Weird Trojan!
- Thread starter pcmac
- Start date
- Reaction score
- 84
- Location
- East Coast, NC (USA)
it sounds like your flash player update IS the trojan and you keep running it?
there is nothing weird about a trojan pretending to be a flash update (this is actually quite common) in addition to restricting browser functionality...
there is nothing weird about a trojan pretending to be a flash update (this is actually quite common) in addition to restricting browser functionality...
more details
a more detailed explanation:
this trojan warning( trojan horse crupt.tbj and trojan horse Pakes_c.BVTU
), from AVG ,occurs when try to update flash player,
the AVG antivirus deletes.
Problem started when client cannot access IE, Firefox, or chrome....get same error.....”flash player out of date”,
then opens download,
but then when try to download,AVG blocks it
Not only on clients Desktop,but also on my iPad, off the same network router.
how can I download the fix,update, if all 3 browsers are restricting access ?
PS: this is a fresh install from recovery disc,ran AVG scan, comes out clean
a more detailed explanation:
this trojan warning( trojan horse crupt.tbj and trojan horse Pakes_c.BVTU
), from AVG ,occurs when try to update flash player,
the AVG antivirus deletes.
Problem started when client cannot access IE, Firefox, or chrome....get same error.....”flash player out of date”,
then opens download,
but then when try to download,AVG blocks it
Not only on clients Desktop,but also on my iPad, off the same network router.
how can I download the fix,update, if all 3 browsers are restricting access ?
PS: this is a fresh install from recovery disc,ran AVG scan, comes out clean
AlexanderCS
Active Member
- Reaction score
- 181
- Location
- Ontario, Canada
Running just a scan of your AV to try to get rid of things isn't enough.
I suggest you get a USB stick and, if you don't already have them on there, snag some proper tools from another computer to run on this infected one. Some I like, in the order that I run them are...
RKill
TDSSKiller
Malwarebytes Antimalware
MWB Antirootkit
AdwCleaner
I might then also give it a run of ComboFix. At this point, check the behaviour of the machine. If it still seems infected, might be time to do something manually.
Good luck!
Edit: You say that your iPad is having... what, the same issue downloading Flash? Because AVG blocks it? iPad doesn't support Flash and how does AVG block you from a different device? I'm a little confused here now.
I suggest you get a USB stick and, if you don't already have them on there, snag some proper tools from another computer to run on this infected one. Some I like, in the order that I run them are...
RKill
TDSSKiller
Malwarebytes Antimalware
MWB Antirootkit
AdwCleaner
I might then also give it a run of ComboFix. At this point, check the behaviour of the machine. If it still seems infected, might be time to do something manually.
Good luck!
Edit: You say that your iPad is having... what, the same issue downloading Flash? Because AVG blocks it? iPad doesn't support Flash and how does AVG block you from a different device? I'm a little confused here now.
Last edited:
AlexanderCS
Active Member
- Reaction score
- 181
- Location
- Ontario, Canada
Sounds good--if nothing else, those are some good tools to have for other jobs.
Let us know the results!
Let us know the results!
As FoolishTech said, this sounds like the flash update that's trying to run is the trojan. Chrome has Flash built in, and doesn't use the Adobe installer to update.
Go with the list that AlexanderCS suggests, and also note that there is an option to scan for rootkits from within Malwarebytes 2.0, but you need to enable it under the Detection section in the settings.
Some folks also like JRT (Junkware Removal Tool).
Go with the list that AlexanderCS suggests, and also note that there is an option to scan for rootkits from within Malwarebytes 2.0, but you need to enable it under the Detection section in the settings.
Some folks also like JRT (Junkware Removal Tool).
mrapoc
Well-Known Member
- Reaction score
- 105
- Location
- Shropshire
Hitman pro is also an awesome shout. Found some that others missed
altrenda
Well-Known Member
- Reaction score
- 740
- Location
- So California
the fake flash player download page does not say adobe or flash any where on it - like this, and is definitely malware.
Last edited:
I've come across this before.
Customer's router was compromised (a TP-Link, if I recall).
I was able to bypass/diagnose the issue by using manually configured DNS settings on the computers. Then I reset the router, updated the firmware and set a strong admin password.
Customer's router was compromised (a TP-Link, if I recall).
I was able to bypass/diagnose the issue by using manually configured DNS settings on the computers. Then I reset the router, updated the firmware and set a strong admin password.
ohio_grad_06
Well-Known Member
- Reaction score
- 581
Saw this happen on an att 2 wire router a business client was using, bad setup they had, att 2 wire router plugged into their lone server. Workstations av kept saying they were getting redirected to sites that weren't safe. Finally discovered I could put dns in each machine to work around. When we suggested we needed to get them a better router etc, yeah no call back until 2 years out when their server would not boot, not sure they had a backup either. We didn't end up working on it anyway.
zaoka
Member
- Reaction score
- 2
hi
Get OTL from Old Timer http://www.bleepingcomputer.com/download/otl/ run it and select QuickScan, post results.
Get OTL from Old Timer http://www.bleepingcomputer.com/download/otl/ run it and select QuickScan, post results.
- Reaction score
- 84
- Location
- East Coast, NC (USA)
the fake flash player download page does not say adobe or flash any where on it - like this, and is definitely malware.
that one doesn't. I've seen plenty that do, and even have a forged digital signature that says adobe on it.
Similar threads
