Page 1 of 2 12 LastLast
  1.    27 Nov 2015 #1
    Join Date : Mar 2015
    Posts : 616
    Windows 10

    Trojan Detected in OneDrive


    The odd thing is I don't even use OneDrive except to automatically upload photos from my Android phone to my desktop; nothing has been detected on the phone.
    I've run another full scan with Bitdefender and Malwarebytes Anti-Malware (free) without any further detection.
    Was just wondering if there might be other steps I need to carryout to be sure nothing spreads? Thanks!

    Click image for larger version. 

Name:	Capture.JPG 
Views:	29 
Size:	58.4 KB 
ID:	50797
      My ComputerSystem Spec
  2.    27 Nov 2015 #2

    I don't use OneDrive but i am very familiar with the Heur Trojan , it's a complete nightmare and one of the worst i ever experienced .

    If it was me i would wipe and re install but i never keep anything of importance on my computer so thats easy for me to say .

    I had to use Dban to get rid of that thing completely .
      My ComputerSystem Spec
  3.    27 Nov 2015 #3
    Join Date : Jan 2014
    Oak Ridge TN, USA
    Posts : 24,523
    Windows 10 Pro x64

    I wouldn't be surprised if there are many more Trojan files on One-Drive.
      My ComputerSystem Spec
  4.    27 Nov 2015 #4
    Join Date : Jun 2015
    Posts : 552
    Microsoft Windows 10 Home 64-bit

    I have been checking out different AV's recently, and whilst I liked the look of bitdefender, according to the forum site the free version is not compatible with windows 10, even though it can be installed it is not reliable, could be the reason you got the virus, or maybe bitdefender is giving false info.

    Might be worth checking with another AV first. Hope this helps.

    Bitdefender Antivirus Free Edition Windows 10 - Bitdefender Forum
      My ComputerSystem Spec
  5.    27 Nov 2015 #5
    Join Date : Mar 2015
    Posts : 616
    Windows 10
    Thread Starter

    Quote Originally Posted by thegeriatric View Post
    I have been checking out different AV's recently, and whilst I liked the look of bitdefender, according to the forum site the free version is not compatible with windows 10, even though it can be installed it is not reliable, could be the reason you got the virus, or maybe bitdefender is giving false info.

    Might be worth checking with another AV first. Hope this helps.

    Bitdefender Antivirus Free Edition Windows 10 - Bitdefender Forum
    Thank you, I've uninstalled Bitdefender and reinstalled Avast (donno why I left it in the first place), as well as followed the complete instructions at the following link, without further detection (besides tracking cookies, which were removed).

    Remove HEUR.Trojan.Win32.Generic (Virus Removal Guide)

    I've also disabled OneDrive on the PC (OneDrive Integration - Enable or Disable in Windows 10 - Windows 10 Forums) and uninstalled it on the phone.

    Do you think it's safe to say, I'm safe now?
      My ComputerSystem Spec
  6.    27 Nov 2015 #6

    I never assume i am completely clean when i have dealt with the Heur Trojan because i made that mistake before , was convinced it was gone and a day or two later the nightmare repeated.

    That link you posted said it is one that often does install a "backdoor" so your just going to have to keep an eye on your system . It is one of the most resistant Trojans i have ever dealt with.

    The Free Kaspersky one time scan ALWAYS picks up the Heur Trojan so consider running that one time scan , if that says clean i think your clean because it never misses that Trojan if it's on your system hiding.

    Emsisoft and Eset Online Scanner do a great job picking up stuff that others often miss as well .
      My ComputerSystem Spec
  7.    27 Nov 2015 #7
    Join Date : Apr 2015
    Posts : 12,955
    W10Prox64

    Quote Originally Posted by fracking4oil View Post
    The odd thing is I don't even use OneDrive except to automatically upload photos from my Android phone to my desktop; nothing has been detected on the phone.
    I've run another full scan with Bitdefender and Malwarebytes Anti-Malware (free) without any further detection.
    Was just wondering if there might be other steps I need to carryout to be sure nothing spreads? Thanks!

