trojan in Acer recovery software

Discussion in 'Online Security' started by squeakyknees, Sep 5, 2011.

  1. squeakyknees

    squeakyknees

    Joined:
    Mar 26, 2006
    Messages:
    47
    Location:
    Ontario,Canada
    I recently bought an Acer 5250 BZ479 laptop I immediately made the recovery discs and installed Security Essentials (The McAfee trial wouldn't activate)
    It acted strangely so I reloaded via the recovery discs. Same results. I installed Spybot and the scan came up clean twice. I finally reloaded it from the recovery partition. This time I tried Panda's free edition from the cloud. It came up with a trojan, Deldir.A It was found in C:\Windows\System32\OEM\CLEANUP.CMD and C:\Windows\System32\OEM\CLEANUP_MLP.CMD I had to manually remove the two files as there doesn't appear to be a fix yet.
    Today I saw on Code Wars show that pcs being made in China were being sent here with trojans insertesd in the OEM software. This computer was made in China so be aware of this issue in Acer laptops. I didn't find the trojan anywhere in my desktop which I built myself.

    MCP MCDST CompTIA IT Tech
     
  2. jdeb

    jdeb

    Joined:
    Nov 12, 2008
    Messages:
    5,924
    Location:
    Detroit, MI
  3. glc

    glc Forum Administrator Staff Member

    Joined:
    May 26, 2000
    Messages:
    47,817
    Location:
    Joplin MO
    Are you sure it isn't a legitimate file?
     
  4. jdeb

    jdeb

    Joined:
    Nov 12, 2008
    Messages:
    5,924
    Location:
    Detroit, MI
    Right. The cleanup cmd is a file used by the manufacture that installed the operating system.

    Better to be safe than sorry. I do not think there is an issue. In my opinion, most new laptops act flaky until you get rid of the bloated software and completely remove the trial software. I use decrapifier and CCleaner.
     
  5. squeakyknees

    squeakyknees

    Joined:
    Mar 26, 2006
    Messages:
    47
    Location:
    Ontario,Canada
    The trojan file discovered was Deldir.A within those files, not the cleanup cmd themselves
     
  6. glc

    glc Forum Administrator Staff Member

    Joined:
    May 26, 2000
    Messages:
    47,817
    Location:
    Joplin MO
    The majorgeeks.com forums say that this is a false detection by Panda.
     

Share This Page