Jump to content

TrojanDownloader:Win32/Dofoil.O virus found, cleaned, deleted, still have issue's HELP

Guest seanmichael60

By Guest seanmichael60
in Techno Babble

 Share

Recommended Posts

Guest seanmichael60

Guest seanmichael60

Posted
Posted

Recently I was hit with 3 viruses. MSE caught them but one kept coming back. I let Microsoft support take over my computer and after they finished they assured me it was clean. I later found a file on my desktop and I didn't put it there. I deleted it, the short cut and the location it pointed to. I checked my event logs and founf the following entry;

 

Microsoft Antimalware has detected malware or other potentially unwanted software.

For more information please see the following:

http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Dofoil.O&threatid=2147653354

Name: TrojanDownloader:Win32/Dofoil.O

ID: 2147653354

Severity: Severe

Category: Trojan Downloader

Path: containerfile:_C:\Documents and Settings\Dell\Application Data\A6AF17.exe;file:_C:\Documents and Settings\Dell\Application Data\A6AF17.exe->(UPX);regkey:_HKCU@S-1-5-21-1390067357-1767777339-1801674531-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN\\Pure Networks;runkey:_HKCU@S-1-5-21-1390067357-1767777339-1801674531-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN\\Pure Networks

Detection Origin: Local machine

Detection Type: Concrete

Detection Source: System

User: NT AUTHORITY\NETWORK SERVICE

Process Name: Unknown

Signature Version: AV: 1.121.908.0, AS: 1.121.908.0, NIS: 0.0.0.0

Engine Version: AM: 1.1.8101.0, NIS: 0.0.0.0

 

After seeing this I went into the registry and did a search for S-1-5-21-1390067357-1767777339-1801674531-1003 which is part of the above path. There are many entries in the registry. I'm familiar with the registry and editing it. However, I do not make modifications to it unless I know for a fact what I'm doing. Do I need to remove these entries from the registry? In my research I also found in Local Security Settings > Local Policies > User Rights Assignments several entries of the same string under the Security Setting column. Do I need to do any thing with these entries?

 

Any help will be greatly appreciated.

 

Continue reading...

  • Replies 0
  • Created
  • Last Reply

Popular Days

Popular Days

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...