Upon startup, when boclean loads, I’m getting the following alert.
DLDR-AGENT.AVK VARIANT STOPPED BY BOCLEAN!
Trojan horse was found in memory.
C:\WINDOWS\EXPLORER.EXE contained the trojan.
And when I choose both options (yes or no to delete the file) my desktop gets nuked, because explorer.exe is shut down.
I then have to run explorer.exe from the task manager to get the desktop back.
So far boclean is the only program that’s picking up this trojan.
When I start up with explorer.exe listed as excluded , I’ve got something running that is opening multiple (non visible copies) of IE in the background (up to 10+ at once). But when I start up with boclean (letting it shut down explorer), then re-launch explorer.exe from the task manager, I don’t have that problem.
Any ideas as to what the problem might be, and how to correct it?
I have no such problem with the 2008-03-08 16:21:43 update. Are you sure you are not infected ??? If you suspect a false positive with an update you can always use the “Roll back” function of BOClean to go back to the definition update before :
And when I choose both options (yes or no to delete the file) my desktop gets nuked, because explorer.exe is shut down.
Upon a DLL-Injection it might be needed to shut down certain processes, even if it’s explorer.exe. The explorer.exe itself is your shell (got menus, desktop and you’ll even use the explorer.exe when you want to launch Windows Explorer).
