- Admin
- #1
System
Staff member
- May 19, 2012
I was recently infected with the Trojan:Win32/Urausy.D Trojan Horse on Windows 7. Windows Security Essentials detected and removed it successfully.
However, it said I had an "active" infection and had a red, severe alert. I am trying to figure out if some of my data may have been compromised.
I think the anti-virus scanner found it in an old update to nero I have not used recently and did not install on this version of Windows, so maybe I am OK? I am hoping this because of the containerfile entry, but am not sure, although the fact that it
said "Active" in the alert worries me.
Also, the next question is why did this fire on a nero download? I am pretty sure I have never downloaded a nero download except from the actual Nero AG site, but of course this looks like Jan/Feb of 2012 so I cannot be 100% positive, but I am normally
very careful.
Here is the System Event Log Entry:
Microsoft Antimalware has detected malware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Urausy.D&threatid=2147679763
Name: Trojan:Win32/Urausy.D
ID: 2147679763
Severity: Severe
Category: Trojan
Path: containerfile:_D:installneroNero-7.10.1.0_eng_update.exefile:_D:installneroNero-7.10.1.0_eng_update.exe->(7zSfx)->Cab/62B880F1.cab->NeroMediaHome43DCD1AC.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: User
User: MYDOMAINMYUSER
Process Name: Unknown
Signature Version: AV: 1.147.1241.0, AS: 1.147.1241.0, NIS: 18.160.0.0
Engine Version: AM: 1.1.9302.0, NIS: 2.1.8904.0
Here is the history from Windows Security Essentials:
Category: Trojan
Description: This program is dangerous and executes commands from an attacker.
Recommended action: Remove this software immediately.
Items:
file
:installneroNero-7.10.1.0_eng_update.exe
View this thread
However, it said I had an "active" infection and had a red, severe alert. I am trying to figure out if some of my data may have been compromised.
I think the anti-virus scanner found it in an old update to nero I have not used recently and did not install on this version of Windows, so maybe I am OK? I am hoping this because of the containerfile entry, but am not sure, although the fact that it
said "Active" in the alert worries me.
Also, the next question is why did this fire on a nero download? I am pretty sure I have never downloaded a nero download except from the actual Nero AG site, but of course this looks like Jan/Feb of 2012 so I cannot be 100% positive, but I am normally
very careful.
Here is the System Event Log Entry:
Microsoft Antimalware has detected malware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Urausy.D&threatid=2147679763
Name: Trojan:Win32/Urausy.D
ID: 2147679763
Severity: Severe
Category: Trojan
Path: containerfile:_D:installneroNero-7.10.1.0_eng_update.exefile:_D:installneroNero-7.10.1.0_eng_update.exe->(7zSfx)->Cab/62B880F1.cab->NeroMediaHome43DCD1AC.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: User
User: MYDOMAINMYUSER
Process Name: Unknown
Signature Version: AV: 1.147.1241.0, AS: 1.147.1241.0, NIS: 18.160.0.0
Engine Version: AM: 1.1.9302.0, NIS: 2.1.8904.0
Here is the history from Windows Security Essentials:
Category: Trojan
Description: This program is dangerous and executes commands from an attacker.
Recommended action: Remove this software immediately.
Items:
file
:installneroNero-7.10.1.0_eng_update.exeView this thread
