Zuten Trojan and Minidump File.

[Serge]

Windows XP Media Center Edition 2005
SP3
CA Anti-Virus Plus CA Anti-Spyware 2008
----------------------------------------------------------
A scan with CA Anti-Spyware 2008 found a Zuten Trojan.

CA Anti-Spyware was set to delete spyware and cookies automatically once
quarantined.

Log shows: Quarantined Zuten Trojan was in Folder: C:\windows\minidump
and 3 cookies were also found

Quarantine is empty, I can only assume that the 3 cookies and the Zuten
Trojan were deleted.

..The c:\windows\minidump file can not be found. I can only assume that the
file was deleted by the CA Anti-Spyware with the Zuten Trojan.

At that point I ran Ad-Aware 2008, Super Antispyware and Windows Defender.
I also ran a complete Windows Live One Care and nothing was found.

My computer appears to be running normally. Should I be taking any further
action?

If I am in the wrong place, please point me in the right direction.

Serge

 

[MowGreen [MVP]]

Serge,

CA detecting a "trojan" in a minidump file 'sounds' like it's a False
Positive. Perhaps it's detecting that the system is sending the minidump
file to Microsoft and thinks it's a "trojan" ?
In XP, the Default location of minidump files is in the Minidump
subfolder located at WINDOWS\Minidump
Is anything present in that subfolder and, have you read CA's page on
Zuten ?
http://ca.com/us/securityadvisor/pest/pest.aspx?id=453138752


MowGreen [MVP 2003-2008]
===============
*-343-* FDNY
Never Forgotten
===============



Serge wrote:

> Windows XP Media Center Edition 2005
> SP3
> CA Anti-Virus Plus CA Anti-Spyware 2008
> ----------------------------------------------------------
> A scan with CA Anti-Spyware 2008 found a Zuten Trojan.
>
> CA Anti-Spyware was set to delete spyware and cookies automatically once
> quarantined.
>
> Log shows: Quarantined Zuten Trojan was in Folder: C:\windows\minidump
> and 3 cookies were also found
>
> Quarantine is empty, I can only assume that the 3 cookies and the Zuten
> Trojan were deleted.
>
> .The c:\windows\minidump file can not be found. I can only assume that the
> file was deleted by the CA Anti-Spyware with the Zuten Trojan.
>
> At that point I ran Ad-Aware 2008, Super Antispyware and Windows Defender.
> I also ran a complete Windows Live One Care and nothing was found.
>
> My computer appears to be running normally. Should I be taking any further
> action?
>
> If I am in the wrong place, please point me in the right direction.
>
> Serge
>

 

[Serge]

MG> CA detecting a "Trojan" in a minidump file 'sounds' like it's a MG> False
MG>Positive.

Yes, that is my wish. I did not mention that I was also running Comodo BO
Clean in the background.

MG> In XP, the Default location of minidump files is in the Minidump
MG> subfolder located at WINDOWS\Minidump. Is anything present in that
MG> subfolder….

CA Anti-Spyware was set to delete spyware and cookies automatically once
quarantined. The c:\windows\minidump subfolder can not be found. I can only
assume that it was deleted by the CA Anti-Spyware as it assumed that it
contained the Zuten Trojan.

Do I need to make a minidump subfolder? If yes how do I do it?

MG> and, have you read CA's page on Zuten?
MG> http://ca.com/us/securityadvisor/pest/pest.aspx? id=453138752

Yes, I did read the CA’s page on Zuten.

Thanks for your help.

Serge


"MowGreen [MVP]" wrote:

