Trojan won't go away! Please help!

redmandarin

Today AVG anti virus ran a test and found a Trojan!
It said it had healed it. I checked the virus vault, and it said two back up file copies were infected with:
SHeur.BTKZ
I deleted the entries from virus vault, ran CCleaner, then AVG anti-virus and nothing showed up.

A few minutes ago (two hours later) it detected the same trojan again.
AVG said it had healed it. But when I checked the virus vault, it said
Healable: No
I deleted the file from the vault, but I expect its still on my pc.
What is it doing to my pc and how can I get it off?

Please can you help? I'm panicking!
Thanks a lot.

Reggie_Rebel

Do you use Online Armour?

If so and your AVG is not the latest version then an update should fix it.

You might want to stinger the PC as well

http://vil.nai.com/VIL/stinger/

redmandarin

Thanks for your reply rr.

Sorry, I've no idea what Online Armour or Stinger is!

My AVG is version 7.5.54.

Is it dangerous for me to be connected to the internet at the moment? Its the only way I can access help.

Still panicking! Please can someone help?

SatanicHare

Try using tends online virus scannner, before you do i would turn off system restore and delete your cookies and temp folder. Not an expert by any means but it may be something innocent exhibiting virus like behaviour, i say this because heur may be short for heuristic. You'll find the online service here
http://housecall.trendmicro.com/uk/

Reluctant_spender

Don't turn off your system restore - until you are clean. It is better to roll back to something than nothing.

the SHEUR aspect of the trojan suggests Heuristic detection. This means it thinks the file has properties similar to a virus/trojan.

I would run an online scan at nod32 -

Please go to Eset Onlinescan (NOD32)
(You need to use InternetExplorer or enable IEView in Firefox)

• You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
• Now click Start
• Should you face a Security Warning that asks if you want to install and run a file called "OnlineScanner.cab", click Yes
• Click Start (the Onlinescanner will now prepare itself for running on your pc)
• To do a full-scan, tick: "Remove found threats" and "Scan potentially unwanted applications"
• Press Scan
  The Onlinescan will now start and scan your pc (please let it run to completion)
• When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window
• Click Start >> Run... >> type: C:\Program Files\EsetOnlineScanner\log.txt
  The Scan results will now open in Notepad
• Click into the text area, right-click and chose "select all"
• Right-click again and chose "copy"
• Close Notepad

Note for Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

redmandarin

Thanks guys!

Will delete cookies and temp folder, then run Eset Onlinescan (NOD 32).

I'll let you know how I get on.

redmandarin

No Threats found! Fantastic! :beer:
Does that mean my pc is ok, then?

Will AVG continue to keep highlighting "SHeur.BTKZ" thinking it's a trojan and finding it on future scans?

Thanks!

Reluctant_spender

It is possible - you may fnd in over the next day or two further defnitions are released which will be able to kill or cure.

It could also be so new that no anti viral software can ID it yet.

Try this programme - it's free and very good,

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

• Make sure you are connected to the Internet.
• Double-click on Download_mbam-setup.exe to install the application.
• When the installation begins, follow the prompts and do not make any changes to default settings.
• When installation has finished, make sure you leave both of these checked:
  • Update Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware
• Then click Finish.
• MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
• If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
• On the Scanner tab:
  • Make sure the "Perform Quick Acan" option is selected.
  • Then click on the Scan button.
• The next screen will ask you to select the drives to scan. Leave all the drives selected and click on the Start Scan button.
• The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
• When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
• Click OK to close the message box and continue with the removal process.
• Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
• Make sure that everything is checked, and click Remove Selected.
• When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
• The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

redmandarin

Hi rs, thanks for your reply.

When you said "the SHEUR aspect of the trojan suggests Heuristic detection. This means it thinks the file has properties similar to a virus/trojan",
I felt relieved, because I thought that this meant it might not be a real trojan, which is why I was pleased that the Eset Onlinescan (NOD 32) had reported no virus. Now I'm worried again!

This is really frustrating, as I wanted to book a holiday online and pay by card, but now I can't risk it, as I don't know if it would be safe!

Thanks (once again) for your step by step help with Malwarebytes Anti Malware - it is much appreciated. I'll use it in the morning and let you know how I get on.

redmandarin

I've just completed the scan with Malwarebytes Anti-Malware - nothing found! I don't know what to do next!

Any ideas please?

ZINXYX

Hi,
I understand your situation,you could probably download superantispyware from the link below and perform full pc scan.
Its free by the way.
http://www.superantispyware.com/superantispywarefreevspro.html
Hopes it helps.
Cheers