Trojan SHeun.FWM (AVG)

Help and Discussion

Moderator: The Mod Squad

Trojan SHeun.FWM (AVG)

Postby HaloCorn » Tue Dec 16, 2008 5:29 pm

Okay so avg detects this trojan several times throughout the day.
But appearenly the trojan is part 16 bit because it will pop up with this


at about the same time avg find it.
Dunno if this is linked to the same virus but I also can't get to folder options. I know its from a virus but can't remember what one it was, because I've had it before but didn't get rid of it so i formatted.

But yeah if someone knows how to remove this virus it would be a great help. Thanks
AMD Athlon 64 X2 6000+
6 gigs o' Ocz reaper pc6400 (2x1gb 2x2gb)
2x Nvidia 8800GT 512MB Fact. OC'ed
3xWD 500Gb 16mb cache sata2
IceMat Siberia Headset
650 W PSU
Gigabyte 3D Mars (case)
Acer AL2223W (monitor)
Windows Vista 64-Bit SP1
Brown Belt
Brown Belt
Posts: 369
Joined: Wed Aug 24, 2005 8:40 am
Location: Oregon

Postby Karlsweldt » Wed Dec 17, 2008 3:10 pm

You cannot remove or access active files when the OS is in 'normal' mode. Restart in 'safe' mode, then redo the scan. Should be easy to clear out the nasties.
If it is a stealth Trojan, it may have embedded keys in the Registry. They will need to be removed. HijackThis is very effective and quick about killing off infections.. but use with discretion, as the result is permanent.. and can cause other problems. If unsure, post a log of the scan so the "pros" can advise.
Good advice is to make a backup of the Registry beforehand.
F@H.. to solve mankind's maladies.. in our lifetimes!
Mobo-fu Master
Mobo-fu Master
Posts: 20836
Joined: Wed Nov 12, 2003 11:57 am
Location: 07438

Postby TriAngle » Wed Dec 24, 2008 6:19 am

I just completely restored a networked desktop at a client's office (6 hours, reinstalled 10 extra business programs). A pop-up window appeared asking if they would like to "update the antivirus definitions for AntiVirus2009".
So, they clicked "Yes", and BOOM!
When I got there, they had 175 Trojans in the 'My Documents' folder and 95 Trojans elsewhere, and was still counting. When it got over 300, I shut the desktop down.
Rebooted, and could not log-in to Windows.
It removed their AntiVirus program completely, they were wide open!

Funny, isn't it, say that pop-up window appeared asking them to update an antivirus program that was not the antivirus program they were using.
People don't think twice about clicking "Yes" to something like this.
If you use Norton A/V, don't click on a pop-up window suggesting you are at threat and please update your antivirus definitions for a totally different antivirus program........DON'T DO IT!!!!!!!!!
Think twice.
"Common sense is not so common." - Voltaire
Black Belt
Black Belt
Posts: 741
Joined: Fri Jan 23, 2004 3:18 pm
Location: over there...

Return to Virus/Spyware/Security

Who is online

Users browsing this forum: No registered users and 2 guests