    Click image for larger version. 

Name:	Capture.JPG 
Views:	29 
Size:	58.4 KB 
ID:	50797
    Can I just make an observation here?

    From your pic, it appears that the executable OneDrive.exe has been flagged as a virus. This sounds like a FP (false positive) to me.

    I would suggest you upload that file to VirusTotal website and see what comes up there.

    I have the same file on my system in the same location and it's 536KB. I do not use OneDrive on this particular machine.

    I do not think you are infected with anything. Did TDSSKiller find anything on that file?
      My ComputerSystem Spec
  8.    28 Nov 2015 #8
    Join Date : Oct 2014
    In a house with a crazy cat trying to kill me
    Posts : 17,381
    Win 7 32, Win 7 64 Pro, Win 8.1 64 Pro, Win 10 64 Education Edition

    You could give Norton Power Eraser a shot. You can find it here. It would be advisable to read the tutorial.

    Norton Power Eraser | Free Tool | Easily remove scamware that traditional virus scanning can’t detect.


    Because Norton Power Eraser uses aggressive methods to detect threats, there is a risk that it can select some legitimate programs for removal. If you accidently remove a legitimate program, you can run Norton Power Eraser to review past repair sessions and undo them.


    For more information about using Norton Power Eraser, click here for a tutorial.
      My ComputerSystem Spec
  9.    28 Nov 2015 #9
    Join Date : Mar 2015
    Posts : 616
    Windows 10
    Thread Starter

    Quote Originally Posted by simrick View Post
    Can I just make an observation here?

    From your pic, it appears that the executable OneDrive.exe has been flagged as a virus. This sounds like a FP (false positive) to me.

    I would suggest you upload that file to VirusTotal website and see what comes up there.

    I have the same file on my system in the same location and it's 536KB. I do not use OneDrive on this particular machine.

    I do not think you are infected with anything. Did TDSSKiller find anything on that file?

    I suspect you may be correct about it being a false positive (or something to do with Bitdefender). Besides Bitdefender alerting to it, I've seen no signs of infection.
    If signs of infection do occur I'll investigate it further, until than I think I'm ok. Thanks all for the help. Peace!
      My ComputerSystem Spec
  10.    28 Nov 2015 #10
    Join Date : Apr 2015
    Posts : 12,955
    W10Prox64

    Sounds good.
      My ComputerSystem Spec

 
Page 1 of 2 12 LastLast


Similar Threads
Thread Forum
Trojan in My Registry
I have an older 15 inch HP with W10 that I recently updated. I have always had McAfee on the computer, it has never lapsed. I have also run Spybot, Malwarebytes, Google Ghostery and ABP Adblock Popup. When I recently bought a new printer...
AntiVirus, Firewalls and System Security
I have a backdoor Trojan (malware)
I have a backdoor Trojan (malware) on my computer and I couldn't be bothered to reformat my PC until the opportunity was given to me in windows 10. I still want to keep my PC but I want the malware to be completely gone, so in my situation would...
AntiVirus, Firewalls and System Security
Solved monitor not detected
In Windows 7, I was using extended display: primary=notebook screen secondary=external monitor Ater installing Windows 10, the primary screen is not detected by the system; only the external monitor works. In "System > Display" it says...
Graphic Cards
Solved Trojan removed by Defender
With the last couple of builds it seems that Defender is always finding stuff to remove every time I start Windows 10. This morning I removed Trojan Win32/GHEUGENT.Alplock after Defender quarantined it and marked it severe. Right now I am running...
AntiVirus, Firewalls and System Security
Solved SSDs detected as CF?
I have 5 drives installed on my PC (1 HDD and 4 SSDs, the rest are just partitions). I am just wondering what does CF means on 2 of the SSDs. Does it stand for "compact flash"? How to fix this? Or should I just leave it alone? 6911
Drivers and Hardware
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 16:07.
Find Us
Twitter Facebook Google+ Ten Forums iOS App Ten Forums Android App



Windows 10 Forums