PDA

View Full Version : Microsoft Security Essentials says HEM is a trojan/backdoor



reefaquarium
04-28-2010, 10:17 PM
Hello,


I get these results when I run Microsoft Security Essentials, Do I uninstall and reinstall?




Category: Trojan

Description: This program is dangerous and executes commands from an attacker.

Recommendation: Permit this detected item only if you trust the program or the software publisher.

Microsoft Security Essentials detected programs that may compromise your privacy or damage your computer. You can still access the files that these programs use without removing them (not recommended). To access these files, select the 'Allow' action and click 'Apply actions'. If this option is not available, log on as administrator or ask the local administrator for help.

Items:
file:E:\Documents and Settings\Adm1\Local Settings\Application Data\Xenocode\ApplianceCaches\HoldemManager.exe_v5 8C3BDD2\TheApp\STUBEXE\@PROGRAMFILES@\RVG Software\Holdem Manager\HMImport.exe
file:E:\Documents and Settings\Adm1\Local Settings\Application Data\Xenocode\ApplianceCaches\HoldemManager.exe_v7 BC20518\TheApp\STUBEXE\@PROGRAMFILES@\RVG Software\Holdem Manager\HoldemManager.exe

Get more information about this item online.










Category: Trojan

Description: This program is dangerous and executes commands from an attacker.

Recommendation: Permit this detected item only if you trust the program or the software publisher.

Microsoft Security Essentials detected programs that may compromise your privacy or damage your computer. You can still access the files that these programs use without removing them (not recommended). To access these files, select the 'Allow' action and click 'Apply actions'. If this option is not available, log on as administrator or ask the local administrator for help.

Items:
file:E:\Documents and Settings\Adm1\Local Settings\Application Data\Xenocode\ApplianceCaches\HoldemManager.exe_v0 8404D5B\TheApp\STUBEXE\@PROGRAMFILES@\RVG Software\Holdem Manager\HMImport.exe
file:E:\Documents and Settings\Adm1\Local Settings\Application Data\Xenocode\ApplianceCaches\HoldemManager.exe_v7 BC20518\TheApp\STUBEXE\@PROGRAMFILES@\RVG Software\Holdem Manager\HMImport.exe

Get more information about this item online.





Category: Backdoor

Description: This program provides remote access to the computer it is installed on.

Recommendation: Permit this detected item only if you trust the program or the software publisher.

Microsoft Security Essentials detected programs that may compromise your privacy or damage your computer. You can still access the files that these programs use without removing them (not recommended). To access these files, select the 'Allow' action and click 'Apply actions'. If this option is not available, log on as administrator or ask the local administrator for help.

Items:
file:E:\Documents and Settings\Adm1\Local Settings\Application Data\Xenocode\ApplianceCaches\HoldemManager.exe_v2 36B29B5\Native\STUBEXE\@PROGRAMFILES@\RVG Software\Holdem Manager\HMHud.exe
file:E:\Documents and Settings\Adm1\Local Settings\Application Data\Xenocode\ApplianceCaches\HoldemManager.exe_v2 36B29B5\TheApp\STUBEXE\@PROGRAMFILES@\RVG Software\Holdem Manager\HMImport.exe
file:E:\Documents and Settings\Adm1\Local Settings\Application Data\Xenocode\ApplianceCaches\HoldemManager.exe_v5 8C3BDD2\Native\STUBEXE\@PROGRAMFILES@\RVG Software\Holdem Manager\HMHud.exe
file:E:\Documents and Settings\Adm1\Local Settings\Application Data\Xenocode\ApplianceCaches\HoldemManager.exe_v5 8C3BDD2\Native\STUBEXE\@WINDIR@\Microsoft.NET\Fram ework\v2.0.50727\csc.exe
file:E:\Documents and Settings\Adm1\Local Settings\Application Data\Xenocode\ApplianceCaches\HoldemManager.exe_v5 FC853F7\Native\STUBEXE\@PROGRAMFILES@\RVG Software\Holdem Manager\HMHud.exe
file:E:\Documents and Settings\Adm1\Local Settings\Application Data\Xenocode\ApplianceCaches\HoldemManager.exe_v5 FC853F7\TheApp\STUBEXE\@PROGRAMFILES@\RVG Software\Holdem Manager\HMImport.exe
file:E:\Documents and Settings\Adm1\Local Settings\Application Data\Xenocode\ApplianceCaches\HoldemManager.exe_v7 BC20518\Native\STUBEXE\@PROGRAMFILES@\RVG Software\Holdem Manager\DBControlPanel.exe
file:E:\Documents and Settings\Derick Hirasawa\Local Settings\Application Data\Xenocode\ApplianceCaches\HoldemManager.exe_v5 FC853F7\Native\STUBEXE\@PROGRAMFILES@\RVG Software\Holdem Manager\HMHud.exe
file:E:\Documents and Settings\Derick Hirasawa\Local Settings\Application Data\Xenocode\ApplianceCaches\HoldemManager.exe_v5 FC853F7\TheApp\STUBEXE\@PROGRAMFILES@\RVG Software\Holdem Manager\HMImport.exe

Get more information about this item online.

morny
04-28-2010, 10:29 PM
Close HEM and your anti-virus and delete any \xenocode\appliance cache folders and any other possible false positive files.

1. Enable "Show hidden files and folders" under Control Panel -> Folder Options -> View
2. Go to C:\Users\%USERPROFILE%\AppData\Local\Xenocode\Appl iance Cache and delete every folder you can find in there

If you are on XP, that location is C:\Documents and Settings\%USERPROFILE%\Local\Application Data\xenocode\appliance cache

Empty your recycle bin.

reboot

Please update to the latest beta - http://www.holdemmanager.com/downloads/HmBetaUpdate.exe

reefaquarium
04-28-2010, 11:05 PM
Thank you for the quick reply!!!

Rebooting!!!