> Serge,
>
> CA detecting a "trojan" in a minidump file 'sounds' like it's a False
> Positive. Perhaps it's detecting that the system is sending the minidump
> file to Microsoft and thinks it's a "trojan" ?
> In XP, the Default location of minidump files is in the Minidump
> subfolder located at WINDOWS\Minidump
> Is anything present in that subfolder and, have you read CA's page on
> Zuten ?
> http://ca.com/us/securityadvisor/pest/pest.aspx?id=453138752
>
>
> MowGreen [MVP 2003-2008]
> ===============
> *-343-* FDNY
> Never Forgotten
> ===============
>
>
>
> Serge wrote:
>
> > Windows XP Media Center Edition 2005
> > SP3
> > CA Anti-Virus Plus CA Anti-Spyware 2008
> > ----------------------------------------------------------
> > A scan with CA Anti-Spyware 2008 found a Zuten Trojan.
> >
> > CA Anti-Spyware was set to delete spyware and cookies automatically once
> > quarantined.
> >
> > Log shows: Quarantined Zuten Trojan was in Folder: C:\windows\minidump
> > and 3 cookies were also found
> >
> > Quarantine is empty, I can only assume that the 3 cookies and the Zuten
> > Trojan were deleted.
> >
> > .The c:\windows\minidump file can not be found. I can only assume that the
> > file was deleted by the CA Anti-Spyware with the Zuten Trojan.
> >
> > At that point I ran Ad-Aware 2008, Super Antispyware and Windows Defender.
> > I also ran a complete Windows Live One Care and nothing was found.
> >
> > My computer appears to be running normally. Should I be taking any further
> > action?
> >
> > If I am in the wrong place, please point me in the right direction.
> >
> > Serge
> >
>

 

[MowGreen [MVP]]

The Minidump subfolder in the WINDOWS directory should be recreated
if/when another minidump is made. You could recreate it if you really
want to.
You could post to a CA User Group Forum and see if anyone else received
the same False Positive: http://causergroups.ca.com/


MowGreen [MVP 2003-2008]
===============
*-343-* FDNY
Never Forgotten
===============


Serge wrote:

> MG> CA detecting a "Trojan" in a minidump file 'sounds' like it's a MG> False
> MG>Positive.
>
> Yes, that is my wish. I did not mention that I was also running Comodo BO
> Clean in the background.
>
> MG> In XP, the Default location of minidump files is in the Minidump
> MG> subfolder located at WINDOWS\Minidump. Is anything present in that
> MG> subfolder….
>
> CA Anti-Spyware was set to delete spyware and cookies automatically once
> quarantined. The c:\windows\minidump subfolder can not be found. I can only
> assume that it was deleted by the CA Anti-Spyware as it assumed that it
> contained the Zuten Trojan.
>
> Do I need to make a minidump subfolder? If yes how do I do it?
>
> MG> and, have you read CA's page on Zuten?
> MG> http://ca.com/us/securityadvisor/pest/pest.aspx? id=453138752
>
> Yes, I did read the CA’s page on Zuten.
>
> Thanks for your help.
>
> Serge
>
>
> "MowGreen [MVP]" wrote:
>
>
>>Serge,
>>
>>CA detecting a "trojan" in a minidump file 'sounds' like it's a False
>>Positive. Perhaps it's detecting that the system is sending the minidump
>>file to Microsoft and thinks it's a "trojan" ?
>>In XP, the Default location of minidump files is in the Minidump
>>subfolder located at WINDOWS\Minidump
>>Is anything present in that subfolder and, have you read CA's page on
>>Zuten ?
>>http://ca.com/us/securityadvisor/pest/pest.aspx?id=453138752
>>
>>
>>MowGreen [MVP 2003-2008]
>>===============
>> *-343-* FDNY
>>Never Forgotten
>>===============
>>
>>
>>
>>Serge wrote:
>>
>>
>>>Windows XP Media Center Edition 2005
>>>SP3
>>>CA Anti-Virus Plus CA Anti-Spyware 2008
>>>----------------------------------------------------------
>>>A scan with CA Anti-Spyware 2008 found a Zuten Trojan.
>>>
>>>CA Anti-Spyware was set to delete spyware and cookies automatically once
>>>quarantined.
>>>
>>>Log shows: Quarantined Zuten Trojan was in Folder: C:\windows\minidump
>>>and 3 cookies were also found
>>>
>>>Quarantine is empty, I can only assume that the 3 cookies and the Zuten
>>>Trojan were deleted.
>>>
>>>.The c:\windows\minidump file can not be found. I can only assume that the
>>>file was deleted by the CA Anti-Spyware with the Zuten Trojan.
>>>
>>>At that point I ran Ad-Aware 2008, Super Antispyware and Windows Defender.
>>>I also ran a complete Windows Live One Care and nothing was found.
>>>
>>> My computer appears to be running normally. Should I be taking any further
>>>action?
>>>
>>>If I am in the wrong place, please point me in the right direction.
>>>
>>>Serge
>>>
>>

 

[Serge]

MG> The Minidump subfolder in the WINDOWS directory should be
MG> recreated if/when another minidump is made.

As it is not needed, I will let it recreate itself.

