb 25, 2010 09:33 AM
    I'm getting a lot of alerts lately for Trojan Horse detections on filepath: c:\windows\system32\btjunghu.dll.  Most of these clients are unmanaged for some reason (don't know if this caused them to be unmanaged or if they were unmanaged previously) and the action being taken is 'Left alone'.   Is anyone else seeing this?  Can't find anything searching the web or Symantec.


  • 2.  RE: Trojan Horse detections on filepath: c:\windows\system32\btjunghu.dll

    Posted Feb 25, 2010 09:35 AM
    Left alone?

    https://www-secure.symantec.com/connect/forums/virus-found-left-alone 


  • 3.  RE: Trojan Horse detections on filepath: c:\windows\system32\btjunghu.dll

    Posted Feb 25, 2010 10:47 AM
    Are you using any P2P application on your computer like vuze, limeware etc.

    this threat i have once in bjjunkie torrent.
    This would work as Downloader/Trojan that would download other threats.

    Go to the machine check if you have that file in that location if yes then try to delete it.if not in normal mode then in safe mode.

    also run a scan in safe mode as 3rd party apps don't load in safe mode.


  • 4.  RE: Trojan Horse detections on filepath: c:\windows\system32\btjunghu.dll

    Posted Feb 25, 2010 11:59 AM
    see any strange process show up in task manager?  If you google those process to see if the PC is infected.  Try some other free online scans i know Trend has house call you can use.
     


  • 5.  RE: Trojan Horse detections on filepath: c:\windows\system32\btjunghu.dll

    Posted Feb 25, 2010 02:26 PM
    These keep cropping up on various computers and the risk report is showing what appears to be crosstalk (other users that have this detection are showing up on new detection reports for computers that do not belong to them and they have never used). 

    These are showing up as detected by source 'Definition download'


  • 6.  RE: Trojan Horse detections on filepath: c:\windows\system32\btjunghu.dll

    Posted Feb 25, 2010 03:28 PM
     can you give us a screenshot of the detection.
    the computers which is the source is it in your network. if yes then it might be attacking other computers where it is just blocking this threat.
    Catch hold of that computer and clean it first.


  • 7.  RE: Trojan Horse detections on filepath: c:\windows\system32\btjunghu.dll

    Posted Feb 25, 2010 03:35 PM

    How can I determine the attacking computer?  Also, whatever this is, it seems to be converting these client to unmanaged.



  • 8.  RE: Trojan Horse detections on filepath: c:\windows\system32\btjunghu.dll

    Posted Feb 25, 2010 03:37 PM
    go to a infected computer look at the risk log and find the source. 


  • 9.  RE: Trojan Horse detections on filepath: c:\windows\system32\btjunghu.dll

    Posted Feb 26, 2010 08:39 AM
    All log files are blank.  No logs.  Seems to be converting clients to an unknown state.


  • 10.  RE: Trojan Horse detections on filepath: c:\windows\system32\btjunghu.dll

    Posted Feb 26, 2010 10:53 AM
     On a infected Client try running Malwarebytes or Hitman Pro so check if has disabled SEP and the threat is still working.


  • 11.  RE: Trojan Horse detections on filepath: c:\windows\system32\btjunghu.dll

    Posted Feb 26, 2010 06:27 PM
    Ran malwarebytes and got bsod partway through.  Going to have this reimaged.  If this thing is putting the SEP client out-of-commision...that's not good. 


  • 12.  RE: Trojan Horse detections on filepath: c:\windows\system32\btjunghu.dll

    Posted Feb 26, 2010 08:17 PM
    If you haven't already re-imaged the machine you should submit the file to Symantec first. Here is the guide:

    http://service1.symantec.com/support/ent-security.nsf/docid/199822105339

    Cheers
    Grant