Over 1 million tech questions and answers.

Is Win32.trojan.peflog.30 A False-positive?

Q: Is Win32.trojan.peflog.30 A False-positive?

ZoneAlarm Pro's spyware scanner found Win32.Trojan.Peflog.30, I googled it and found:http://forums.zonelabs.org/zonelabs/board/...message.id=1221They say it's a false-positive, but that was posted almost a year ago, why is it not 'fixed' anymore?should I be worried? I'm not sure where this was infected, or what I downloaded to get infected, the file is deleted now, so if I needed to take steps to remove it..I'm probably screwed...

RELEVANCY SCORE 200
Preferred Solution: Is Win32.trojan.peflog.30 A False-positive?

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Is Win32.trojan.peflog.30 A False-positive?

Hello WtfamIdoing,I see you have an open HJT log posted in the HijackThis Logs and Malware Removal forum.You shouldn't make any changes to your system, while your HJT log is posted, as that could change the results of the posted log, making it difficult to properly clean your system.At this point, the HJT Team should be the only members that you take advice from, until they have verified your log as clean.I'm closing this topic until you are cleared by the HJT Team. If, after your log has been cleaned, you still need help, please PM a Moderator and we will re-open this topic.If you have any questions, don't hesitate to send me a PM.

Read other 1 answers
RELEVANCY SCORE 99.6

Hello, i'm new to the form, but i'm having a problem. I scanned my computer with ad-aware and i had three hits, Webhancer, trojan.win32.generic!bt, and a lot of cookie stuff(32 to be exact). I quarntined the Webhancer and trojan and deleted the cookie ones. I then scanned with spybot s & d and didn't get any hits. So did ad-aware have a false positive? or am i really in trouble? Thanks for the help!

A:Possible False Positive/ Trojan.win32.generic!BT

Did your Ad-aware provide a specific file(s) name associated with the malware threat(s) detection and if so, where was it located (full file path) at on your system? Or was the detection found in a registry key?Each security vendor uses their own naming conventions to identify various types of malware so it's difficult to determine exactly what has been detected or the nature of the infection without knowing more information about the actually file(s) involved. See Understanding virus names.Anytime you come across a suspicious file for which you cannot find any information about, the file has a legitimate name but is not located where it is supposed to be, or you want a second opinion, submit it to one of the following online services that analyzes suspicious files:Jotti's virusscanVirusTotalVirSCANIn the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.

Read other 3 answers
RELEVANCY SCORE 99.6

Hi,

Before I start explaining the problem:
I am running a legit copy of Windows XP SP3, I have NOD32 as my main anti-virus.

Yesterday before going to sleep I started a trend micro housecall scan (I'm using a trial version of NOD32 for my main anti-virus, along with malwarebytes, superantispyware, adaware and spybot s&d). When I woke up NOD was telling it had detected "Win32/Spy.Agent.PZ trojan".

My NOD32 is in swedish but here's a translation of the relevant info from the log:
The file was detected in C:\DOCUME~1\JONATH~1\LOKALA~1\Temp\VS14AHU6.40S and is "a variant of Win32/Spy.Agent.PZ trojan", and it was quarantined and then removed.
It "Was created by the program c\program\internet explorer\iexplore.exe" (I use firefox normally, but housecall doesn't seem to work as well with that browser for me).

Not sure the translation is perfect but hopefully fine. Anyway, as the scan had finished long before I woke up, the active-x plugin had expired and I had to refresh the page.. and thus losing the scan results, so I restarted it - and about 5-10 minutes into the scan I recieved the same popup about the trojan (and have done so everytime I run the scan, 4/4 times) which makes me think that it's a false positive, probably caused by something installed by housecall? Is there anyway I can be sure tho? For whatever it's worth, I've ran a NOD scan since and it found nothing, and a ho... Read more

A:Win32/Spy.Agent.PZ trojan - false positive?

suggest you try a scan with malawarebytes and post the resultant log for review?fresh instructions are here.....http://www.bleepingcomputer.com/forums/ind...st&p=959453

Read other 8 answers
RELEVANCY SCORE 98.4

Hi all...Running Vista Ultimate 64bit, Spysweeper 6.1.0 build 128 and am normally very security conscious but try not to be paranoid. Have owned my laptop for 6 months and never one single trace of spy/mal/adware has ever been detected on a scan. This actually concerned me...normally I at least get some cookies detected. Computer has been acting a little squirrelly lately and yesterday, while in the middle of doing nothing, it just got a blue screen and crashed. I recovered it no problem through a reboot, but just for grins I downloaded and installed Adaware (free) version 8.1.1, updated definitions and ran a sweep. It detected, and then quarantined "Win32.Trojan.Agent" -- Here's a screenshot:http://screencast.com/t/OLTHRT4LVkvlMy question is, is this a false positive? I tried to research what win32.Trojan.Agent was and that's when I saw a lot of activity on various forums about this thing being a false positive a lot and thought I'd get some other opinions. Note to admin: that's how I found this forum...and I registered because your replies seemed very user- and satisfaction-driven, so kudos! :-)- John

Read other answers
RELEVANCY SCORE 98.4

Hello,

I've gotten a hit on A3-free, a detection of trojan-downloader.win32.devsog!k. The file in question is C:\Program Files\Advanced Privacy Cleaner\Advanced privacy cleaner.exe. There's not much on the web about this virus, but it appears to be a fairly nasty downloader.

I haven't used/changed my advanced privacy cleaner program in a few weeks, and my other scanners (AVG free, Avira Antivir, Malwarebytes anti-malware) say the file is clean. It has been on my PC for a while and scanned numerous times without any detections. Jottiscan says that only Ikarus and A3 are detecting it as a virus, all the others scanners show it as clean. A3-free was updated just before I did the scan.

I've quarantined the file for now, and ran various full scans, and I don't think I need any technical help at this point.

I've submitted it for analysis, but would appreciate if anyone could confirm this as a false positive, which I suspect it is. I assume others are getting the same results, so hope the info helps someone.

Thanx.

A:Trojan-downloader.win32.devsog!k - probably a false positive?

If you want to learn more, this post will do you a great favor.hxxp://www.iuninstall.com/how-to-remove-trojan-downloader-win32-devsogk-removal-instructions

Read other 3 answers
RELEVANCY SCORE 98.4

Hi, I'm new to the forum!

I just recently formatted my computer about 2 weeks ago and have been reinstalling all components.

After using Zone alarm security suite version 7.1 for Windows Vista, it detected win32.trojan.downloader.banload.awy

The stated infected file is FP_AX_CAB_INSTALLER.EXE which is located in C:\Windows\DownloadedProgramFiles\

A few sites state that this new file is from Adobe for the flash player, and gives the exact folder where it should be located.

Is this a false positive? Or is the file truly infected? Thanks.

