TR/Dldr.Agent.zbthu keeps getting detected by Avira

[Goi]

Hi,

I have Avira free antivirus, and it keeps detecting that I have the TR/Dldr.Agent.zbthu trojan in my Windows 10 temp directory, and moved the file (gDF2D.tmp.exe) to quarantine. I also notice g63D0.tmp.exe in my task manager, which keeps coming back even if I end the task. I don't see this file in services.

Avira offers no other removal options. I've deleted those files from quarantine, as well as in the temp directory, but it keeps coming back. A full scan in Avira didn't reveal anymore detections. How do I remove this?

 

[Goi]

I also notice that the processes that I see in my task manager exist in the registry in hkey_local_machine->software->microsoft->windows->currentversion->runonce. I've tried deleting them but after some time, it appears again under a different name. How do I get to the root of the problem?

 

[Goi]

Anyone? I've noticed that whenever the .tmp.exe is running, my WhatsApp web is unresponsive on Chrome. Once I end the task in Task Manager, WhatsApp web works again. When I googled this phenomenon, it gave me a bunch of links from Lenovo users with the same problem, and the culprit was a pre-installed Lenovo adware called "Superfish". I'm using a Dell so that doesn't apply to me, but I'm guessing I have another malware/adware/spyware that does the same thing. How do I get rid of it for good?

 

[Iron Woode]

download Malwarebytes Antimalware and run a complete scan to see if it finds anything.

report back here with any update.

it's a bad idea to cross post your issues.

 

[Skunk-Works]

Switch to Immunet. I had nothing but issues with Avira and when I went to uninstall I had to use their registry uninstall tool or whatever it was. I run Immunet on a netbook because it's the only ant-virus software that is light enough to run in an Atom based computer. So in a normal computer like a desktop or laptop you won't even know it's there.

 

[Billb2]

You have a nasty trojan (maybe a rootkit) that's spawing the one that Avira finds. You have to get rid of the first one, but since Avira doesn't see it Avira can't do that And since you don't know the name of he file you can't delete it either. You might want to try NPE (Norton Power Eraser). It's a bootable virus scanner.

 

[Ketchup]

Agreed. Tdsskiller is another good one.

http://usa.kaspersky.com/downloads/TDSSKiller

 

[Goi]

Switch to Immunet. I had nothing but issues with Avira and when I went to uninstall I had to use their registry uninstall tool or whatever it was. I run Immunet on a netbook because it's the only ant-virus software that is light enough to run in an Atom based computer. So in a normal computer like a desktop or laptop you won't even know it's there.

Does Immunet provide better protection than Avira/AVG/Avast/the other free antivirus software?

Anyway, I ended up removing it by running a clusterbomb of anti-malware software, beginning with Malwarebytes.

 

[Billb2]

Av Comparatives does a pretty good job testing AVs.

 

[Goi]

Yup I've been using that and have never heard of Immunet (it's not in the list), and Avira has always been at/near the top of the charts, hence I've been using it.