MG>You could post to a CA User Group Forum and see if anyone
MG> else received the same False Positive:

In CA Home/Home Office Forum I have managed to find the following message
dated 31/07/2008:
----------------------------------------------------------------------------------------------
Hello,
This is the best string I could find for MY message. I have been a McAfee
user for years, and currently have their "Total Protection" software
installed. However, I have never totally trusted their anti-spy software,
thus I had also purchased CA Anti-Spy.

Earlier today, CA -Anti-spy detected the "TROJAN" "Zuten" on my computer,
and reported it as a password stealer!

I immediately quarantined it, and the deleted it as well! I also immediately
began changing ALL of my passwords!

However, before I could re-set one of my site passwords for the "Stats
function" it had ALREADY been accessed!

Luckily, the site wasn't imperative, thus doing little/no harm!

My point is THIS! My McAfee was in FULL action, and active, YET it NEVER
detected a thing! It was my CA Anti-spy, which located, and warned me about
the TROJAN!!

Thank YOU CA!!!

End of message.
------------------------------------------------------------------------------------------------
In c:\windows\debug\ I found a file called Passwd.log. The log was blank.
I could not find any sensible info on this Passwd.log. Unless I can find
otherwise, I will treat my “Trojan Zuten†as a false positive.

I am open to any further suggestions.

Thanks for your help.


Serge


"MowGreen [MVP]" wrote:

> The Minidump subfolder in the WINDOWS directory should be recreated
> if/when another minidump is made. You could recreate it if you really
> want to.
> You could post to a CA User Group Forum and see if anyone else received
> the same False Positive: http://causergroups.ca.com/
>
>
> MowGreen [MVP 2003-2008]
> ===============
> *-343-* FDNY
> Never Forgotten
> ===============
>
>
> Serge wrote:
>
> > MG> CA detecting a "Trojan" in a minidump file 'sounds' like it's a MG> False
> > MG>Positive.
> >
> > Yes, that is my wish. I did not mention that I was also running Comodo BO
> > Clean in the background.
> >
> > MG> In XP, the Default location of minidump files is in the Minidump
> > MG> subfolder located at WINDOWS\Minidump. Is anything present in that
> > MG> subfolder….
> >
> > CA Anti-Spyware was set to delete spyware and cookies automatically once
> > quarantined. The c:\windows\minidump subfolder can not be found. I can only
> > assume that it was deleted by the CA Anti-Spyware as it assumed that it
> > contained the Zuten Trojan.
> >
> > Do I need to make a minidump subfolder? If yes how do I do it?
> >
> > MG> and, have you read CA's page on Zuten?
> > MG> http://ca.com/us/securityadvisor/pest/pest.aspx? id=453138752
> >
> > Yes, I did read the CA’s page on Zuten.
> >
> > Thanks for your help.
> >
> > Serge
> >
> >
> > "MowGreen [MVP]" wrote:
> >
> >
> >>Serge,
> >>
> >>CA detecting a "trojan" in a minidump file 'sounds' like it's a False
> >>Positive. Perhaps it's detecting that the system is sending the minidump
> >>file to Microsoft and thinks it's a "trojan" ?
> >>In XP, the Default location of minidump files is in the Minidump
> >>subfolder located at WINDOWS\Minidump
> >>Is anything present in that subfolder and, have you read CA's page on
> >>Zuten ?
> >>http://ca.com/us/securityadvisor/pest/pest.aspx?id=453138752
> >>
> >>
> >>MowGreen [MVP 2003-2008]
> >>===============
> >> *-343-* FDNY
> >>Never Forgotten
> >>===============
> >>
> >>
> >>
> >>Serge wrote:
> >>
> >>
> >>>Windows XP Media Center Edition 2005
> >>>SP3
> >>>CA Anti-Virus Plus CA Anti-Spyware 2008
> >>>----------------------------------------------------------
> >>>A scan with CA Anti-Spyware 2008 found a Zuten Trojan.
> >>>
> >>>CA Anti-Spyware was set to delete spyware and cookies automatically once
> >>>quarantined.
> >>>
> >>>Log shows: Quarantined Zuten Trojan was in Folder: C:\windows\minidump
> >>>and 3 cookies were also found
> >>>
> >>>Quarantine is empty, I can only assume that the 3 cookies and the Zuten
> >>>Trojan were deleted.
> >>>
> >>>.The c:\windows\minidump file can not be found. I can only assume that the
> >>>file was deleted by the CA Anti-Spyware with the Zuten Trojan.
> >>>
> >>>At that point I ran Ad-Aware 2008, Super Antispyware and Windows Defender.
> >>>I also ran a complete Windows Live One Care and nothing was found.
> >>>
> >>> My computer appears to be running normally. Should I be taking any further
> >>>action?
> >>>
> >>>If I am in the wrong place, please point me in the right direction.
> >>>
> >>>Serge
> >>>
> >>
>