My operating system is Windows Vista Home Premium, and my computer is a thinkpad T61

A:Help, Is This A False Positive? Win32.trojan.downloader.banload.awy

Welcome to BC RiceRoni Here are two sites where you can upload the file. These sites will scan it with multiple scanners. This is generally a good idea if you are unsure about a file.http://virusscan.jotti.org/http://www.virustotal.com/Orange Blossom

Read other 4 answers
RELEVANCY SCORE 97.6

C:\WINDOWS\system32\wbem\unsecapp.exeis classified as trojan.win32.genome.hfcz!A2 by A squred free .it has been fixed in the latest updates as per the forum moderator http://support.emsisoft.com/topic/1814-pos...false-positive/Hope this helps if anyone is concerned.

Read other answers
RELEVANCY SCORE 96.4

Hello all.I sent this file in for inspection for ZA.C:\SWTOOLS\apps\NORTONIS\US\Stub.exeSize:Stub.exe (521.6 kilobyte) - 534.12 kBI used virustotal.com to inspect the file before quarantine, and it was only flagged by VBA32Based on a half-dozen websites, the sizes of the file matches the above, and says it's apart of Norton IS 2007 and Norton 360 (where Norton IS2007 comes preloaded on the machine)Kind of strange because this folder ("SWTOOLS") is basically just programs and drivers that come pre-installed on the computer when I reformat using the system-restore CDs provided by the manufacturer.I just reformatted this new hard drive last week (04/19/2008), so it leads me to believe it's a false positive?This is the 3rd time in the past year that i've had some sort of program flagged from that folder (Maybe ZA hates norton install files?)

A:Zonealarm Iss2007 Flags Win32.trojan.ntrootkit.115 False Positive?

Every firewall and AV, or almost every, hates the others. Not to spite you, but to be able to work properly.At issue is simply too many cooks in the kitchen trying to get at the same thing.Driver conflicts abound. To be good, these applications have to use their own drivers at a very low level.Have you used Norton removal tool before installing ZA?http://www.bleepingcomputer.com/forums/t/34671/how-to-remove-your-norton-products/If you used the already spoiled and bloated restore CD from the manufacturer, as you seem to indicate, then likely Norton got pushed in already. (Yes it's criminal of them to put in software you don't ask for, and even more criminal to leave stuff behind when you get rid of it, but what can you do?). Restore CDs don't even offer a reformat, just the quick format Some have claimed that the Norton stuff installed without your consent is actually a rootkit, in which case ZA's Kaspersky AV (within ZA-pro and suite) is doing a good job.Removal is very difficult. I don't know the details.What do you mean "it was flagged by VBA32" what is VBA32?

Read other 2 answers
RELEVANCY SCORE 83.6

I recently unearthed an old copy of one of my favorite computer strategy games, and, for good measure, I decided to run a scan on the archive using AVG. The result is as follows:

"C:\Games\StrategyGame.zip:\StrategyGame\TERRANX.ICD"
"Virus found Win32/Heur"
"Infected"

I proceeded to find a thread on this forum that recommends installing and scanning with Malwarebytes' Anti-Malware. When the scan result showed that no malicious objects were found in the archive (or anywhere on my computer), I decided I'd try extracting the suspicious file and running it through http://virusscan.Jotti.org.
Here is the result:
http://virusscan.jotti.org/en/scanresult/d6d1598cc19acff90f7012343aced607a21a5ec2

Most anti-virus scanners do not recognize the file as the win32 heur virus. I never experienced anything odd with the game in past years, but that was on an entirely different computer.

Is it safe to assume that AVG is giving me a false positive?

A:False positive in AVG for win32/heur virus?

Hello,And welcome to BleepingComputer.com, before we can assist you with your question of: Am I infected? You will need to perform the following tasks and post the logs of each if you can.Malwarebytes Anti-MalwareUpdate and rescan with Malwarebytes Anti-Malware and post the log.SUPERAntiSpyware:Please download and scan with SUPERAntiSpyware FreeDouble-click SUPERAntiSypware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)In the Main Menu, click the Preferences... button.Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click t... Read more

Read other 15 answers
RELEVANCY SCORE 82.8

I'm not having any symptoms of infection, but when doing an online spyware scan with zonealarm I was surprised to find the following, especially as I have never used Kazaa:
Kazaa Lite goop 28 - Adware

RegistryKey - HKEY_CURRENT_USER\Software\Kazaa\

RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Kazaa\
P2P-Worm.Win32.Logpole.c - Trojan

RegistryKey - HKEY_CURRENT_USER\Software\Kazaa\LocalContent\

I've ran a full system scan with KAV and ewido, both found nothing. Please could someone analyse my HJT log?

---------------------
Logfile of HijackThis v1.99.1
Scan saved at 19:55:42, on 19/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\NSClean\BOClean\BOCORE.exe
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe
C:\PROGRA~1\NSClean\BOClean\BOC421.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\ctfmon.ex... Read more

A:Solved: P2P-Worm.Win32.Logpole.c -- False positive?

Read other 7 answers
RELEVANCY SCORE 81.2

I am a developer and I use nsis most of the time. I am sure there are other who use nsis and perhaps they have faced the same problem as I did. Problem is mcafee detects even an empty installer as a threat regardless of it's emptiness. As a developer I am frustrated with all the alerts given by Mcafee. Below is an analysis done by various antivirus programs and they seem to function quiet fine with nsis but not Mcafee.
 
https://www.virustotal.com/en/file/755f5eb13371bf03b5e8d4398869e0b1a19b189b7214d8cfe516bda9b951748b/analysis/1412582177/
 
If anyone here has faced the same problem, please complain this to them so they will review it.  

A:False Positive BehavesLike.Win32.Dropper.nh NON-SENSE by McAfee-GW-Edition

If you are a client from McAfee, the best thing you can do is open a support case with them for a false positive.

Read other 8 answers
RELEVANCY SCORE 81.2

Hello all,

I'm using Windows Vista Home Premium SP2 (32-bit). Here's my trouble: AVG recently (2 days ago) detected this virus called Win32 Heur on my laptop, and curiously the infected files are game .exes (Star Wars KotOR, Bioshock, nogba) that I've had for years and haven't been using for a long time. Also, the virus detections started just after I'd finished installing Funshion on my laptop.

I'm not sure if it is an actual infection or just a false positive issue. At any rate, I deleted the files from the Virus Vault just to be safe, and uninstalled Funshion. My Firefox browser also seems to be slower lately, but that could just be me over-thinking the virus detection.

Any help is greatly appreciated! Thank you!

A:Win32 Heur on game .exes. Actual infection or false positive?

You could have a virus that is infecting other executables (polymorphic virus). An example of this is Win32.Virut. These virus normally lead to having to reformat your computer but of course, I could be wrong so lets see what the staff have to say about this one.

Read other 1 answers
RELEVANCY SCORE 80.8

I'm running Windows XP, SP 3.

Ok, so a couple of weeks ago I upgraded to AVG 9.0. I updated it and scanned and it found a Trojan Horse Vundo.jw in my system32 folder, on the csrss.exe file, and csrss.exe\00270000 (or something). AVG said it removed it, then a day later, it was back, same files. Removed it again, same thing next day, and the next, etc.

