Advice Needed for Trojan Removal [SOLVED by db:1408]

[tony64]

I ran a free scan using IObit Security 360. Two threats were discovered "Trojan.BuzusAovd". I proceeded to attempt to remove which I thought was successful but when I ran another scan the program stated the Trojans were still present on my computer. I then upgraded to the Pro version for $19.99 and rescanned with the same result. I ran other scans from six different companies and all came up clean. I would like to know how to remove these Trojans if they really exist. I'm a novice at this type of problem. I'm copying the log below. Thanks in advance for any suggestions/advice.

 

IObit Security 360

 

OS:Windows 7

Version:1.4.1.11

Define Version:1406

Time Elapsed:00:05:46

Objects Scanned:64786

Threats Found:2

 

 

Trojan.BuzusAovd - Quarantined, File, C:\Windows\winsxs\amd64_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.1.7600.16385_none_5e6da7259d4ac682\icfupgd.dll, 12-178

 

Trojan.BuzusAovd - Quarantined, File, C:\Windows\winsxs\amd64_networking-mpssvc-svc_31bf3856ad364e35_6.1.7600.16385_none_f6092d1fe18dc440\icfupgd.dll, 12-178

[evilfantasy]

Welcome to the IObit forums.

 

Trojan.BuzusAovd - :arrow: Quarantined, File, C:\Windows\winsxs\amd64_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.1.7600.16385_none_5e6da7259d4ac682\icfupgd.dll, 12-178

 

Trojan.BuzusAovd - :arrow: Quarantined, File, C:\Windows\winsxs\amd64_networking-mpssvc-svc_31bf3856ad364e35_6.1.7600.16385_none_f6092d1fe18dc440\icfupgd.dll, 12-178

 

These files (icfupgd.dll) are already in a quarantine folder. Most likely in your antivirus quarantine or another scanners quarantine.

 

Also the icfupgd.dll is a legitimate file from Microsoft and 'was' a known vulnerability in the Windows Vista firewall and addressed by a Windows Update in 2007. See Here. Although it might be a different rouge file with the same name.

 

Two questions.

How long has it been since you updated Windows?

What antivirus do you use?

[tony64]

Welcome to the IObit forums.

 

 

 

These files (icfupgd.dll) are already in a quarantine folder. Most likely in your antivirus quarantine or another scanners quarantine.

 

Also the icfupgd.dll is a legitimate file from Microsoft and 'was' a known vulnerability in the Windows Vista firewall and addressed by a Windows Update in 2007. See Here. Although it might be a different rouge file with the same name.

 

Two questions.

How long has it been since you updated Windows?

What antivirus do you use?

 

I only bought this computer a few weeks ago so I'm using Windows 7. I've been using the free version of Avast.

 

The problem is when I rescan my computer with IObit its telling me the Trojans are still present. IObit appears to be identifying the problems but not removing them or quarantining them. Same result with the Pro version which I paid for. I also find it odd that no other program has discovered these problems, only IObit.

 

If I run a full scan on IObit right now the same Trojans will appear as infecting my computer. I've been removing them over and again. Something isn't right.

[tony64]

Just ran another scan and here are the results:

 

IObit Security 360

 

OS:Windows 7

Version:1.4.1.11

Define Version:1406

Time Elapsed:00:04:14

Objects Scanned:65355

Threats Found:2

 

|Name|Type|Description|ID|

Trojan.BuzusAovd, File, C:\Windows\winsxs\amd64_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.1.7600.16385_none_5e6da7259d4ac682\icfupgd.dll, 12-178

Trojan.BuzusAovd, File, C:\Windows\winsxs\amd64_networking-mpssvc-svc_31bf3856ad364e35_6.1.7600.16385_none_f6092d1fe18dc440\icfupgd.dll, 12-178

[tony64]

Since this thread was moved can I assume what I'm experiencing is a "false positive result"? Hopefully.

[aapilot]

RE:Advice need for Trojan Removal

 

guys i got the same thing!!!!i got this computer since december 28th 2009 and i got windows 7 and i got the same trojans and i keep rescanning with IOBit and it keeps appearing please help!

[evilfantasy]

Since this thread was moved can I assume what I'm experiencing is a "false positive result"? Hopefully.

 

I believe so but we can do some double checking.