 

[Owen]

Hey

I have the same problem.... Any time I open a widows media file, I get the
'blue screen of death' and the same minidump message. I have scanned with AVG
8.0, micotrend online and others but still no virus found... I have also
updated my video card settings.. still no good.

I'm sure its a virus after I took USB stick to a friends BRAND NEW computer
and executed a couple of files from there, after acouple of hours the pc was
doing the exactly the same thing.

Has getting rid of the 'Zuten Trojan' solved any of your problems? I am
finding it hard to finds any info on it?

Any help would be great

Owen.


"Serge" wrote:

> MG> The Minidump subfolder in the WINDOWS directory should be
> MG> recreated if/when another minidump is made.
>
> As it is not needed, I will let it recreate itself.
>
> MG>You could post to a CA User Group Forum and see if anyone
> MG> else received the same False Positive:
>
> In CA Home/Home Office Forum I have managed to find the following message
> dated 31/07/2008:
> ----------------------------------------------------------------------------------------------
> Hello,
> This is the best string I could find for MY message. I have been a McAfee
> user for years, and currently have their "Total Protection" software
> installed. However, I have never totally trusted their anti-spy software,
> thus I had also purchased CA Anti-Spy.
>
> Earlier today, CA -Anti-spy detected the "TROJAN" "Zuten" on my computer,
> and reported it as a password stealer!
>
> I immediately quarantined it, and the deleted it as well! I also immediately
> began changing ALL of my passwords!
>
> However, before I could re-set one of my site passwords for the "Stats
> function" it had ALREADY been accessed!
>
> Luckily, the site wasn't imperative, thus doing little/no harm!
>
> My point is THIS! My McAfee was in FULL action, and active, YET it NEVER
> detected a thing! It was my CA Anti-spy, which located, and warned me about
> the TROJAN!!
>
> Thank YOU CA!!!
>
> End of message.
> ------------------------------------------------------------------------------------------------
> In c:\windows\debug\ I found a file called Passwd.log. The log was blank.
> I could not find any sensible info on this Passwd.log. Unless I can find
> otherwise, I will treat my “Trojan Zuten†as a false positive.
>
> I am open to any further suggestions.
>
> Thanks for your help.
>
>
> Serge
>
>
> "MowGreen [MVP]" wrote:
>
> > The Minidump subfolder in the WINDOWS directory should be recreated
> > if/when another minidump is made. You could recreate it if you really
> > want to.
> > You could post to a CA User Group Forum and see if anyone else received
> > the same False Positive: http://causergroups.ca.com/
> >
> >
> > MowGreen [MVP 2003-2008]
> > ===============
> > *-343-* FDNY
> > Never Forgotten
> > ===============
> >
> >
> > Serge wrote:
> >
> > > MG> CA detecting a "Trojan" in a minidump file 'sounds' like it's a MG> False
> > > MG>Positive.
> > >
> > > Yes, that is my wish. I did not mention that I was also running Comodo BO
> > > Clean in the background.
> > >
> > > MG> In XP, the Default location of minidump files is in the Minidump
> > > MG> subfolder located at WINDOWS\Minidump. Is anything present in that
> > > MG> subfolder….
> > >
> > > CA Anti-Spyware was set to delete spyware and cookies automatically once
> > > quarantined. The c:\windows\minidump subfolder can not be found. I can only
> > > assume that it was deleted by the CA Anti-Spyware as it assumed that it
> > > contained the Zuten Trojan.
> > >
> > > Do I need to make a minidump subfolder? If yes how do I do it?
> > >
> > > MG> and, have you read CA's page on Zuten?
> > > MG> http://ca.com/us/securityadvisor/pest/pest.aspx? id=453138752
> > >
> > > Yes, I did read the CA’s page on Zuten.
> > >
> > > Thanks for your help.
> > >
> > > Serge
> > >
> > >
> > > "MowGreen [MVP]" wrote:
> > >
> > >
> > >>Serge,
> > >>
> > >>CA detecting a "trojan" in a minidump file 'sounds' like it's a False
> > >>Positive. Perhaps it's detecting that the system is sending the minidump
> > >>file to Microsoft and thinks it's a "trojan" ?
> > >>In XP, the Default location of minidump files is in the Minidump
> > >>subfolder located at WINDOWS\Minidump
> > >>Is anything present in that subfolder and, have you read CA's page on
> > >>Zuten ?
> > >>http://ca.com/us/securityadvisor/pest/pest.aspx?id=453138752
> > >>
> > >>
> > >>MowGreen [MVP 2003-2008]
> > >>===============
> > >> *-343-* FDNY
> > >>Never Forgotten
> > >>===============
> > >>
> > >>
> > >>
> > >>Serge wrote:
> > >>
> > >>
> > >>>Windows XP Media Center Edition 2005
> > >>>SP3
> > >>>CA Anti-Virus Plus CA Anti-Spyware 2008
> > >>>----------------------------------------------------------
> > >>>A scan with CA Anti-Spyware 2008 found a Zuten Trojan.
> > >>>
> > >>>CA Anti-Spyware was set to delete spyware and cookies automatically once
> > >>>quarantined.
> > >>>
> > >>>Log shows: Quarantined Zuten Trojan was in Folder: C:\windows\minidump
> > >>>and 3 cookies were also found
> > >>>
> > >>>Quarantine is empty, I can only assume that the 3 cookies and the Zuten
> > >>>Trojan were deleted.
> > >>>
> > >>>.The c:\windows\minidump file can not be found. I can only assume that the
> > >>>file was deleted by the CA Anti-Spyware with the Zuten Trojan.
> > >>>
> > >>>At that point I ran Ad-Aware 2008, Super Antispyware and Windows Defender.
> > >>>I also ran a complete Windows Live One Care and nothing was found.
> > >>>
> > >>> My computer appears to be running normally. Should I be taking any further
> > >>>action?
> > >>>
> > >>>If I am in the wrong place, please point me in the right direction.
> > >>>
> > >>>Serge
> > >>>
> > >>
> >