Since then I've downloaded, installed, scanned and tried removing it using at least 6-7 other programs, one of which is BitDefender. Now here's where it gets confusing... to install and use BitDefender, I had to remove AVG. After installing BitDefender and finding out it didn't find the possible trojan, I looked for the next program to use, none of which have found it. The trouble here is that I'm not actually sure if it's still on my system since none of the programs detected it, but it was there when I uninstalled AVG for BitDefender... so I really need some help

(As a note; on the day I uninstalled AVG, AVG detected the trojan in the same files, but said it was now a trojan horse vundo.je, no longer a .jw)

HiJack This log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:21:32 p.m., on 29/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WI... Read more

A:Trojan or false positive...?

Read other 16 answers
RELEVANCY SCORE 80.8

Hi Everybody,I was trying to help someone with a browser hijacker problem in one of the other forums. While doing that I downloaded a new free program to see how it worked because I was recommending to them that they install some such programs if they didn't already have any.Anyway I downloaded it, updated it and let it run. When it had finished running it made an evil sounding noise and told me that my system is infected with a couple of Trojans. Normally, as paranoid as I am about those things, I would have panicked over such a revaluation, however, as this program told me that I had to BUY the paid version before it could REMOVE the threats... but offered me the option to FIX said problem I'm wondering if the report of Trojans is just a sham false positive to get me to buy their product.I have several other Anti Ad\Spyware programs that I run every couple of days and none of them have picked up any Trojans. I haven't taken any action on those buggers yet as I wanted to see if there is a way that I can check to see if those suckers are really threats on my system or just a marketing tool used by that company.I'm attaching a screen shot of what that program said that it found for you to look at.Thanks for any information on this.WendyEDITED: In a moment of blondness I posted this without the picture attached so here it is. SECOND EDIT!; *RATS! blushing with embarrassment Can you believe that I just did it a second time?* Wendy THIRD EDIT: The ... Read more

A:Trojan Or False Positive?

Wendy, I don't see the picture. If you could tell us what the application is called, I am sure we could determine whether it was legitimate or not.
Thanks,
John

Read other 13 answers
RELEVANCY SCORE 80.8

Hi all, this is my first post and i need some advice please?

I have recently downloaded some files, and scanned them with AVG (as i do) and it has found a trojan by the name of 'Trojan horse PSW.Generic6.ABXC'.
Obviously this has concerned me, so i have now downloaded Avast antivirus and malwarebytes. i have scanned the suspect file with both of these and they say that there is no infection. is it safe for me to assume that this is a false positive?

Thanks in advance for any advice you have.
Doug

Read other answers
RELEVANCY SCORE 80.8

Hi everyone,

I am wondering wheather I have a false positive or a real trojan , heres story:

I try to start a game called counter strike that runs off of a program called steam. Everytime i try doing so, a thing from norton says that it has blocked a trojan virus, and that my computer is safe. When it does this, it stops the game from starting. I go to the log to figure out where this trojan is. This is the directory i get C:\Documents and Settings\hp owner\Local Settings\Temp\~57A.tmp Then I check that directory , and there is no such file there.

Is this a false positive? Is it a trojan? If it is a trojan, do you know how to remove it?

Thanks alot :D

A:Is This A False Positive Or Trojan

Run a scan of your machine with the F Secure Online Scanner Have it clean anything that it finds.

Read other 2 answers
RELEVANCY SCORE 80

Hi
 
I have a windows 7 operating system and have mcafee total protection as well as MBAM (malwarebytes anti-malware).
 
On startup of my machine and occasionally when running, mcafee informs me it has quarantined a trojan - Artemis! - 9E52F321A396. This file is continually re-created, and has been quarantined multiple times.
 
I don't know if this is a false positive or not.
 
Other points to note -
 
I see no other signs of an infection.
 
MBAM does not flag this file as a trojan.
 
The file is edited so that when i startup, the file size is 5109KB and then changed to a size of 1024KB - when the file size is 1024KB mcafee quarantines it.
 
I searched online and read other posts on this forum and believe the PE_Rom.dll file is related to my ASUS motherboard and the ASUS suite software i have installed.
 
If i run Asus ez update the file is changed back to a 5109KB size and the update appears to run ok (nothing requires updating)
 
I upload both files 1029KB and the 5109Kb to virus total - the 5109KB - 0/54 detection - the 1029Kb - 7/54 detection list of results where
- AVware - Trojan.Win32.Generic!BT
- Comodo - UnclassifiedMalware
- Mcafee - RDN/Generic.dx
- Mcafee-GW-Edition - RDN/Generix.dx
- Sophos - Mal/Generic-S
- Symantec - Trojan.Gen.SMH.2
- VIPRE - Trojan.Win32.Generic!BT
 
Does anyone know if this is a real infection or just a false positive? I searched a few of the register key locations where previous PE_rom.... Read more

A:PE_Rom.dll trojan - not sure if it's a false positive

Hi
 
With the information you have provided I believe you will need help from the malware removal team. I would like you to start a new thread HERE and include a link to this thread. Please make sure that you read the information about getting started before you start your thread.
It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient. Help is on the way!

Read other 2 answers
RELEVANCY SCORE 80

Hi
 
I started a thread in Am I infected? What do I do? and was asked to create anew thread here.
http://www.bleepingcomputer.com/forums/t/600889/pe-romdll-trojan-not-sure-if-its-a-false-positive/
 
I have a windows 7 operating system and have mcafee total protection as well as MBAM (malwarebytes anti-malware).
 
On startup of my machine and occasionally when running, mcafee informs me it has quarantined a trojan - Artemis! - 9E52F321A396. This file is continually re-created, and has been quarantined multiple times.
 
I don't know if this is a false positive or not.
 
Other points to note -
 
I see no other signs of an infection.
 
MBAM does not flag this file as a trojan.
 
The file is edited so that when i startup, the file size is 5109KB and then changed to a size of 1024KB - when the file size is 1024KB mcafee quarantines it.
 
I searched online and read other posts on this forum and believe the PE_Rom.dll file is related to my ASUS motherboard and the ASUS suite software i have installed.
 
If i run Asus ez update the file is changed back to a 5109KB size and the update appears to run ok (nothing requires updating)
 
I upload both files 1029KB and the 5109Kb to virus total - the 5109KB - 0/54 detection - the 1029Kb - 7/54 detection list of results where
- AVware - Trojan.Win32.Generic!BT
- Comodo - UnclassifiedMalware
- Mcafee - RDN/Generic.dx
- Mcafee-GW-Edition - RDN/Generix.dx
- Sophos - Mal/Generic-S
- ... Read more

A:PE_Rom.dll trojan - not sure if it's a false positive

Just a point to add, since running that scan I have installed a windows critical security update

Security Update for Windows 7 for x64-based Systems (KB3075226)

Read other 19 answers
RELEVANCY SCORE 80

My boyfriend and I play the popular internet MMORPG, World of Warcraft. After a particularly long evening, my boyfriend received an in game mail from someone he thought to be a guildy. It turned out to be a link to a website that we assume downloaded a keylogger onto the computer. Two of our guild mates went to the same website and both of their accounts were hacked. They both had to restore their computers. My boyfriends account did not get hacked, however I wanted to take as many precautions as necessary in case the keylogger is just hanging out waiting for the right moment to strike. I have run Norten AntiVirus and found nothing, Stopzilla found some things and removed them and MalwareBytes is finding 4 files that it is identifying as trojans but they will not remove. Please help! I want to make sure this computer is clean before I let him anyway near it. The Hijack this will not remove the files that Malwarebytes is saying are infected.Here is the DDS file DDS (Ver_09-05-14.01) - NTFSx86 Run by Jodi at 21:21:57.43 on Fri 06/19/2009Internet Explorer: 6.0.2900.2180Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1015.498 [GMT -5:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchC:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exesvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost... Read more

A:False positive Trojan or something sinister?

