VIRUSES - 2 Trojans show up on Flash drive 1 removed w/ AVG, SHeur3.wvd was NOT

Back to Giveaway of the Day

Giveaway of the Day Forums » Software Talks

VIRUSES - 2 Trojans show up on Flash drive 1 removed w/ AVG, SHeur3.wvd was NOT

(5 posts) (3 voices)

Started 14 years ago by HammertimeAZ
Latest reply from Quantum Dragon

HammertimeAZ
Member

Im not sure if this is the right place to post this but one of my employees plugged her flash drive into a machine here today and we got AVG to recognize 2 programs f:\12gn6id2.exe and f:\9rs.exe. AVG pointed to Crypt.xdz which was associated with the first file and SHeur3.wvd which was associated with the 2nd. AVG seemed to remove crypt but not sheur and I cannot seem to find out how to remove it, can anyone point me to some software or a good "how-to" remove this beast? Also, since it is on the flash drive, does that mean it is on the PC now? What about leaving the PC and going to the network? Thanks in advance! Hammertime

Posted 14 years ago #
Quantum Dragon
Member

According to the searches I made regarding this trojan, I found that SHeur3 (the three letter extension is known to change according to the particular root version used in the intrusion) is considered a serious threat.

SHeur3.WOA (aka SHeur3.WRQ, SHeur3.wvd, ETC...) is said to be a harmful Trojan that performs a number of malicious functions on a compromised computer.

SHeur3 opens a backdoor for other malware to enter the targeted computer and since it poses a severe risk to system security, it should be removed immediately using a reliable antispyware program and said program should be used on ALL computers that have been in contact with the culprit AKA the flash drive.

A good one that I have used for friends overwhelmed with malware in the past (I did not battle this malware but similar ones) is Malwarebytes’ Anti-Malware available here:

http://www.malwarebytes.org/mbam-download.php

(Two versions are available, freeware and paid - In this case, the freeware version is good enough)

This is an anti-malware application that can thoroughly remove even the most advanced malware.

It includes a number of features, the paid version includes all the free version features plus it offers a built in protection monitor that blocks malicious processes before they even start.

Author: Malwarebytes(DOT)org <--------- Click here for more information

License Version: 1.46 from April 29th, 2010

Operating System: Windows 2000/XP/Vista/Windows 7

Here is the Threat Removal Procedure:

1. Download Malwarebytes’ Anti-Malware (mbam-setup.exe) and save it on your Desktop.

2. After downloading, double-click on mbam-setup.exe to install the application.

3. Follow the prompts and install as “default” only

4. Before the installation completes, put check marks on the following prompts (boxes):

Update Malwarebytes’ Anti-Malware

Launch Malwarebytes’ Anti-Malware

5. Click “Finish.” Program will run automatically and you will be prompted to update the program before doing a scan. Please update.

6. Scan your computer thoroughly.

7. When scanning is finished click on the “Show Results”

8. Make sure that all detected threats are marked, click on Remove Selected.

9. Restart your computer.

N.B.: Some malware can prevent you from installing the program as originally named (mbam-setup.exe) and sometimes even stop you from downloading it all together!

If this is the case, you have two solutions:

If you are able to download but not start/use the setup, rename the file (replace mbam-setup with thisisnot-mbam) leaving the extension as is. ;)

If you are not even able to download the file, get it from another (CLEAN) computer, rename it as above and put it on a (CLEAN) flash drive then start it from this flash drive on the infected machines.

In the end, if all this fails, you will need a expert virus technician!

Hope this helps

Regards

The Dragon (Paul)

P.S.: Be aware that this is a strong program and with all strong programs of this kind, battling malware can be hazardous for your computer if you don't know what you are doing or if you don't follow instructions precisely.

Remember that proper preparation is half of the success of any endeavour and that rushing into things is really not called for here.

Because this program has helped me in the past, I give this advice to help you out but if things turn out differently in your case, I won't be held responsible for you nuking your system.

If in doubt, consult a Professional that can be physically on hand to help out!

Posted 14 years ago #
HammertimeAZ
Member

Dragon---

YOU ROCK! Thanks man!

Posted 14 years ago #
Robert
StrayCat

Some neat tutorial,Dragon.

Posted 14 years ago #
Quantum Dragon
Member

@HammertimeAZ: De Nada! Glad to have helped guide you on the way to recovery.

@Robert: Thanks for the praise!

The Dragon (Paul)

Posted 14 years ago #

RSS feed for this topic

Reply

You must log in to post.