An Epic Battle with a COMPUTER Virus: Trojan:JS/Seedabutor.B

February 6, 2013

Even computer consultants and IT managers occasionally end up getting infected with a nasty virus, Malware or Trojan.

So was the case for this IT guy!  I write this post in the hopes that it might help someone else that has come in contact with a nasty Trojan Virus, specifically TROJAN:JS/SEEDABUTOR.B.  Full disclosure:  I am still not positive that the actual infection was this particular Trojan as  Microsoft Security Essentials reported two different variants.


I am fairly certain as to where the infection came from.  In short it was from an email that I sent to myself from a clients computer that was having issues with sending email.  I had run a complete scan on the clients computer first using Microsoft Security Scanner and Malwarebytes and both programs showed no infections.  It wasn't until a FULL SCAN was run that the infection became apparent. 

 

Word to the wise and my own advice that I didn't follow:  Always run these scan tools in SAFE MODE and as FULL SCAN, not a Quick Scan.

 

Running a FULL SCAN did show that the clients computer was infected.  I was able to remove the infection and all was good on the clients computer.My main workstation that received the clients test email had become infected.  Microsoft Security Essentials, aproximately a day later warned me of the infection and stated that it had been quarintined.  I rebooted in SAFE MODE, ran the removal tools and thought that was the end of it.  Well, it definately was not the end to this Trojan.  It came back with avengence!  My RAID drive system was badly infected.As many scans as I ran I could not remove this infection.  Virus removal tools, modifying the registry, etc. all failed.  I spent almost an entire day researching this viral strain and the tools needed.  My first indication that I might be in trouble came when I stumbled across an article from a user that had been infected with this strain.  The finally solution for them was to wipe the drive, format, and reload.  ugh!I ended up reinstalling Windows 7 on the same drive, but did not format the drive first.  As you probably guessed, the infection was detected again two days later by Microsoft Security Essentials.  This time the scanner was only detecting the infected files, the actual infection had not spread to the registry or the OS Memory.

 

The solution:  I ended up booting the system in UBUNTU.  Microsoft Security Essentials had

given me enough information to know that the infection was located in a hidden file folder on the root of the hard drive.  Once I booted into UBUNTU, I deleted the file folder.  This process took 32 hours to delete the folder!!!  There was a total of 45 gigabytes and millions of files that the virus had created inside of this folder.

After succesfully deleting this Trojan (32 hours later!) I re-scanned the system using the above mentioned tools.
 

 

Please reload

Recent Posts

November 6, 2017

September 15, 2017

September 27, 2016

September 22, 2016

Please reload

Archive
Please reload

Search By Tags

Visit

534 E. Front Street

Traverse City, MI  49686

 

Call

T: 231.313.6761
 

Social Explorations Carbonite Backup Provider

Contact:

MediaServices

© 2013 Social Explorations, LLC

  • Facebook Basic Square
  • Google+ App Icon
  • LinkedIn App Icon