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 80

Hi all, yesterday i ran a routine antispyware scan of my computer and it showed that a file called C:\WINDOWS\gpinstall.exe was a trojan/backdoor, the antispyware programme suggested that i should try and remove this file manually with its own uninstaller, maybe it's a false positive? my computer seems to be running fine..but heres a HJT log just to be sure.

THX !

Logfile of HijackThis v1.99.1
Scan saved at 14:57:27, on 01/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\UAService7.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Intel... Read more

A:Solved: Trojan or false positive?

Read other 7 answers
RELEVANCY SCORE 79.2

I'm trying to fix my moms friends computer and i'm currently doing my second virus scan now (running in safe mode).

On the first scan i found 3 different trojans, but they were quarantined sucessfully. But now, on the second scan i found a trojan i found before again.

The name is:Trojan.Unknown Origin

I've been googling a bit and some other forums says it's a false positive. I just want to be 100% sure it is.

Any help appreciated.
-Nike

A:False Positive? - Trojan.Unknown Origin

Hello and Welcome to TSF.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

Read other 1 answers
RELEVANCY SCORE 79.2

Dell 8400, WinXP Pro SP3, fully patched.

Norton360 constantly reports a "Trojan.Patchep!nf" infection. Norton can't remove it. There is very little info via google on this one. Norton/Symantec reports that it's either low risk or high risk, and has infected a bevy of system files.

I have tried everything..... MBAM, SAS, AVG 8.5, Avira, SpybotS&D, a-squared, SDFix, Combofix, ESET online, Kaspersky online; cleaned up via HJT. Removed a lot of stuff, but none of the other apps have ever noticed "Trojan.Patchep!nf".

Could it be a false positive from Norton360?

-J

A:Trojan.Patchep!nf ..... false positive with Norton360???

You shouldn't run Combofix without the supervision of an expert trained in its use. Doing so could damage your system. Also, to note ahead of time, posting logs for Combofix without being asked to by someone qualified and in the proper forum will be ignored.Can you post the MBAM and SAS logs if there is anything on it?Also, do you know what the full file path is? It'd help to know where it's leading to. It could be a false positive or it could be that some other malware is putting it back there.If you know the location of the file, do this:Anytime you come across a suspicious file for which you cannot find any information about, the file has a legitimate name but is not located where it is supposed to be, or you want a second opinion, submit it to Jotti's virusscan or VirusTotal. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.-- Post back with the results of the file analysis.

Read other 3 answers
RELEVANCY SCORE 79.2

I ran SUPERAntiSpyware today and was surprised to find the following file threat detected:
Trojan.Agent/Gen-ModBot
    Z:\EFI\HP\SYSTEMDIAGS\VIDEOMEM32.UDM
 
I closed out of SUPERAntiSpyware without deleting anything since this appeared to be an important file that I didn't want to risk messing up if this was a false alarm.  There seems to be very little information about this online and the z drive seems to be a HP recovery partition that Windows normally doesn't display.  I tried running it again later after rebooting to see if I could get more details and SAS found nothing!  Scans with other programs have also found nothing so far and I'm baffled.  Can anyone here tell me what's going on?

Read other answers
RELEVANCY SCORE 79.2

I started my computer up this morning and Super anti spyware updates and runs at every bootup. It scanned first thing and found nothing. I did some browsing with no alarm. Two hours later I walk in to do something on the computer and found that SAS had blocked Trojan.Agent/Gen-Kryptik and asked if I wanted to do a scan. So, I scanned with SAS and had the following results:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/27/2012 at 09:29 AM

Application Version : 5.5.1012

Core Rules Database Version : 9126
Trace Rules Database Version: 6938

Scan type : Quick Scan
Total Scan Time : 00:03:29

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 480
Memory threats detected : 7
Registry items scanned : 29590
Registry threats detected : 6
File items scanned : 7368
File threats detected : 19

Trojan.Agent/Gen-Kryptik
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\SUPERANTISPYWARE.COM\SUPERANTISPYWARE\SDDLLS\SD10005.DLL
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\SUPERANTISPYWARE.COM\SUPERANTISPYWARE\SDDLLS\SD10005.DLL
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\SUPERANTISPYWARE.COM\SUPERANTISPYWARE\SDDLLS\SD10006.DLL
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\SUPERANTISPYWA... Read more

A:Trojan.Agent/Gen-Kryptik false positive?

I have the same issue here. I'm wondering if I have a false positive, because when I did a scan with SuperAntispyware, I had like 23 detections or so with a quick scan, then like close to 500 with a full rescue scan. I also scanned with Spybot and MalwareBytes. They didn't find anything.

EDIT: When I rebooted my computer when SuperAntispyware asked me, I did, but the first time, it was unsuccessful, though the second time, I chose to reboot windows normally and it did.

Read other 9 answers
RELEVANCY SCORE 79.2

MTA (Multi Theft Auto) is a popular online client for the game San Andreas but, Malware Bytes is detecting it as Trojan.Vundo

I ran

Comodo Firewall Pro Built in Malware Scanner
SUPER Anti Spyware
Avira AntiVir Premium

and no one else found it as Trojan.Vundo so I can only assume False-Poisitive

A:Trojan Vundo By Malwarebytes, False Positive

if you can fully update and rerun the superantispyware and malawarebytes programs ?

then run each on full deep computer scans and post the logs from each for checking ?

Read other 7 answers
RELEVANCY SCORE 79.2

Hi everyone. I'm new about the board, so sorry for barging in with a problem... But I'm just unsure of myself at the moment and really could use some other opinions!

I currently run a system that has Windows XP professional SP3. It's patched up to date with the latest Windows Updates. I also run Eset's NOD32 for my anti-virus software, though I admit I'm still using version 2.70 instead of the later ones. I keep NOD up to date as well, and it usually keeps the virus definitions updated at least once a day, if not more. Also, and this is the important bit, a few months ago I used to play a game. I used to play Phantasy Star Online through a private server called Schthack. It was several months ago that I installed and played the game, and I've not touched it in some time. According to several sources, the private server version of the game sometimes calls up false positives. NOD never has had any problems with it...

... Until two days ago. When running the weekly scan, NOD suddenly flagged the PsoBB.exe part of Phantasy Star Online as a virus. Specifically it labeled it as a Trojan, a Win32/Kryptik.CR variant. I was a little bit scared to see that, particularly since it had been on my computer for so long without issue. I suppose the latest definitions are what keyed NOD off to PSO - But I'm not sure if it was a false positive or not, as it was reported to be in the past on other AV scanners.

