We thought it might be an AVG false positive, but thanks to a helpful comment from Martyn (here)Â we now know that’s not the case.
SHeur.bzpu is a backdoor trojan
http://www.microsoft.com/security/portal/SearchResults.aspx?query=SHeur.bzpu
Backdoor:Win32/Nuwar.gen!D
Aliases: SHeur.BCFX (AVG)
Description: Backdoor:Win32/Nuwar.gen!D is a generic detection for a backdoor trojan that allows unauthorized access to an infected computer. The trojan receives commands indirectly from a remote attacker via its connection to a malicious peer-to-peer network. This trojan also contains advanced stealth…
Published Date: 06/16/2008
Severity Rating: Medium
Popularity: 46% [?]
Any program to auto remove ?
I’ve got AVG detecting it on a WD external disk.
Confirmed.
http://www.microsoft.com/security/portal/Entry.aspx?Name=Backdoor%3aWin32%2fNuwar.gen!D
This is not a false positive.
I am currently researching this post:
http://help.lockergnome.com/windows/Trojan-Horse-SHeur-Issue-ftopict583909.html
as an alternative to Microsoft Live!
Not sure who I fear the most… the Russians?… or Microsoft? =o)
Currently researching this link:
http://help.lockergnome.com/windows/Trojan-Horse-SHeur-Issue-ftopict583909.html
as an alternative to Microsoft Live!.
Not sure who I fear the most… the Russians?… or Microsoft? =)
To: TheFrogPrince
I decided to respond to the email directly and through the link. Yes, I have confirmed Trojan Horse.SHeur to be a positive on certain occasions. The one that I encountered acted more like a worm than a Trojan (possibly Trojan.Worm/W32 class). It takes well to infecting the system restore and infecting processes. I email that I sent to TheFrogPrince contains a photo of what my Nod32 anti virus caught after trying to install Advanced Windows Care V3 Beta 2.8.2. I hope he uploads it soon and I am preping my computer for another wave of SHeur action, Just in case if it is a false positive, I will send the file for analysis and get my results soon (hopefully). I know this seems like a post itself but I have to reply about that. If we come across any new info, I will update my posts on this link.
OK… still playing around with this. Think I may have scared whatever I had into hiding. =)
The layman’s term for “advanced stealth” is: rootkit.
Microsoft offers a fairly detailed explanation of rootkits here:
http://technet.microsoft.com/en-us/sysinternals/bb897445.aspx#wha
They offer a free rootkit detector (doesn’t clean the problem, but tries to identify if you have it). They also link to Phrack.org, which contains much more detailed information on the subject.
I did run across this:
http://www.freewarefiles.com/AVG-Anti-Rootkit_program_22524.html
Oddly enough, this download is not advertised on the AVG website directly. This tool is not included in AVG Free.
why didn’t AVG release that… I wonder if a lawsuit can be filed against them for some reason, someone who is smart enough will know the loopholes and find a way to do it IF they do see that link.
Anyways, I thought AVG was all up for the safety of the public computers. Guess I was wrong about that, I’ll just go and buy a Nod32 license.
I still like AVG and recommend it to many of my consulting clients. I also like Avast. And for even more safety, I recommend leaving windows and going to Linux, or Mac. The choice depends mainly on your software needs.
Ron, I can understand where you’re coming from on this matter. But right now I am frowning upon AVG and their customer support. And right now I can’t leave windows. If I had the chance, I would ditch windows and install Linux Edubuntu that my schools computer administrator gave me. Unfortunately, it likes to crash often so I have to stick with windows XP.
Ego: give Avast a try and see if that works better for you. Be sure and report back here if you don’t mind. I really value your input.
ok ron, I will give Avast antivirus a try.
Avast is working fine, a little heavy on the memory by my standards. But It’s doing its job. And I gathered more info about the SHeur virus. Turns out its actually a whole new strand of Trojans. A person that I was talking to about programming told me that it has 2 or more effects on your computer. effect 1: it degrades hardware (meaning it will fry your video card, cpu, cd drive, etc.). 2: it will copy your system data and send critical bits of it to the hacker. 3: it gives hackers full access to your computer and will take control of the cpu, giving you something similar to the BSD while the hacker is going through your system as he pleases. Turning off your computer durring effects 2 and 3 WILL damage your system. If it is detected in the system restore, throw it in the virus vault ASAP. This virus has fried my CD drive! T_T
HELP! I installed AVG yesterday as I was fedup with Norton constantly needing updating and costing me a fortune. Today I have turned my computer on and been told I have Trojan Horse SHeur. I have no idea bout these things and don’t know what to do to get rid of it. HELP!!!!!
AVG has had a few bugs before 7.5 ended… 8.0 was fine until a certain update that caused a bug. I’m not sure what to say, I would quaritine the object in the virus vault for now and create a hijackthis log and submit it to a fourm where a volunteer will analyze and give his diagnosis on your computer. And it is a bug if you use Quicken products (AVG just hates those programs for some reason). So there is a chance that it will be a glitch.
Also in need of guidance…Things are NOT looking good….. I came across the SHeur.BYD have done some research and currently i am confused if it an actual virus on my CPU or if AVG is falsely reporting it. Can anyone assist.?
Here are the details. The Virus is “detected” anytime I put a Legit (bought at a store) CIV 4 game disc in the D: Drive. I am currently running a system scan, the only thing to be identified so far are cookies. During my 1st install run of CIV 4, my system froze after the “insert disc 2″ screen. i had to power off and restart, i looked under the install/remove programs to remove the partial install, but was unable to find any created program (makes sense) re-inserted disc 1, the title screen came up (“Play” “Details” “Exit) I clicked exit. went to run D: after the disc started spinning up, the virus detected popped up. The interesting thing though is that the file location is D:\DIAG.EXE and of the two options after virus detection is remove and heal. A message stating the file can not be healed “object(s) are on an optical drive” Is this just AVG wrongly reporting a “normal” file used to install the game, or is this just that messed up…….Any Ideas…. Please…..
I’ve started using and recommending avast anti-virus.