 

[Serge]

Owen,

O> I have scanned with AVG 8.0, micotrend online and others but still no
virus found.

Zuten is a Trojan and not a virus but a spyware.

Anti Virus program will not find it, wrong tool for the job.

O> Has getting rid of the 'Zuten Trojan' solved any of your problems?

If you read my message again you will see that I never had any problem. I
checked my system with different spyware removers. I could not find any
Zuten Trojan so I accepted Mow Green's assumption that it was a “false
positiveâ€.

O> I am finding it hard to find any info on it?

The only info I found was that it was a password stealer.

O> Any help would be great

May I suggest that you start your own thread on the subject, here or on one
of the Spyware Forum.

Serge


"Owen" wrote:

> Hey
>
> I have the same problem.... Any time I open a widows media file, I get the
> 'blue screen of death' and the same minidump message. I have scanned with AVG
> 8.0, micotrend online and others but still no virus found... I have also
> updated my video card settings.. still no good.
>
> I'm sure its a virus after I took USB stick to a friends BRAND NEW computer
> and executed a couple of files from there, after acouple of hours the pc was
> doing the exactly the same thing.
>
> Has getting rid of the 'Zuten Trojan' solved any of your problems? I am
> finding it hard to finds any info on it?
>
> Any help would be great
>
> Owen.
>
>
> "Serge" wrote:
>
> > MG> The Minidump subfolder in the WINDOWS directory should be
> > MG> recreated if/when another minidump is made.
> >
> > As it is not needed, I will let it recreate itself.
> >
> > MG>You could post to a CA User Group Forum and see if anyone
> > MG> else received the same False Positive:
> >
> > In CA Home/Home Office Forum I have managed to find the following message
> > dated 31/07/2008:
> > ----------------------------------------------------------------------------------------------
> > Hello,
> > This is the best string I could find for MY message. I have been a McAfee
> > user for years, and currently have their "Total Protection" software
> > installed. However, I have never totally trusted their anti-spy software,
> > thus I had also purchased CA Anti-Spy.
> >
> > Earlier today, CA -Anti-spy detected the "TROJAN" "Zuten" on my computer,
> > and reported it as a password stealer!
> >
> > I immediately quarantined it, and the deleted it as well! I also immediately
> > began changing ALL of my passwords!
> >
> > However, before I could re-set one of my site passwords for the "Stats
> > function" it had ALREADY been accessed!
> >
> > Luckily, the site wasn't imperative, thus doing little/no harm!
> >
> > My point is THIS! My McAfee was in FULL action, and active, YET it NEVER
> > detected a thing! It was my CA Anti-spy, which located, and warned me about
> > the TROJAN!!
> >
> > Thank YOU CA!!!
> >
> > End of message.
> > ------------------------------------------------------------------------------------------------
> > In c:\windows\debug\ I found a file called Passwd.log. The log was blank.
> > I could not find any sensible info on this Passwd.log. Unless I can find
> > otherwise, I will treat my “Trojan Zuten†as a false positive.
> >
> > I am open to any further suggestions.
> >
> > Thanks for your help.
> >
> >
> > Serge
> >
> >
> > "MowGreen [MVP]" wrote:
> >
> > > The Minidump subfolder in the WINDOWS directory should be recreated