I hardly ever play the game any longer, so I willi... Read more

A:Possible Trojan, but possible false positive... How can I ensure I'm clean?

It is not uncommon for subsequent scanning after updates of a particular security product has been released to result in detection of items which had previously gone undetected by prior scans.The infected RP***\A00*****.exe/.dll file(s) identified by your scan are in the System Volume Information Folder (SVI) which is a part of System Restore. This is the feature that allows you to set points in time to roll back your computer to a clean working state. The SVI folder is protected by permissions that only allow the system to have access and is hidden by default unless you have reconfigured Windows to show it. System Restore will back up the good as well as the bad files so when malware is present on the system it gets included in any restore points as an A00***** file. When you scan your system with anti-virus or anti-malware tools, they may detect and place these files in quarantine. When a security program quarantines a file, that file is essentially disabled and prevented from causing any harm to your system. The quarantined file is safely held there and no longer a threat. Thereafter, you can then delete it at any time. If the anti-virus or anti-malware tool cannot move the files to quarantine, they sometimes can reinfect your system if you accidentally use an old restore point. To remove these file(s), the easiest thing to do is Create a New Restore Point to enable your computer to "roll-back" to a clean working state and use Disk Cleanup to remove all but ... Read more

Read other 5 answers
RELEVANCY SCORE 79.2

AVG detected a Trojan horse VB.VJE in D:\i386\Apps\App002342\oobeconfig.exe. I hardly ever use this computer and my D drive is a locked Recovery drive for my Gateway PC. My friend who has the same computer and use AVG as well got it too so I thought it might be a false positive. The file is currently in the virus vault and I am not sure how this could affect the recovery drive especially if I was to accidentaly delete it from the vault. Would it be safe to restore it and scan it with Malwarebytes and see the results? Also, as a general rule are you better off leaving virus in the vault or emptying it?

Malwarebytes also found this
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties)
Is it safe to remove it?

I included the logs to make sure everything is fine. I did not include the ark.txt it said "GMER hasn't found any system modification and the log was empty. I scanned Services, Registry, Files, ADS and C: as everything else was disabled (well expect D:).



DDS (Ver_09-12-01.01) - NTFSX64
Run by pag at 22:47:15.56 on 16/03/2010
Internet Explorer: 8.0.6001.18882
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.2.1033.18.6141.3551 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Spybo... Read more

A:[SOLVED] Trojan Horse VB.VJE false positive?

bump after 72 hours.

Read other 7 answers
RELEVANCY SCORE 79.2

In short, I wanted a portable antivirus for my USB (the new computers at the school I go to have NO antivirus), and MxOne SEEMED like a good idea. However, upon download, McAfee (it's on a 30-day subscription) immediately detected a trojan and restarted my computer to remove it. So here I am, on a dual-booted Linux, trying to find out if it's safe to go back to Vista. (Xp is on here too, if it matters.) Were the two anti viruses just conflicting? It was just one plain .exe file, and I didn't run any installers or anything, so I'm really not trusting it, nor do I think I should be. What should I do now? And if it turns out anything managed to infect my files or registry, how do I remove it?

I had my flash drive in too... :/ Man, that was really stupid. KNEW I should have cancelled that download the moment I clicked Yes.

A:MxOne Antivirus. Trojan or False-Positive?

Linux Ubuntu 10.10 scanned my hard drives for errors. I reloaded it on a Live CD which I am using now. I am almost positive I have an infection. The trojan does not seem to have taken any of my passwords...yet. If anybody knows any programs I can use to clean my disk, it would be very much appreciated. I have these tools to use in CD-Rs:

-Puppy Linux 5.11 Live CD
-Ubuntu Linux 10.10 Live CD
-ComboFix, Malwarebytes, Ad-Aware, Vundofix, SuperAntispyware, and some other antimalware programs I can't remember right now. Yeah...I've dealt with this before. ~_~ Recently.
-Some CD burning software. I'm not completely above salvaging what I can and reinstalling the Vista OS.

Read other 1 answers
RELEVANCY SCORE 79.2

Hello,
 
I'm using a two month old Samsung laptop with Windows 8. I use Google Chrome 99% of the time with the AdBlock extension. My laptop came with a Norton trial and I installed Malwarebytes the day I bought it. I haven't had any viruses or malware until this past week.
 
Two days ago, I updated and ran Malwarebytes for the first time since September 26. The quick scan picked up a Zbot trojan (Trojan.PWS.Zbot.AI) in my recycle bin from a file called AudioTest.exe. I do not know where this file came from. I checked my downloads folder and it wasn't in there, nor was it in my Chrome download history.
 
My laptop has a history of randomly disconnecting from the wifi - this has happened since I bought it - and I recently noticed the mouse cursor would occasionally randomly jerk to the other side of the screen while I was using it. I don't know if those are symptoms of a trojan virus, because the cursor jerk sometimes happens to me if there is a piece of dirt on the laser thing (sorry, don't know the proper word for it). However, I did click on a link that a close friend sent (while we were instant messaging) that was for an online TV show that we were just talking about. I know that this wasn't a hacking attempt because nothing strange has ever happened before or since while IMing with my friend. Anyway, a pop-up appeared right after I clicked on the website, which I thought was strange since I have AdBlock. I closed the pop-up immediately before it could load p... Read more

A:Was this trojan removed properly? Was it a false positive?

In my unprofessional opinion, free AV's are...well, you get what you pay for. It's free for a reason. Nod32 is my personal favorite.
Anyways, I would believe that the Trojan, if it was a Trojan, is gone. A Zbot would not cause your mouse to move to somewhere you didn't move it to. That is not its function.
If you are concerned about it still remaining, back up your important documents and photos into a flash drive, reset windows to it's factory default, then migrate your files back onto the PC and invest in a reliable antivirus!

Read other 1 answers
RELEVANCY SCORE 79.2

I run Trend Micro 2007 w/ Win XP (patches are up to date). Trend-Micro indicated I am clean. I then ran Bitdefender's on-line scan. It listed 9 items that were infected. Here are the files/actions taken by Bitdefender:

C:\Documents and Settings\Ethan\crap.1201817113.old=>(Embedded EXE o) Infected with: Trojan.Generic.154152
C:\Documents and Settings\Ethan\crap.1201817113.old=>(Embedded EXE o) Deleted
C:\Documents and Settings\Ethan\crap.1201817113.old Update failed
C:\Documents and Settings\Ethan\crap.1201824156.old=>(Embedded EXE o) Infected with: Trojan.Generic.154152
C:\Documents and Settings\Ethan\crap.1201824156.old=>(Embedded EXE o) Deleted
C:\Documents and Settings\Ethan\crap.1201824156.old Update failed
C:\Documents and Settings\Ethan\matrix.dll Infected with: Trojan.Generic.154152
C:\Documents and Settings\Ethan\matrix.dll Deleted
C:\Documents and Settings\Ethan\matrix.dll.1201824155.old Infected with: Trojan.Generic.154152
C:\Documents and Settings\Ethan\matrix.dll.1201824155.old Deleted
C:\Documents and Settings\Liz\crap.1201823185.old=>(Embedded EXE o) Infected with: Trojan.Generic.154152
C:\Documents and Settings\Liz\crap.1201823185.old=>(Embedded EXE o) Deleted
C:\Documents and Settings�... Read more

