Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    NSA shares zero-trust guidance to limit adversaries on the network

Featured Deal: Enjoy quick, compatible data transfers with this $59.99 portable SSD

Latest Buyer's Guide:    Hotspot Shield VPN review

Generic User Avatar

McAfee identified Trojan:PDF/Dropper.YA in PDF file saved on my computer

Started by SMS18 , Feb 27 2024 03:21 PM

  • Please log in to reply
21 replies to this topic

#16 dennis_l

dennis_l

  • Avatar image
  • Malware Response Team
  • 3,141 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:UK
  • Local time:03:58 AM

Posted Yesterday, 02:23 PM

I'm not sure about the McAfee behaviour, but hopefully it was just a glitch of some kind?
I've given some more thought to Adobe Acrobat and suggest that you uninstall or update asap.
Before you do that, please run the SecurityCheck tool, so we can see what other programs need updating/removing. 

  •     Download SecurityCheck by glax24:
  •     If SmartScreen blocks the file click on More info and then Run anyway.
  •     Right-click  with your mouse on the Securitycheck.exe  and choose Run as administrator and allow it to proceed.
  •     When the scan has finished, it will open a text file named SecurityCheck.txt.
  •     Close the file and Copy and paste the contents in your next reply.
  •    The file can be found in a folder located at C:\SecurityCheck

The FRST logs look clean, but would you please run another full ESET scan on all the drives, using the instructions I posted earlier.
Please report back on the results.

 


BC AdBot (Login to Remove)

 

#17 SMS18

SMS18
  • Topic Starter

  • Avatar image
  • Members
  • 61 posts
  • ONLINE
    •  
  • Gender:Female
  • Local time:09:58 PM

Posted Yesterday, 03:15 PM

Hi Dennis,

 

Following is the log from SecurityCheck:

 

SecurityCheck by glax24 & Severnyj v.1.4.0.57 [24.01.24]
WebSite: www.safezone.cc
DateLog: 04.03.2024 14:08:26
Path starting: C:\Users\sms\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: sms
VersionXML: 10.98is-02.03.2024
___________________________________________________________________________
 
Windows 10(6.3.19045) (x64) Core Release: 2009 Lang: English(0409)
Installation date OS: 17.06.2020 00:41:44
LicenseStatus: Windows®, Core edition The machine is permanently activated.
LicenseStatus: Office 16, Office16HomeStudentR_Grace edition Windows is in Notification mode
LicenseStatus: Office 16, Office16O365HomePremR_Subscription4 edition Windows is in Notification mode
Boot Mode: Normal
Default Browser: C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\dreamweaver.exe
SystemDrive: C: FS: [NTFS] Capacity: [918.9 Gb] Used: [771.6 Gb] Free: [147.3 Gb]
------------------------------- [ Windows ] -------------------------------
User Account Control enabled (Level 3)
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service is running
Remote Desktop Services (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
---------------------------- [ Antivirus_WMI ] ----------------------------
McAfee (enabled and up to date)
Windows Defender (disabled and up to date)
---------------------------- [ Firewall_WMI ] -----------------------------
McAfee (enabled)
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Windows Defender (disabled and up to date)
McAfee VirusScan (enabled)
---------------------- [ AntiVirusFirewallInstall ] -----------------------
McAfee v.1.14.212.1
Malwarebytes version 4.6.9.314 v.4.6.9.314 Warning! Download Update
Sophos Virus Removal Tool v.2.8.0
-------------------------- [ SecurityUtilities ] --------------------------
WebAdvisor by McAfee v.4.1.1.866
--------------------------- [ OtherUtilities ] ----------------------------
Microsoft 365 - en-us v.16.0.17231.20236
calibre 64bit v.6.3.0 Warning! Download Update
------------------------------- [ Backup ] --------------------------------
Microsoft OneDrive v.24.020.0128.0003
Cobian Backup 11 Gravity
Dropbox v.193.4.5594
-------------------------- [ IMAndCollaborate ] ---------------------------
Zoom v.5.16.10 (26186) Warning! Download Update
---------------------------- [ ProxyAndVPNs ] -----------------------------
McAfee Safe Connect v.2.16
-------------------------------- [ Media ] --------------------------------
iTunes v.12.13.1.3
Audacity 2.4.2 v.2.4.2 Warning! Download Update
--------------------------- [ AdobeProduction ] ---------------------------
Adobe Creative Cloud v.4.9.0.504 Warning! Download Update
Adobe Acrobat 9.5.5 - CPSID_83708
------------------------------- [ Browser ] -------------------------------
Mozilla Firefox (x64 en-US) v.123.0
Mozilla Firefox 85.0 (x64 en-US) v.85.0 Warning! Download Update
Google Chrome v.122.0.6261.71 Warning! Download Update
Microsoft Edge v.122.0.2365.66
------------------ [ AntivirusFirewallProcessServices ] -------------------
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe v.4.0.0.1747
Malwarebytes Service (MBAMService) - The service is running
C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe v.3.2.0.1269
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.12-0\MsMpEng.exe v.4.18.24010.12
Microsoft Defender Antivirus Service (WinDefend) - The service is running
Microsoft Defender Antivirus Network Inspection Service (WdNisSvc) - The service has stopped
---------------------------- [ UnwantedApps ] -----------------------------
Bonjour v.3.1.0.1 Warning! Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Possible you became a victim of fraud or social engineering.
----------------------------- [ End of Log ] ------------------------------

