Download TrojanHunter Now
Free 30-day trial!
Latest TrojanHunter Version:
TrojanHunter 5.0
Order Now
License file delivered within minutes.
Welcome, Guest. Please Login or Register.
Oct 6th, 2008, 10:24pm
   Mischel Internet Security Forum
   Malware
   Adware, Browser Hijackers and other Malware (Moderators: Helena, Gavin_Coe, Magnus)
   notepad infected with trojan?		 « Previous topic | Next topic »
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print
   Author  Topic: notepad infected with trojan?  (Read 607 times)
zitnok
Newbie
*





   


Posts: 37
notepad infected with trojan?
« on: Oct 28th, 2006, 9:56am »		 Quote Quote  Modify Modify
When I open notepad Trojan Hunter finds Worm.VB.134. After cleaning it post this notice-
Unable to get a handle to process 980 (C:\WINNT\system32\notepad.exe)
 
Trying filename C:\WINNT\system32\notepad.exe6122.tcf
Renamed file C:\WINNT\system32\notepad.exe to
C:\WINNT\system32\notepad.exe6122.tcf
Trojan cleaning finished.
Close.  
 
When I open notepad again the infection has reappeared.
Anyone else experienced this?
Thanks
John
IP Logged
Randy_Bell
Global Moderator
*****




TrojanHunter is the Best!

40416585 40416585   randybell_98   atmrover
WWW   Email

Gender: male
 Posts: 2883
Re: notepad infected with trojan?
« Reply #1 on: Oct 28th, 2006, 12:46pm »		 Quote Quote  Modify Modify
Please see this thread:
 
http://www.misec.net/forum/board/THGuard/1161961330
 
If this is a f.p. then hopefully get fixed ASAP.
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5661
Re: notepad infected with trojan?
« Reply #2 on: Oct 28th, 2006, 3:33pm »		 Quote Quote  Modify Modify
zitnok,
 
I strongly recommend that you upgrade to TH V4.6, Build 930 which has a totally new quarantine routine.  
 
There are other changes in the new build as well.  Please remove the older version.
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
zitnok
Newbie
*





   


Posts: 37
Re: notepad infected with trojan?
« Reply #3 on: Oct 28th, 2006, 6:03pm »		 Quote Quote  Modify Modify
Thank you siliconman01. I have downloaded 4.6build930 and updated ruleset. I opened notepad and the same worm was discovered. It was cleaned. Closed and open notepad. Same worm again.  
"Terminated trojan process 988 (C:\WINNT\system32\notepad.exe)
 
Quarantined file C:\WINNT\system32\notepad.exe
Trojan cleaning finished."
Closed and opened again. This time seems ok. Do you think it is permantly removed?
John  
IP Logged
zitnok
Newbie
*





   


Posts: 37
Re: notepad infected with trojan?
« Reply #4 on: Oct 28th, 2006, 6:43pm »		 Quote Quote  Modify Modify
Then I rebooted. And opened notepad again. Its back. With the same report as last time. what should I do now?
Thanks,
John
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5661
Re: notepad infected with trojan?
« Reply #5 on: Oct 28th, 2006, 11:14pm »		 Quote Quote  Modify Modify
Please run LiveUpdate to pick up the latest rulesets.  Gavin fixed it; it was a false positive.  Please report back as to whether it is okay now on your system.
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
zitnok
Newbie
*





   


Posts: 37
Re: notepad infected with trojan?
« Reply #6 on: Oct 29th, 2006, 3:12am »		 Quote Quote  Modify Modify
I have updated rulesets and run notepad. It was clear. I rebooted and ran it again. Still clear. So OK.
Just before I discovered the trojan on this computer I had backed up the contents of the hard drive onto an external hard drive with true image. As it contains the corrupt notepad should I erase it all and back it up again?
Thanks  
John
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5661
Re: notepad infected with trojan?
« Reply #7 on: Oct 29th, 2006, 3:19am »		 Quote Quote  Modify Modify
Glad all is clean on your system.
 
Whereas this was a false positive detection because of an invalid TH rule, NotePad was never corrupt.  Your backup should be okay.  TH was invalidly detecting a good NotePad.  
 
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print

« Previous topic | Next topic »
Search
Members
Login
Register