A:False Positive? Or: Trojan.generic.154152

You look clear. Do these 2 things and clear up the trailing junk and whats left in those restore points.Please download ATF Cleaner by Atribune. (This program is for XP and Windows 2000 only)Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox browserClick Firefox at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browserClick Opera at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.For Technical Support, double-click the e-mail address located at the bottom of each menu.**************Now you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state. The easiest and safest way to do this is:Go to Start > Programs > Accessories > System Tools and click "System Restore".Choose the radio button marked "... Read more

Read other 5 answers
RELEVANCY SCORE 79.2

Hi, I just updated my SuperAntiSpyware with the latest updates, and during scanning it found this file: C:\Program Files\HP Games\ABC Island to be a Trojan.agent/gen-flux, though this file has been on my computer for many years already and no program (Avast, MalwareBytes, Spybot) including previous scans with SAS has found this file to be problematic. I've also scanned the file with VirusTotal and here's the results.
What do I make of this?

As an aside, this website claims that one should delete and close all of the processes and files it lists due to them being a Trojan.agent/gen-flux, but I assume that's impossible since many of the items listed are legitimate and essential for the computer to run. Am I correct?

Thank you in advance for anyone who can help me!
 

A:SAS: Trojan.agent/gen-flux - false positive?

Read other 16 answers
RELEVANCY SCORE 79.2

Hi, I've been getting a Trojan.Agent/Gen-Downloader when running a scan using SuperAntiSpyware on Windows Vista (avast anti-virus and windows update all up to date) and the infected file is "drsupdate.17186803_RUNASUSER" in the "C:\ProgramData\NVIDIA\Updatus\Packages\000054c3" folder.
 
I had to format my computer and install everything again but this time install Windows 8 since I'm a bit paranoid and thought maybe Vista is vulnerable. But again this file showed up even though I had an anti-virus installed. I think it's installing by itself since it's a NVIDIA update for my video card but not sure. I tried scanning it using SuperAntiSpyware and it was clean but when I uploaded the file to virus total dot com, only SuperAntiSpyware showed up with the same Trojan.Agent/Gen-Downloader.
 
Is this a false positive? I'm just too confused because I'm not sure if it's a false positive or not since it says "Signed file, verified signature" on virus total but yet my SuperAntiSpyware isn't detecting it but it was detecting it when I had Windows Vista? Help would be appreciated.

A:Trojan.Agent/Gen-Downloader? False positive?

Bump.
 
Anyone knows how to figure out if this is a false positive or not?

Read other 20 answers
RELEVANCY SCORE 79.2

In March spysweeper said I had a trojan. I quarantined it. Later on the internet people were saying it was a false positive. So I sent a ticket to spysweeper and they said yes it was a false positive. I asked them if I should restore the file in quarantine. I just got a response that I should update spysweeper.

My question is: should I restore the file in quarantine. It was a HKLM\software\microsoft\tracing\fwcfg file.
 

A:spysweeper quarantine false positive trojan

bump
 

Read other 3 answers
RELEVANCY SCORE 79.2

Has just showed up in my Anti Virus Steganos, Virus Vault is it a false positive, it was not picked up by the latest versions of Malwarebytes or SuperAntivirus software.........Jim
p.s. path is D:\System Volume Information\restore{2E43C916-4218-44D7-A095-F1E065574E4D}\RP1901\A0030734.rbf
 

A:Is this a False Positive Trojan horse Small. BOG?

You can run it through Jotti http://virusscan.jotti.org/en

But since it's in System Restore, it can actually be flushed out very easily by turning System Restore off, then back on again.
 

Read other 3 answers
RELEVANCY SCORE 78

After scanning with kaspersky online, a virus called "Trojan-Downloader.Java.Agent.aj" was found. I also scanned with avira free, super anti-spyware, and malware bytes anti-malware with all of them updated, but all the logs were clean. Should I be concerned?

A:Trojan-Downloader.Java.Agent.aj false positive?

Hello and Welcome.

No, that's probably not a false positive.

Clear Java's cache.

Go into the Control Panel (classic view)and double-click the Java Icon. (looks like a coffee cup)On the General tab, under Temporary Internet Files, click the Settings button.
Next, click on the Delete Files button
There are two options in the window to clear the cache - Leave BOTH CheckedApplications and Applets
Trace and Log Files

Click OK on Delete Temporary Files Window
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
Click OK to leave the Temporary Files Window
Click OK to leave the Java Control Panel.

You can also use this tool

This tool cleans files from temp locations, and empties the Recycle Bin.

1. Download TFC (Temp File Cleaner) to your desktop, or other location.
2. Save any unsaved work. TFC will close all open application windows.
3. Double-click TFC.exe to run the program.
4. If prompted, click "Yes" to reboot.

If you need further assistance...



We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsup... Read more

Read other 3 answers
RELEVANCY SCORE 78

Hi all, Thanks in advance for any help that can be offered.First off it is worth noting that the only aspect of my computer not working correctly are my graphics drivers, where I get a crash with the infinite loop error randomly whilst gaming or watching videos. This is varied in frequency, sometimes happens a few times a day, sometimes not for a few weeks.The reason I post is that my Avast! antivirus scan is run regularly and recently I did a thorough search of literally everything. It popped up with 3 THREATS detected, as listed here:Win32:Small-HUF (Trj) in PROCESS\398\45f0000\40000Win32:Small-Gen2 (Trj) in PROCESS\398\463000\40000JS:Agent-AU [Expl] in PROCESS\398\4580000\40000All in 'application 3980'.From my research, these are embedded in the memory currently in use for the processes on the computer...and during a scan in safe mode, the same errors are located.Furthermore I have scanned with Symantec, Kaspersky and Ewido online scanners and found NO trojans, spyware or viruses....which leads me to the question, is avast giving me a false positive, or is it really picking something up that the others aren't?After picking up the threat, avast cannot do anything with it, no repair, moving, deletion or renaming.Oh and a further note, I use some stardock apps to make my XP SP2 feel like Vista. Hope this isn't a problem and helps explain some of the processes loaded on startup.Have a gander at these logs and let me know what yo... Read more

A:Virus/spyware/trojan detection- false positive?

Updated hijack this log after removing all stardock apps and effects...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:38:35, on 08/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20815)
Boot mode: Normal

Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS.0\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS.0\Explorer.EXE
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS.0\system32\Rundll32.exe
C:\WINDOWS.0\system32\ctfmon.exe
C:\Program Files\Gigabyte\Gigabyte WP01GS Wireless PCI Adapter SoftAP\Installer\WINXP\RaUI.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS.0\system32\inetsrv\inetinfo.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS.0\sy... Read more

Read other 3 answers
RELEVANCY SCORE 78

Yeah, so the Trojan.KillAV file was found on the drive that (I'm hoping it was gateway! It's mentioning PC Angel in any case...) is locked down so I can't access with admin rights with Windows Explorer . I'm looking at my older HJT log from a few days ago, and although I don't know too much about reading the logs...I think Symantec files popping up as files missing isn't good. Since it was on the backup drive, I'm wondering if it's a false positive. The name of the file is add_gateway.exe, which googling gives no relevant info to...If I can get some help pulling things out of an NIS 2007 quarantine file if it's still there, I can submit if whoever helps would like. I'll submit the log before my NIS scan and I'll throw in a current one too. I would like to know if anyone knows about the international options line, too. I don't use other languages for WinXP... : / I'm using a Gateway CX2620 Tablet PC. Patched as of 6 January 2007.