 

Please scan the files and post the link to the results.

 

Please go to Jotti's malware scan

(If more than one file needs scanned they must be done separately and logs posted for each one)

 

* Copy the file path in the below Code box:

C:\Windows\winsxs\amd64_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.1.7600.16385   _none_5e6da7259d4ac682\icfupgd.dll

* At the upload site, click once inside the window next to Browse.

* Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.

* Next click Submit file

* Your file will possibly be entered into a queue which normally takes less than a minute to clear.

* This will perform a scan across multiple different virus scanning engines.

* Important: Wait for all of the scanning engines to complete.

* Once the scan is finished, Copy and then Paste the link in the address bar into your next reply.

 

Also scan this one.

 

C:\Windows\winsxs\amd64_networking-mpssvc-svc_31bf3856ad364e35_6.1.7600.16385_none_f6092d1fe   18dc440\icfupgd.dll

[kilroy2010]

I am also seeing this when I do a full system scan. I have rescanned with Zone Alarm Extreme Security AV, it found nothing. I am in the process of looking into other products to see what they come up with.

[hxin]

I ran a free scan using IObit Security 360. Two threats were discovered "Trojan.BuzusAovd". I proceeded to attempt to remove which I thought was successful but when I ran another scan the program stated the Trojans were still present on my computer. I then upgraded to the Pro version for $19.99 and rescanned with the same result. I ran other scans from six different companies and all came up clean. I would like to know how to remove these Trojans if they really exist. I'm a novice at this type of problem. I'm copying the log below. Thanks in advance for any suggestions/advice.

 

IObit Security 360

 

OS:Windows 7

Version:1.4.1.11

Define Version:1406

Time Elapsed:00:05:46

Objects Scanned:64786

Threats Found:2

 

 

Trojan.BuzusAovd - Quarantined, File, C:\Windows\winsxs\amd64_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.1.7600.16385_none_5e6da7259d4ac682\icfupgd.dll, 12-178

 

Trojan.BuzusAovd - Quarantined, File, C:\Windows\winsxs\amd64_networking-mpssvc-svc_31bf3856ad364e35_6.1.7600.16385_none_f6092d1fe18dc440\icfupgd.dll, 12-178

 

Hi tony64

Thanks for your feedback.

I still used win 7 but it's 32. can you send the file to us or upload to http://www.wikisend.com and give me the URL.

We are looking forward to your reply.

[tony64]

I am also seeing this when I do a full system scan. I have rescanned with Zone Alarm Extreme Security AV, it found nothing. I am in the process of looking into other products to see what they come up with.

 

I've scanned my computer with seven other programs and all came up clean. I'm thinking this was a false positive. I'm also going to request a refund of my $20.00 since I was tricked into upgrading to the Pro version of their program. Never mind the fact that the Pro version still didn't solve the mystery problem. The false positive is still showing up when I run the full scan.

[tony64]

Looks like this one was a false positve

 

http://virusscan.jotti.org/en/scanresult/6505ab3be6ffb8eadf23b4167cba4e7e7bf30aaa

[tony64]

And this one too...

 

http://virusscan.jotti.org/en/scanresult/2ef380effef4f00adde458e898e3fe6c796422c7

 

 

Same result for both files from Virustotal. Nothing found.

[tony64]

I think this is what you want

 

Hi tony64

Thanks for your feedback.

I still used win 7 but it's 32. can you send the file to us or upload to http://www.wikisend.com and give me the URL.

We are looking forward to your reply.

 

amd64_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.1.7600.16385_none_5e6da7259d4ac682.zip

 

amd64_networking-mpssvc-svc_31bf3856ad364e35_6.1.7600.16385_none_f6092d1fe18dc440.zip

[Cicely]

ID 12-178 is a false positive

 

Hi All,

 

After researching, this strings ID 12-178 is a false positive. We will remove this strings in our next definitions update, definitions version 1408.

 

At present, please ignore the scan result regarding ID 12-178.

 

Sorry for the inconvenience this has caused to all of you.

 

We will keep up improving our programs and we appreciate your support of IObit.

[tony64]

Hi All,

 

After researching, this strings ID 12-178 is a false positive. We will remove this strings in our next definitions update, definitions version 1408.

 

At present, please ignore the scan result regarding ID 12-178.