> > > if/when another minidump is made. You could recreate it if you really
> > > want to.
> > > You could post to a CA User Group Forum and see if anyone else received
> > > the same False Positive: http://causergroups.ca.com/
> > >
> > >
> > > MowGreen [MVP 2003-2008]
> > > ===============
> > > *-343-* FDNY
> > > Never Forgotten
> > > ===============
> > >
> > >
> > > Serge wrote:
> > >
> > > > MG> CA detecting a "Trojan" in a minidump file 'sounds' like it's a MG> False
> > > > MG>Positive.
> > > >
> > > > Yes, that is my wish. I did not mention that I was also running Comodo BO
> > > > Clean in the background.
> > > >
> > > > MG> In XP, the Default location of minidump files is in the Minidump
> > > > MG> subfolder located at WINDOWS\Minidump. Is anything present in that
> > > > MG> subfolder….
> > > >
> > > > CA Anti-Spyware was set to delete spyware and cookies automatically once
> > > > quarantined. The c:\windows\minidump subfolder can not be found. I can only
> > > > assume that it was deleted by the CA Anti-Spyware as it assumed that it
> > > > contained the Zuten Trojan.
> > > >
> > > > Do I need to make a minidump subfolder? If yes how do I do it?
> > > >
> > > > MG> and, have you read CA's page on Zuten?
> > > > MG> http://ca.com/us/securityadvisor/pest/pest.aspx? id=453138752
> > > >
> > > > Yes, I did read the CA’s page on Zuten.
> > > >
> > > > Thanks for your help.
> > > >
> > > > Serge
> > > >
> > > >
> > > > "MowGreen [MVP]" wrote:
> > > >
> > > >
> > > >>Serge,
> > > >>
> > > >>CA detecting a "trojan" in a minidump file 'sounds' like it's a False
> > > >>Positive. Perhaps it's detecting that the system is sending the minidump
> > > >>file to Microsoft and thinks it's a "trojan" ?
> > > >>In XP, the Default location of minidump files is in the Minidump
> > > >>subfolder located at WINDOWS\Minidump
> > > >>Is anything present in that subfolder and, have you read CA's page on
> > > >>Zuten ?
> > > >>http://ca.com/us/securityadvisor/pest/pest.aspx?id=453138752
> > > >>
> > > >>
> > > >>MowGreen [MVP 2003-2008]
> > > >>===============
> > > >> *-343-* FDNY
> > > >>Never Forgotten
> > > >>===============
> > > >>
> > > >>
> > > >>
> > > >>Serge wrote:
> > > >>
> > > >>
> > > >>>Windows XP Media Center Edition 2005
> > > >>>SP3
> > > >>>CA Anti-Virus Plus CA Anti-Spyware 2008
> > > >>>----------------------------------------------------------
> > > >>>A scan with CA Anti-Spyware 2008 found a Zuten Trojan.
> > > >>>
> > > >>>CA Anti-Spyware was set to delete spyware and cookies automatically once
> > > >>>quarantined.
> > > >>>
> > > >>>Log shows: Quarantined Zuten Trojan was in Folder: C:\windows\minidump
> > > >>>and 3 cookies were also found
> > > >>>
> > > >>>Quarantine is empty, I can only assume that the 3 cookies and the Zuten
> > > >>>Trojan were deleted.
> > > >>>
> > > >>>.The c:\windows\minidump file can not be found. I can only assume that the
> > > >>>file was deleted by the CA Anti-Spyware with the Zuten Trojan.
> > > >>>
> > > >>>At that point I ran Ad-Aware 2008, Super Antispyware and Windows Defender.
> > > >>>I also ran a complete Windows Live One Care and nothing was found.
> > > >>>
> > > >>> My computer appears to be running normally. Should I be taking any further
> > > >>>action?
> > > >>>
> > > >>>If I am in the wrong place, please point me in the right direction.
> > > >>>
> > > >>>Serge
> > > >>>
> > > >>
> > >

 

[Serge]

"Owen" wrote:

> I am finding it hard to finds any info on it?