First HJT! Log

Logfile of HijackThis v1.99.1
Scan saved at 8:05:35 PM, on 1/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Fil... Read more

A:Trojan.KillAV was found, not sure if it's a false positive or real.

Bump because it's on page 5....is it ok to bump when it gets that far back?
 

Read other 3 answers
RELEVANCY SCORE 78

as the title says malwarebytes is showing as TROJ_GEN.F47V0725.
this is being flagged by TrendMicro-HouseCall.
always thought both were very reputable sources, i have posted in other places to get this noticed so that the detection is either proved, or shown as safe.
the virus total report: https://www.virustotal.com/file/76d5...is/1343798877/

it's definetly from the malwarebytes homepage:
Malwarebytes

just thought i would post here too to give you guys a heads up.
as it is a very popular scanner.

edit: sorry typo

A:[SOLVED] Malwarebytes showing as trojan - False positive

back again with an update

this site is hosting the download which is showing as infected, same link as 1st post.
Malwarebytes
and this site too
Malwarebytes Anti-Malware - CNET Download.com
this cnet site shows as trusted by avast link scanner but gives out the above mentioned file which shows as threat by trend micro.

i then got the malwarebytes file from bleeping computer
here: Malwarebytes Anti-Malware Download

i scanned that, this is clean, here is the virus total report on that file
https://www.virustotal.com/file/9007...is/1343801364/

so basically the trusted link to cnet was showing as threat in the file.
and so was the malwarebytes site which also has the cheek to ask for an email address before passing out the malwarebytes file to download.

Read other 8 answers
RELEVANCY SCORE 78

After a blue screen the night before last my computer rebooted and the action center advised me to "Remove the VirTool:Win32/Beeinject virus". I found this shocking as I'm quite safe with my browsing habits and use sandboxie/noscript for anything that is even remotely shady.

Screenshot of the message : http://imgur.com/UcK2V

I spent the entire day yesterday running a variety of Full antivirus and malware scans, all with fully updated virus definitions, and not a single one found anything. A list of the tools I used which came up with nothing:

RKill
Avast
Malwarebytes
TDSSKiller
Hitmanpro
Microsoft Malicious Software Removal Tool
Prevx
Norton Power Eraser
Windows Defender

Everything, even after multiple full (some 7+ hour) scans came up clean, but Windows Action Center is still showing the same message. Are there any other scans that I should run that I've missed? How likely is it that Microsoft Action Center would find a virus in 30 seconds that 9 different scanners couldn't detect over 12+ hours of scanning? My computer appears to be running completely normally but I'm still a bit freaked out here. How should I proceed to be sure my computer is not compromised in some way?

A:Infection or False Positive? Windows Action Center advising to "Remove the VirTool:Win32/Beeinject virus"

I have seen this error too and ran multiple scans just as you did, im thoroughly stumped here, can anyone shed some light on this?

Read other 3 answers
RELEVANCY SCORE 77.2

Need some guidance in how to proceed with an automotive diagnostic tool I purchased on e-bay. The tool is designed to retrieve module coding from volkswagen instrument clusters and electronic control modules. The software provided on a disc when scanned on one computer with AVG free, and on another computer with avast antivirus both detect the software as a trojan horse. Is it because of the nature of the software as a diagnostic/interrogative tool that it is detected as a trojan, in other words a false positive. Or should I be concerned. I have not installed the software yet. On virscan.org the software file is in its history and shows about 50% of antivirus programs detecting a trojan. The software was purchased on e-bay and the sellers feedback is excellent, which makes me tend towards trusting the software. The file name is VWTester.exeThe sellers supplier sent me the software as an e-mail attachment also if anyone would like me to forward it for checking. I am wondering how does one confirm a false positive virus detection? I just remembered that norton antivirus also detects as a trojan, I could add a screenshot of the norton detection but I don't see any option for attaching a photo. Here is a link to the virscan.org report.http://virscan.org/report/50f23db14c8b25f4...c582155c61.htmlWould appreciate any suggestions on what to do to determine if this software really does contain a trojan or if it is a false positive. This is getting a bit out of my league. Thanks.

A:trojan detected by avg in automotive software purchased, false positive?

It looks like most of the detections are generic, Heuristic, packed.Generic detections are usually a heuristics detection of possible new variants of malware before the vendor can get samples and update the program's definitions for detection. Heuristics uses non-specific detection methods to find new or unknown malware which allows the anti-virus to detect and stop if before doing any harm to your system. Heuristic scanning methods vary depending on the vendor. Some claim to allow emulation of the file's activities in a virtual sandbox. Others scan the file more intensively, searching line by line inspecting the code in a file to see if it contains virus-like characteristics. If the number of these characteristics/instructions exceeds a pre-defined threshold, the file is flagged as a possible virus.The disadvantage to using heuristics is that it is not as reliable as signature-based detection (blacklisting) and can potentially increase the chances that a non-malicious program is flagged as malicious. With heuristics, there is always a potential risk for a "False Positive" when the heuristic analysis flags a file as suspicious or infected that contains no malware.Certain embedded files that are part of legitimate programs, may at times be detected by some anti-virus and anti-malware scanners as a "Risk Tool", "Hacking Tool", "Potentially Unwanted Program", or even "Malware" (virus/trojan) when that is not the ... Read more

Read other 3 answers
RELEVANCY SCORE 76.4

Hi!
I have Win8 PRO, Comodo Internet Security Premium, Malwarebytes Anti-Malware (trial so active protection is enabled), Superantispyware w/o active protection and SpywareBlaster.

This is Anti-Malware log from yesterday:

2012/12/05 02:09:40 +0100 PC Admin IP-BLOCK 212.117.177.190 (Type: outgoing, Port: 50847, Process: firefox.exe)
2012/12/05 02:09:40 +0100 PC Admin IP-BLOCK 212.117.177.190 (Type: outgoing, Port: 50854, Process: firefox.exe)
2012/12/05 02:20:40 +0100 PC Admin MESSAGE Executing scheduled update: Daily
2012/12/05 02:20:58 +0100 PC Admin MESSAGE Scheduled update executed successfully: database updated from version v2012.12.03.14 to version v2012.12.05.01
2012/12/05 02:20:58 +0100 PC Admin MESSAGE Starting database refresh
2012/12/05 02:20:58 +0100 PC Admin MESSAGE Stopping IP protection
2012/12/05 02:20:59 +0100 PC Admin MESSAGE IP Protection stopped successfully
2012/12/05 02:21:01 +0100 PC Admin MESSAGE Database refreshed successfully
2012/12/05 02:21:01 +0100 PC Admin MESSAGE Starting IP protection
2012/12/05 02:21:03 +0100 PC Admin MESSAGE IP Protection started successfully
2012/12/05 03:51:02 +0100 PC Admin MESSAGE Starting protection
2012/12/05 03:51:02 +0100 PC Admin MESSAGE Protection started successfully
2012/12/05 03:51:02 +0100 PC Admin MESSAGE Starting IP protection
2012/12/05 03:51:03 +0100 ... Read more

A:[SOLVED] Trojan.Agent detected by Anti-Malware - False Positive?

