PDA

View Full Version : Did I get Trojans from HEM/Did somebody corrupt my HEM?



FoxwoodsFiend
04-21-2010, 03:41 PM
Sorry if this is just paranoid, but I just did my first ever Trojans scan and I found the following 3 quarantined items. I have no clue what any of this means and I'm worried, so would someone mind explaining it to me?

Trojan:Win32/Orsam!rts (location: C:\Documents and Settings\Rel\Local Settings\Application Data\Xenocode\ApplianceCaches\HoldemManager.exe_v7 BC20518\TheApp\STUBEXE\@PROGRAMFILES@\RVG Software\Holdem Manager\HoldemManager.exe)

Trojan:Win32/Bumat!rts (location: C:\Documents and Settings\Rel\backed up files\Documents and Settings\Ariel Schneller\Local Settings\Application Data\Xenocode\ApplianceCaches\HoldemManager.exe_v2 B34C5A3\Native\STUBEXE\@PROGRAMFILES@\RVG Software\Holdem Manager\DBControlPanel.exe
file:C:\Documents and Settings\Rel\Local Settings\Application Data\Xenocode\ApplianceCaches\HoldemManager.exe_v2 B34C5A3\Native\STUBEXE\@PROGRAMFILES@\RVG Software\Holdem Manager\DBControlPanel.exe
file:C:\Documents and Settings\Rel\Local Settings\Application Data\Xenocode\ApplianceCaches\HoldemManager.exe_v5 12D2084\TheApp\STUBEXE\@PROGRAMFILES@\RVG Software\Holdem Manager\HMImport.exe
file:C:\Documents and Settings\Rel\Local Settings\Application Data\Xenocode\ApplianceCaches\HoldemManager.exe_v6 5ED1E19\Native\STUBEXE\@PROGRAMFILES@\RVG Software\Holdem Manager\DBControlPanel.exe
file:C:\Documents and Settings\Rel\Local Settings\Application Data\Xenocode\ApplianceCaches\HoldemManager.exe_v7 BC20518\TheApp\STUBEXE\@PROGRAMFILES@\RVG Software\Holdem Manager\HMImport.exe)

Backdoor:Win32/Bisar!rts (location: :C:\Documents and Settings\Rel\backed up files\Documents and Settings\Ariel Schneller\Local Settings\Application Data\Xenocode\ApplianceCaches\HoldemManager.exe_v2 B34C5A3\Native\STUBEXE\@PROGRAMFILES@\RVG Software\Holdem Manager\HMHud.exe
file:C:\Documents and Settings\Rel\backed up files\Documents and Settings\Ariel Schneller\Local Settings\Application Data\Xenocode\ApplianceCaches\HoldemManager.exe_v2 B34C5A3\TheApp\STUBEXE\@PROGRAMFILES@\RVG Software\Holdem Manager\HMImport.exe
file:C:\Documents and Settings\Rel\backed up files\Documents and Settings\Ariel Schneller\Local Settings\Application Data\Xenocode\ApplianceCaches\HoldemManager.exe_v2 B34C5A3\TheApp\STUBEXE\@PROGRAMFILES@\RVG Software\Holdem Manager\HoldemManager.exe
file:C:\Documents and Settings\Rel\Local Settings\Application Data\Xenocode\ApplianceCaches\HoldemManager.exe_v0 06DBC2F\Native\STUBEXE\@PROGRAMFILES@\RVG Software\Holdem Manager\DBControlPanel.exe
file:C:\Documents and Settings\Rel\Local Settings\Application Data\Xenocode\ApplianceCaches\HoldemManager.exe_v2 B34C5A3\Native\STUBEXE\@PROGRAMFILES@\RVG Software\Holdem Manager\HMHud.exe
file:C:\Documents and Settings\Rel\Local Settings\Application Data\Xenocode\ApplianceCaches\HoldemManager.exe_v2 B34C5A3\TheApp\STUBEXE\@PROGRAMFILES@\RVG Software\Holdem Manager\HMImport.exe
file:C:\Documents and Settings\Rel\Local Settings\Application Data\Xenocode\ApplianceCaches\HoldemManager.exe_v2 B34C5A3\TheApp\STUBEXE\@PROGRAMFILES@\RVG Software\Holdem Manager\HoldemManager.exe
file:C:\Documents and Settings\Rel\Local Settings\Application Data\Xenocode\ApplianceCaches\HoldemManager.exe_v5 12D2084\Native\STUBEXE\@PROGRAMFILES@\RVG Software\Holdem Manager\DBControlPanel.exe
file:C:\Documents and Settings\Rel\Local Settings\Application Data\Xenocode\ApplianceCaches\HoldemManager.exe_v7 BC20518\Native\STUBEXE\@PROGRAMFILES@\RVG Software\Holdem Manager\DBControlPanel.exe
file:C:\Documents and Settings\Rel\Local Settings\Application Data\Xenocode\ApplianceCaches\HoldemManager.exe_v7 BC20518\Native\STUBEXE\@PROGRAMFILES@\RVG Software\Holdem Manager\HMHud.exe
file:C:\Documents and Settings\Rel\Local Settings\Application Data\Xenocode\ApplianceCaches\HoldemManager.exe_v7 BC20518\Native\STUBEXE\@WINDIR@\Microsoft.NET\Fram ework\v2.0.50727\csc.exe
file:C:\Documents and Settings\Rel\Local Settings\Application Data\Xenocode\ApplianceCaches\HoldemManager.exe_v7 BC20518\Native\STUBEXE\@WINDIR@\Microsoft.NET\Fram ework\v2.0.50727\cvtres.exe)

morny
04-21-2010, 09:23 PM
Close HEM and your anti-virus and delete any \xenocode\appliance cache folders and any other possible false positive files.

1. Enable "Show hidden files and folders" under Control Panel -> Folder Options -> View
2. Go to C:\Users\%USERPROFILE%\AppData\Local\Xenocode\Appl iance Cache and delete every folder you can find in there

If you are on XP, that location is C:\Documents and Settings\%USERPROFILE%\Local\Application Data\xenocode\appliance cache

Empty your recycle bin.

reboot

Please update to the latest beta - http://www.holdemmanager.com/downloads/HmBetaUpdate.exe


Id also run a full check on your PC aswell to be sure