 

Sorry for the inconvenience this has caused to all of you.

 

We will keep up improving our programs and we appreciate your support of IObit.

 

What about doing the right thing and issuing me a refund of the $20.00 I paid to upgrade to your PRO version since I was mislead and scared into upgrading by an error in your program?

[enoskype]

tony64,

 

Refund issues are dealt directly with IObit, please contact IObit or the Seller directly, and do not use Forum for this purpose.

 

Thank you.

[Miss P.A.Ranoid]

Hi All,

 

After researching, this strings ID 12-178 is a false positive. We will remove this strings in our next definitions update, definitions version 1408.

 

At present, please ignore the scan result regarding ID 12-178.

 

Sorry for the inconvenience this has caused to all of you.

 

We will keep up improving our programs and we appreciate your support of IObit.

 

Thank you for clearing that up I just wish I had found this post sooner!

 

What about doing the right thing and issuing me a refund of the $20.00 I paid to upgrade to your PRO version since I was mislead and scared into upgrading by an error in your program?

 

Tony, I really hope you get your money back, it really isn't nice being SCARED into unecessary spending!! I have used and trusted AVG free version for all my internet surfing years, in that time I have never had a virus or any malware/spyware problems.

 

I recently changed ISP and the Virgin Engineer who installed my cable modem 'forgot to put my wireless router in his van' hmm whatever - Knowing this would mean I would be directly connected to the internet via ethernet cable/cable modem, with a static IP address rather than being securely hidden behind my router for a while - I figured i should probably step up my security a little, at least install some kind of decent firewall. Virgin were offering a full security suite for a monthly fee - so i signed up for that and downloaded the software. It never found any problems...

 

A collegue was ranting on about this 'great bit of software' he had found - Advanced Sytem Care - Knowing i'm a bit of a hardcore Gamer/Net user (geek ;-)) He insisted it check it out on my PC at work. Against my better judgement (in my experience things which claim to speed your system up, usually end up slowing it down) and after reading a whole bunch of reviews online, didn't see any reason why not I shouldn't at least try the thing. It found a bunch of cookies, and 4 back door trojans! Was stunned, I use my PC at work ONLY a remote desktop link to a terminal server Oh, and i always check the bbc weather report 1st thing in the morning - have never downloaded and installed anything (other than the Vista OS which I installed from CD, automatic updates and a printer driver - Auto found software) nevertheless I ran the fix. Following re-start, the same problems were still there (confirmed my suspicions it was a false positive) All it had removed was my printer driver :roll: nevermind.

 

Out of pure curiosity - i ran it on my laptop, which (poor thing) endures hours of net surfing & gaming I spent A LOT of money getting a decent laptop I knew it would be subjected to heavy use and wanted a high spec machine. ASC found cookies, no surprise there - it also found 4 trojans - so I ran a full (deep) scan with the Virgin kit - nothing! My webcam started acting up, saying it was in use with another application the whole time :shock: That, combined with a little suspect network activity and a general feeling i needed a spring clean anyway made me do a full format and re-install of Vista....

 

It found Trojans on my clean install - BOOORING!! - but the webcam problem was still there (yes i did all the obvious, updated drivers blah blah) then got paranoid that I actually had some trojan hacker which was starting my cam without my knowledge - felt like I had wasted quite enought hours of my life trying to fix trojans - so I placed a blob of blu-tac over my cam and dashed out to buy a new operating system!! I bought a full install version of Windows 7 Went home, deleted the entire partiton on my C drive - Formatted the drive and installed my shiney new Windows 7 OS :smile: Yey ...everything is right with the world!!

 

Again curiosity foolishly led me to run that stupid scan on my new OS - Guess what .... !?! I HAZ TROJANZZZZ - yeah the same ones you have *yawn*

 

Well I already spent £100 fixing these trojans, I do hope IO bits will forgive me for not wishing to pay £20 for their software to make them go away?

 

So Tony ... i hope you got that refund. Doubt I'll get my £100 back form anyone. Sorry for hi-jacking your thread to rant - this isn't usual behaviour for me, just been made a little mental by this.

 

Enoskype - you really think IObits or Microsoft will be giving me my money back? This is a discussion forum right?? My apologies if me sharing my experience here inconveniences anyone in anyway - more than Iobit have inconvenienced me!!!!