You may find the info you need at:

To find information on the Zuten Spyware go to the CA Spyware Information
Centre:
http://www.ca.com/us/spyware.aspx

In the Find Threats window click on Spyware and in the Search Window enter
Zuten and click on Search.

Serge

 

[MowGreen [MVP]]

Check this page out, Owen -
http://onecare.live.com/site/en-us/virusenc/virussearch.htm?VirusSearch=Zuten

You need to identify the specific variant of Zuten that has infected the
system. IF the variant is Win32/Zuten than the Microsoft Windows
Malicious Software Removal Tool is supposed to be able to remove it.
IF it's been downloaded recently [ June '08 ], then suggest you boot the
system to Safe Mode: http://support.microsoft.com/kb/315222
IF it has not been downloaded recently, than do so here:
http://www.microsoft.com/downloads/...E0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

After the download completes, close all open programs and browsers.
Now run windows-kb890830-v2.1.exe and then restart the system to Safe Mode.

Once in SM, go to Start > Run > type in

mrt
Click OK or press Enter
Wait ... The MRT will open.
Click the Next button
Put a mark next to ' Full Scan '
Click Next
Did the MRT find and remove Zuten ?
If necessary, you can check it's log [ mrt.log ] that's located in
WINDOWS\Debug to see if anything was detected.

Restart the system to normal Windows mode.

Next, using Internet Explorer, have the system scanned here:
http://onecare.live.com/site/en-us/center/howsafe.htm

Did that remove the trojan ?


MowGreen [MVP 2003-2008]
===============
*-343-* FDNY
Never Forgotten
===============



Owen wrote:

> Hey
>
> I have the same problem.... Any time I open a widows media file, I get the
> 'blue screen of death' and the same minidump message. I have scanned with AVG
> 8.0, micotrend online and others but still no virus found... I have also
> updated my video card settings.. still no good.
>
> I'm sure its a virus after I took USB stick to a friends BRAND NEW computer
> and executed a couple of files from there, after acouple of hours the pc was
> doing the exactly the same thing.
>
> Has getting rid of the 'Zuten Trojan' solved any of your problems? I am
> finding it hard to finds any info on it?
>
> Any help would be great
>
> Owen.
>
>
> "Serge" wrote:
>
>
>>MG> The Minidump subfolder in the WINDOWS directory should be
>>MG> recreated if/when another minidump is made.
>>
>>As it is not needed, I will let it recreate itself.
>>
>>MG>You could post to a CA User Group Forum and see if anyone
>>MG> else received the same False Positive:
>>
>>In CA Home/Home Office Forum I have managed to find the following message
>>dated 31/07/2008:
>>----------------------------------------------------------------------------------------------
>>Hello,
>>This is the best string I could find for MY message. I have been a McAfee
>>user for years, and currently have their "Total Protection" software
>>installed. However, I have never totally trusted their anti-spy software,
>>thus I had also purchased CA Anti-Spy.
>>
>>Earlier today, CA -Anti-spy detected the "TROJAN" "Zuten" on my computer,
>>and reported it as a password stealer!
>>
>>I immediately quarantined it, and the deleted it as well! I also immediately
>>began changing ALL of my passwords!
>>
>>However, before I could re-set one of my site passwords for the "Stats
>>function" it had ALREADY been accessed!
>>
>>Luckily, the site wasn't imperative, thus doing little/no harm!
>>
>>My point is THIS! My McAfee was in FULL action, and active, YET it NEVER
>>detected a thing! It was my CA Anti-spy, which located, and warned me about
>>the TROJAN!!
>>
>>Thank YOU CA!!!
>>
>>End of message.
>>------------------------------------------------------------------------------------------------
>>In c:\windows\debug\ I found a file called Passwd.log. The log was blank.
>>I could not find any sensible info on this Passwd.log. Unless I can find
>>otherwise, I will treat my “Trojan Zuten†as a false positive.
>>
>>I am open to any further suggestions.
>>
>>Thanks for your help.
>>
>>
>>Serge
>>
>>
>>"MowGreen [MVP]" wrote:
>>
>>
>>>The Minidump subfolder in the WINDOWS directory should be recreated
>>>if/when another minidump is made. You could recreate it if you really
>>>want to.
>>>You could post to a CA User Group Forum and see if anyone else received
>>>the same False Positive: http://causergroups.ca.com/
>>>
>>>
>>>MowGreen [MVP 2003-2008]
>>>===============
>>> *-343-* FDNY
>>>Never Forgotten
>>>===============
>>>
>>>
>>>Serge wrote:
>>>
>>>
>>>>MG> CA detecting a "Trojan" in a minidump file 'sounds' like it's a MG> False
>>>>MG>Positive.
>>>>
>>>>Yes, that is my wish. I did not mention that I was also running Comodo BO
>>>>Clean in the background.
>>>>
>>>>MG> In XP, the Default location of minidump files is in the Minidump
>>>>MG> subfolder located at WINDOWS\Minidump. Is anything present in that
>>>>MG> subfolder….
>>>>
>>>>CA Anti-Spyware was set to delete spyware and cookies automatically once
>>>>quarantined. The c:\windows\minidump subfolder can not be found. I can only
>>>>assume that it was deleted by the CA Anti-Spyware as it assumed that it
>>>>contained the Zuten Trojan.
>>>>
>>>>Do I need to make a minidump subfolder? If yes how do I do it?
>>>>
>>>>MG> and, have you read CA's page on Zuten?
>>>>MG> http://ca.com/us/securityadvisor/pest/pest.aspx? id=453138752
>>>>
>>>>Yes, I did read the CA’s page on Zuten.
>>>>
>>>>Thanks for your help.
>>>>
>>>>Serge
>>>>
>>>>
>>>>"MowGreen [MVP]" wrote:
>>>>
>>>>
>>>>
>>>>>Serge,
>>>>>
>>>>>CA detecting a "trojan" in a minidump file 'sounds' like it's a False
>>>>>Positive. Perhaps it's detecting that the system is sending the minidump
>>>>>file to Microsoft and thinks it's a "trojan" ?
>>>>>In XP, the Default location of minidump files is in the Minidump
>>>>>subfolder located at WINDOWS\Minidump
>>>>>Is anything present in that subfolder and, have you read CA's page on
>>>>>Zuten ?
>>>>>http://ca.com/us/securityadvisor/pest/pest.aspx?id=453138752
>>>>>
>>>>>
>>>>>MowGreen [MVP 2003-2008]
>>>>>===============
>>>>> *-343-* FDNY
>>>>>Never Forgotten
>>>>>===============
>>>>>
>>>>>
>>>>>
>>>>>Serge wrote:
>>>>>
>>>>>
>>>>>
>>>>>>Windows XP Media Center Edition 2005
>>>>>>SP3
>>>>>>CA Anti-Virus Plus CA Anti-Spyware 2008
>>>>>>----------------------------------------------------------
>>>>>>A scan with CA Anti-Spyware 2008 found a Zuten Trojan.
>>>>>>
>>>>>>CA Anti-Spyware was set to delete spyware and cookies automatically once
>>>>>>quarantined.
>>>>>>
>>>>>>Log shows: Quarantined Zuten Trojan was in Folder: C:\windows\minidump
>>>>>>and 3 cookies were also found
>>>>>>
>>>>>>Quarantine is empty, I can only assume that the 3 cookies and the Zuten
>>>>>>Trojan were deleted.
>>>>>>
>>>>>>.The c:\windows\minidump file can not be found. I can only assume that the
>>>>>>file was deleted by the CA Anti-Spyware with the Zuten Trojan.
>>>>>>
>>>>>>At that point I ran Ad-Aware 2008, Super Antispyware and Windows Defender.
>>>>>>I also ran a complete Windows Live One Care and nothing was found.
>>>>>>
>>>>>>My computer appears to be running normally. Should I be taking any further
>>>>>>action?
>>>>>>
>>>>>>If I am in the wrong place, please point me in the right direction.
>>>>>>
>>>>>>Serge
>>>>>>
>>>>>