#18 dennis_l

dennis_l

  • Avatar image
  • Malware Response Team
  • 3,141 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:UK
  • Local time:03:58 AM

Posted Today, 05:01 AM

Please work through the SecurityCheck recommendations, which will make things more secure.
Also here is some information on your version of Acrobat.
Phishing-trojans are often document files that look legitimate, but can deliver harmful content.
Maybe the detections on the drives were files that have been present for a while now, rather than anything new?
In the log they show as F:\ drive.
-----------------------------------------------------------------------------
Please post the ESET results, when they are available.
Let's also run a scan with AdwCleaner.
Please download AdwCleaner.

  • Close all open programs and browsers
  • Right click on the icon and select Run as administrator
  • Click Scan Now
  • When the scan has finished AdwCleaner shows you all detected PUPs and adware.
  • If any are found, select them and click Quarantine. (I would suggest that you do not select Pre-installed applications for now, or any other items you wish to keep.)
  • AdwCleaner prompts you to save and close your work before continuing. Click Continue.
  • After cleaning, you are prompted to restart your device. Click Restart now to complete the cleanup process.

Once your computer has restarted ...

  •     If it doesn't open automatically, please start AdwCleaner.
  •     Click on View Log File button (This log can also be found in the Log Files tab).
  •     A Notepad file will open containing the results.
  •     Click Skip Basic Repair (if the option appears)
  •     Please post the contents of the file in your next reply.

#19 SMS18

SMS18
  • Topic Starter

  • Avatar image
  • Members
  • 61 posts
  • ONLINE
    •  
  • Gender:Female
  • Local time:09:58 PM

Posted Today, 10:34 AM

Thank you, Dennis. I will follow your instructions and report back asap. The F drives are portable and usually not plugged into my computer. I will scan them and report the results after updating my software. I will also proved AdwCleaner log when I've completed the steps.


#20 SMS18

SMS18
  • Topic Starter

  • Avatar image
  • Members
  • 61 posts
  • ONLINE
    •  
  • Gender:Female
  • Local time:09:58 PM

Posted Today, 01:01 PM

Hi Dennis,

 

I've attempted to update the software flagged by SecurityCheck; however, in running SecurityCheck to see if the updates are recognized, the software is still flagging them for update. Is this typical?


#21 dennis_l

dennis_l

  • Avatar image
  • Malware Response Team
  • 3,141 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:UK
  • Local time:03:58 AM

Posted Today, 01:55 PM

I've not heard about this, but will run some tests on the tool, when I have a moment.
The previous results aren't being cleared for some reason, by the sound of it.
However all should be well if you have applied the updates and you could always double check the program versions to be sure.
For example in Firefox you click on Help and then About Firefox. The latest version is 123.0.1.

I see that to have 2 versions of Firefox installed, so suggest that you remove this one.

Mozilla Firefox 85.0 (x64 en-US) (HKU\S-1-5-21-309238639-2357849422-1781197669-1001\...\Mozilla Firefox 85.0 (x64 en-US)) (Version: 85.0 - Mozilla)

 


#22 SMS18

SMS18
  • Topic Starter

  • Avatar image
  • Members
  • 61 posts
  • ONLINE
    •  
  • Gender:Female
  • Local time:09:58 PM

Posted Today, 02:22 PM

Thanks, Dennis. I have proceeded to uninstall all of the programs that needed updating and I'm reinstalling them. I have to find a replacement for Creative Suite since the version I have was purchased as a full installation and now the applications I use are subscription and very costly.

 

I will be proceeding with the scans on the F drives and submit the results when I have them available.


Back to Virus, Trojan, Spyware, and Malware Removal Help


2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Help
  4. Privacy Policy
  5. Rules ·