Hello. There was a false positive with Malwarebytes Anti-Malware and some uninstallers yesterday, which has since been resolved.

I believe you can update the database, restore that file from quarantine if need be, and it will no longer be detected.

You should be able to run MBAM PRO + Comodo. In some cases, adding exclusions for MBAM's files into Comodo can help avoid performance issues.

Read other 3 answers
RELEVANCY SCORE 76.4

Malwarebytes (April 15/16) - Beware issue - False positive Trojan.Downloader.ED

Critical issue with Malwarebytes Today (April 15/16) - ***False positive Trojan.Downloader.ED message
Malwarebytes latest update is causing all system files to be considered bad and renders computers inoperable.

Big head ache for me today.

From Malwarebytes

http://forums.malwarebytes.org/index.php?showtopic=125136

"As many of you are aware, we suffered a false positive earlier today which caused many of our users' systems to be rendered inoperable. The offending database was v2013.04.15.12, and was live for only 13 minutes.

We sincerely apologize for this false positive and an update was immediately pushed out to remove the offending definition that caused this."
 

A:Malwarebytes (April 15/16) - Beware issue - False positive Trojan.Downloader.ED

Read other 7 answers
RELEVANCY SCORE 76.4

Hello,

I am concerned about Spy Sweeper reporting a password stealing ldpinch trojan on both of my computers. I sent the following inquiry to Webroot today and I will post their response. Please tell me if my logs below indicate any trojans or other viruses / spyware I should be concerned about.

I am running AVG Anti-virus (free version), ZoneAlarm firewall (free version) and Webroot Spy Sweeper and keep them all up to date. I run IE 7 with the Avant Browser shell (which I really like). I now have some additional protections running, too, thanks to following the TSF Five Step Program!

Thanks in advance for your time and expertise.

[email protected]


To Webroot Support:

I have two computers running SS 5.5 with 1014 definitions. Within the past day, both scans have detected ldpinch trojan with the similar log entries (one included below). It seems unlikely that both computers became infected at the same time. Is this a false positive report? If not, what should I do now?

2:31 AM: Traces Found: 1
2:31 AM: Scheduled Sweep has completed. Elapsed time 01:29:24
2:31 AM: File Sweep Complete, Elapsed Time: 00:09:59
2:21 AM: Starting File Sweep
2:17 AM: Cookie Sweep Complete, Elapsed Time: 00:00:01
2:17 AM: Starting Cookie Sweep
2:17 AM: Registry Sweep Complete, Elapsed Time:00:01:36
2:16 AM: HKLM\software\microsoft\windows\currentversion\mcd\ (ID = 826065)
2:16 AM: Found Trojan Horse: ldpinch trojan
2:15 AM: Starting Registry Sweep
2:15 AM: Memory Sweep Complete,... Read more

A:[SOLVED] SS 5.5 1014 Defs finds ldpinch trojan - False Positive?

Hello, TSF

I have not heard directly back from Webroot yet but did see this post on their website just now:

10/22/2007- Webroot Antivirus/Spy Sweeper is falsely detecting a registry key associated with Windows Live Messenger as a trojan labeled 'LDPinch'. The registry entry is quarantined by Webroot Antivirus/Spy Sweeper, however, there is no severe impact to a user's system. The registry entry is simply restored after restarting the system.

Webroot has identified the erroneous detection and has removed the false positive from the lastest definition update. Webroot Antivius/Spy Sweeper will automatically update itself once the definition update is available.

I'm relieved that it was a false positive, although Webroot should re-read "The Boy Who Cried Wolf"!

Thanks!

[email protected]

Read other 1 answers
RELEVANCY SCORE 76.4

I forgot the rules about helping, for which I apologise profusely, so I'm posting this in a new thread. The latest database from PC Tools for Spyware Doctor, 3.06141, seems to have solved the false positive identification for trojan.antimcafee.b. However, now that Spyware Doctor gives me a clean bill of health, Panda onlline is not so positive, 33 spyware and 3 rootkit/hacker tools. Does it always quit without a final report when it finishes a free scan if you don't pay them?
 

A:Spyware Doctor and trojan.antimcafee.b false positive and Panda question

Panda doesn't like process.exe in SmitfraudFix. Most of the rest were cookies I forgot to clear from the recycle bin. Does anyone know if I can safely delete the contents of the cookie.txt file in the Firefox default profile?
 

Read other 1 answers
RELEVANCY SCORE 76.4

Hi i just returned my computer to factory setting reinstalled avast and ran a boot time scan and it found 8 infected files. How could this be?the files were alldeleted during the boot scan. But they were something to do with a thing called treaure island contained within swSetup\hpgob and then system volume information\restore there were 4 files of each type to do with treasure island. Avast called them up as trojan win 32. I have checke and there is an hp game called treaure island but its not on my computer. Please Help!

Read other answers
RELEVANCY SCORE 74.8

I normally scan regularly with Malwarebytes and Symantec Endpoint Protection 11, and I haven't found anything with those recently. I occasionally use the Kaspersky Virus Removal Tool for a "second opinion", but I have had false positives found with it (For example, I did an avast! scan and SEP11 quarantined some files from avast mid scan as Downloaders as false positives, then Kaspersky found the same files and said I had multiple banload trojans incorrectly as well).

Yesterday I downloaded the most recent version of the Virus Removal Tool and it picked up a file with the pathname "C:\System.sav\util\RESBETA\RESDETECT.EXE" and said that it was "Trojan-Downloader.Win32.Banload.bmso". I searched for the file in my system and RESDETECT.exe has a nvidia logo, and it was created and last modified 11/14/2007, and it was last accessed 2/24/2008 at 6 a.m., when I don't think my PC was even on since I am rarely on my PC in the morning.

So what should I do? Should I delete the file, or ignore it? I don't want to delete anything from the System.sav folder without knowing that I must, and based on context clues, it seems like it is an auto resolution detecting program. Help as soon as possible is appreciated, as I want to use this computer as little as I can until I know it is safe.

Thank you.

EDIT: Upon further reflection, I didn't even have this PC until November of 2008, so this file hasn't been (apparent... Read more

A:Kaspersky Virus Removal Tool detected trojan in System.sav...is it a false positive or should I be worried?

Hello, Lets' upload this file for a second opinion on what it actually is..Please make sure that you can view all hidden files. Instructions on how to do this can be found here:How to see hidden files in WindowsPlease click this link-->JottiWhen the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit. <filepath>suspect.file Please post back the results of the scan in your next post.If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/NOTE:For submission to a specific anti-virus vendor see Submitting Virus Samples: How to Submit a Virus.

Read other 5 answers