1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

Trojan Virus

Discussion in 'General Malware And Security' started by Donna123, Apr 2, 2021.

  1. Donna123

    Donna123 Registered Members

    Joined:
    Oct 4, 2020
    Messages:
    10
    Operating System:
    Windows 10
    hello, so i clicked on a link on youtube, it redirected me to a dropbox page, i scanned the url with virustotal and it says that was phishing, so I didn’t downloaded the dropbox file, i’m scanning my computer with my antivirus, i’m not sure if it’s going to find it, either way trojans have a way of replicating, anyway i was thinking maybe formatting my computer or maybe to try this out:
    What do you think? If not,
    Will the formatting actually get rid of the trojan virus?
     
  2. Tony D

    Tony D Administrator Administrator

    Joined:
    Sep 25, 2009
    Messages:
    4,075
    Location:
    SE Pennsylvania, USA
    Operating System:
    Windows XP Professional
    You didn't download anything so you're probably OK.

    If you want a second opinion from another virus checker, run an on-line scan from ESET https://www.eset.com/us/home/online-scanner/

    Formatting will get get rid of any malware on your machine, but it's a drastic step because it removes everything you've installed on the computer. You'll have to reinstall Windows, your programs, and your files. You'll lose your settings.
     
    IJAC, Seth Anthony and starbuck like this.
  3. starbuck

    starbuck Administrator - Malware Removal Specialist Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,650
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    As Tony stated, you didn't download anything, because you recieved the warning.
    Fully agree that a reformat is a drastic step ( like taking a sledge hammer to crack a nut )
    What makes you think that you have a Trojan Virus anyway?
    Warning said it was a phishing link .... if you didn't hand over any personal info, you don't have a lot to worry about.
    What security do you run on the system?
    A simple virus scan should be able to detect most types of malware ..... even if it can't remove it.
    So if the scan is completely clean there isn't much to worry about.
     
    Tony D likes this.
  4. Donna123

    Donna123 Registered Members

    Joined:
    Oct 4, 2020
    Messages:
    10
    Operating System:
    Windows 10
    Well the thing is that after that i i stalled malwarebytes, and when i while i was browsing the web, i enter a web page and a malwarebytes Blocked two trojans but it said it was an outbound and the location was mi C: drive
    C:.....msedge.exe, does it mean is on my computer?
     
  5. Tony D

    Tony D Administrator Administrator

    Joined:
    Sep 25, 2009
    Messages:
    4,075
    Location:
    SE Pennsylvania, USA
    Operating System:
    Windows XP Professional
    Curious, what protection were you using before you installed Malwarebytes Antimalware?
    Why did you install MBAM? Did you think there was something wrong with your computer?
    What version of Windows are you using? Windows 10?

    Can you post the MBAM report?

    msedge is Microsoft’s Edge browser. You may have a malicious program masquerading as an Edge executable.
     
    IJAC likes this.
  6. starbuck

    starbuck Administrator - Malware Removal Specialist Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,650
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Sorry but this doesn't help at all.
    MB would have given the full location path for MsEdge .... this is what we would need to determin if MsEdge.exe is legit or not.
    MB would also have told you what trojans were blocked.
    If you require help, we need more accurate information.
     
    allheart55 (Cindy E), Tony D and IJAC like this.
  7. Donna123

    Donna123 Registered Members

    Joined:
    Oct 4, 2020
    Messages:
    10
    Operating System:
    Windows 10
    Ok so i have windows 10,the results in malwarebytes say that i have a
    PUM.Optional.DIsableMRT,
    Two of these, already quarantined

    Now my computer is running slower
     
  8. starbuck

    starbuck Administrator - Malware Removal Specialist Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,650
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    You said earlier that MB had blocked 2 trojans ........ do you know what Trojans are?
    Because those entries are not Trojans.... they are PUM's (potentially unwanted modification).
    These are alterations made to a computer's registry (or other settings), which are not the default settings.
    They may have been changed by a software program or by the user himself.... MB has no way of telling which.
    By disabling those PUM's, MB has reset the settings back to the default.
    The entries relate to the monthly Malware Removal Tool run by MS during the monthly updates.
    Quarantining those entries will not slow the system in any way.

    But even these PUM details are not the full details that MB would have given in the report.
    Tony D, did ask you to post the MB report so that we could see the whole results.
    If you require help then you have to be more co-operative in your replies.
     
    IJAC, Tony D and allheart55 (Cindy E) like this.
  9. Donna123

    Donna123 Registered Members

    Joined:
    Oct 4, 2020
    Messages:
    10
    Operating System:
    Windows 10
    Ok here it is:



    Protection Event Time: 22:26

    Log File: 9ddfcb8e-936b-11eb-b9b3-0045e2311c8c.json



    -Software Information-

    Version: 4.3.0.98

    Components Version: 1.0.1236

    Update Package Version: 1.0.38998

    License: Trial



    -System Information-

    OS: Windows 10 (Build 18363.1440)

    CPU: x64

    File System: NTFS

    User: System



    -Blocked Website Details-

    Malicious Website: 1

    , C:\Program Files (x86)\Microsoft \Edge\Application\msedge.exe, Blocked, -1, -1, 0.0.0, ,



    -Website Data-

    Category: Trojan

    Domain: www.ahmedhub.us

    IP Address: 104.21.61.135

    Port: 443

    Type: Outbound

    File: C:\Program Files (x86)\Microsoft \Edge\Application\msedge.exe
     
  10. starbuck

    starbuck Administrator - Malware Removal Specialist Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,650
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Ok, I'll break this down for you.....

    -Website Data-

    Category: Trojan
    Trojan is a malware that uses simple social engineering tricks in order to tempt users into running it.
    This is what MB saw from the web address

    Domain: www.ahmedhub.us
    This shows the domain that was requested.

    IP Address: 104.21.61.135
    This is the IP address that the domain resolved to, and that is being blocked.

    Port: 443
    This is the port on the system that was used for the contact.

    Type: Outbound
    This shows the direction of the traffic.

    File: C:\Program Files (x86)\Microsoft \Edge\Application\msedge.exe
    This is the executable (program) that tried to make the contact.
    If this is not a browser, this is potentially worrying.

    As it is a browser, then everything is normal.

    Although MB flagged this site, it has been known to throw up false positives and be a little over the top with it's protection.
    If you know for sure that the web site is legit, then you can add an exclusion to the program.
    There does seem to be mixed feelings about this site and some countries do ban it.
    Maybe that's why it was flagged.

    This does not mean that you have a Trojan on your system.
    If you did have, MB would throw this up when a scan was run.
     
    Last edited: Apr 4, 2021
    allheart55 (Cindy E), IJAC and Tony D like this.
  11. plodr

    plodr CHF Advisor CHF Advisers

    Joined:
    May 31, 2017
    Messages:
    677
    Operating System:
    Windows 7
    Malwarebytes is protecting you. When I go searching and click on possible help sites, I'm blocked from going to any site that might serve malware.
    Here's what was blocked in just the last 30 days on my desktop computer.
    sites_blocked.jpg
    Notice outbound and ports 80 and 443, like yours.

    I rarely decide to override MBAM's blocks. Chances are I'll get the same info at another site that is safer.

    As long as you have the 14 day trial, MBAM will continue to block sites that are deemed unsafe. Once the trial ends, that protection stops.
     
    Donna123 likes this.

Share This Page