trojan horse

Scholar

trojan horse

Have a trojan horse slipped through the security. Have done a deep scan. The security found the harmful file but could not get rid of it. Not much of a security system then. Anybody any ideas as no one at talktalk can help me. It's a batch file, dc62.bat location; C:\Users\Ace\AppData\Local\33d0\dc62.bat. Can't delete file or folder as it rolls on.  It seemed to come down automatically as an Adobe update. Cheers,Wayne

2 REPLIES 2
Superuser

Re: trojan horse

Hello,

 

Sorry for my reply.

 

Maybe there anyway more useful to get direct help from TalkTalk/F-Secure Support Channels - since they able to provide technical and proper investigation.

 

But some of my suggestions (I'm also only user of F-Secure solutions):

 

--- what detection name for .bat-file (it possible to see under "Recent Events/List of notifications" from rightclick tray-menu or UI; or maybe under quarantine);

Maybe there is false-positive detection (not likely maybe);

 

--- did you run "Full scan" (with checked all potential 'improve'-options under settings)?

 

--- also possible to remove folder under Safe Mode of system (or by using so called "LiveCD");

 

--- if file is re-created - does it happened when you use browser? Does there any addons/extension - which looks suspicious?

Also you noted about "Adobe update" - but does it possible that there is just exploiting known vulnerability under Adobe (which not updated under system)?

 

--- there also possible to use some third-party scanners/tools as AdwCleaner by Malwarebytes (or another ones) as double-check about potential threats - which can be a potential reason for this strange meanings;

 

There can be many other suggestions - but maybe you able to re-check this ones at first.

Since it can be partly useful to know "detection-name" and that there already was "Full scan"-try and certain background for "creating" this .bat-file/files;

 

Also maybe there will be more nice advices from experienced users or F-Secure staff;

Good if you back with reply.

 

Thanks!

Highlighted
Scholar

Re: trojan horse

Hi, thanks for that although I have tried most of your suggestions. Have spoken to TalkTalk technical but they haven't the capability. Found the source of the file  and folder but it won't delete. Difficulty writing this post. Will check your suggestions.