Linux grows UK PC market share | IT PRO Ubuntu Linux really is a good choice for most computer users.
Aug 04

Trojan Horse SHeur.bzpu is a backdoor trojan

Tech Support, Virus Warning Add comments

We thought it might be an AVG false positive, but thanks to a helpful comment from Martyn (here)  we now know that’s not the case.

SHeur.bzpu is a backdoor trojan

http://www.microsoft.com/security/portal/SearchResults.aspx?query=SHeur.bzpu

Backdoor:Win32/Nuwar.gen!D

Aliases: SHeur.BCFX (AVG)

Description: Backdoor:Win32/Nuwar.gen!D is a generic detection for a backdoor trojan that allows unauthorized access to an infected computer. The trojan receives commands indirectly from a remote attacker via its connection to a malicious peer-to-peer network. This trojan also contains advanced stealth…

Published Date: 06/16/2008

Severity Rating: Medium

11 Responses to “Trojan Horse SHeur.bzpu is a backdoor trojan”

  1. Eli Orr Says:
    August 15th, 2008 at 8:06 am

    Any program to auto remove ?

    I’ve got AVG detecting it on a WD external disk.

  2. TheFrogPrince Says:
    August 16th, 2008 at 7:42 pm

    Confirmed.

    http://www.microsoft.com/security/portal/Entry.aspx?Name=Backdoor%3aWin32%2fNuwar.gen!D

    This is not a false positive.

    I am currently researching this post:
    http://help.lockergnome.com/windows/Trojan-Horse-SHeur-Issue-ftopict583909.html
    as an alternative to Microsoft Live!

    Not sure who I fear the most… the Russians?… or Microsoft? =o)

  3. TheFrogPrince Says:
    August 16th, 2008 at 7:44 pm

    Currently researching this link:

    http://help.lockergnome.com/windows/Trojan-Horse-SHeur-Issue-ftopict583909.html

    as an alternative to Microsoft Live!.

    Not sure who I fear the most… the Russians?… or Microsoft? =)

  4. Ego-Suicide 2 Says:
    August 17th, 2008 at 2:09 am

    To: TheFrogPrince

    I decided to respond to the email directly and through the link. Yes, I have confirmed Trojan Horse.SHeur to be a positive on certain occasions. The one that I encountered acted more like a worm than a Trojan (possibly Trojan.Worm/W32 class). It takes well to infecting the system restore and infecting processes. I email that I sent to TheFrogPrince contains a photo of what my Nod32 anti virus caught after trying to install Advanced Windows Care V3 Beta 2.8.2. I hope he uploads it soon and I am preping my computer for another wave of SHeur action, Just in case if it is a false positive, I will send the file for analysis and get my results soon (hopefully). I know this seems like a post itself but I have to reply about that. If we come across any new info, I will update my posts on this link.

  5. TheFrogPrince Says:
    August 17th, 2008 at 10:18 am

    OK… still playing around with this. Think I may have scared whatever I had into hiding. =)

    The layman’s term for “advanced stealth” is: rootkit.

    Microsoft offers a fairly detailed explanation of rootkits here:
    http://technet.microsoft.com/en-us/sysinternals/bb897445.aspx#wha

    They offer a free rootkit detector (doesn’t clean the problem, but tries to identify if you have it). They also link to Phrack.org, which contains much more detailed information on the subject.

    I did run across this:
    http://www.freewarefiles.com/AVG-Anti-Rootkit_program_22524.html
    Oddly enough, this download is not advertised on the AVG website directly. This tool is not included in AVG Free.

  6. Ego-Suicide Says:
    August 24th, 2008 at 1:45 pm

    why didn’t AVG release that… I wonder if a lawsuit can be filed against them for some reason, someone who is smart enough will know the loopholes and find a way to do it IF they do see that link.

    Anyways, I thought AVG was all up for the safety of the public computers. Guess I was wrong about that, I’ll just go and buy a Nod32 license.

  7. Ron Shank Says:
    August 25th, 2008 at 8:43 am

    I still like AVG and recommend it to many of my consulting clients. I also like Avast. And for even more safety, I recommend leaving windows and going to Linux, or Mac. The choice depends mainly on your software needs.

  8. Ego-Suicide Says:
    August 31st, 2008 at 10:07 pm

    Ron, I can understand where you’re coming from on this matter. But right now I am frowning upon AVG and their customer support. And right now I can’t leave windows. If I had the chance, I would ditch windows and install Linux Edubuntu that my schools computer administrator gave me. Unfortunately, it likes to crash often so I have to stick with windows XP.

  9. Ron Shank Says:
    September 1st, 2008 at 5:24 pm

    Ego: give Avast a try and see if that works better for you. Be sure and report back here if you don’t mind. I really value your input.

  10. Ego-Suicide Says:
    September 3rd, 2008 at 6:05 pm

    ok ron, I will give Avast antivirus a try.

  11. Ego-Suicide Says:
    September 25th, 2008 at 8:09 pm

    Avast is working fine, a little heavy on the memory by my standards. But It’s doing its job. And I gathered more info about the SHeur virus. Turns out its actually a whole new strand of Trojans. A person that I was talking to about programming told me that it has 2 or more effects on your computer. effect 1: it degrades hardware (meaning it will fry your video card, cpu, cd drive, etc.). 2: it will copy your system data and send critical bits of it to the hacker. 3: it gives hackers full access to your computer and will take control of the cpu, giving you something similar to the BSD while the hacker is going through your system as he pleases. Turning off your computer durring effects 2 and 3 WILL damage your system. If it is detected in the system restore, throw it in the virus vault ASAP. This virus has fried my CD drive! T_T

Leave a Reply