Trojan.Agent infecting FlashIK.dll file

[BloodCaramel]

Aaah I'm new to the forum here but...

My Malwarebytes(free ver) detected a virus called Trojan.Agent (No win32, no gen, just Trojan.Agent), while I've read a lot of forums about this virus, they're mainly about rogue antiviruses/softwares, to which I have never downloaded any nor have I recieved constant pop-ups from these rogue antivirus(I barely know it's on my computer), and virus commonly attacks regristry and files that have win32 in them.

However I am unsure about the virus I've obtained, it's not linked to any regristry nor win32 file.

It's still in the quaratine but I've yet to take action for fear that I'll mess up my computer, and the virus will pop up again.

This is the log I got from Malwarebytes(I had to remove a letter from the log's name because it won't save for some reason),

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.14.02

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Dell :: RAVEN-LAPPY [administrator]

14/8/2012 5:16:51 PM

mbam-log-2012-08-14 (19-32-06

Scan type: Full scan (C:\|D:\|E:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 413874

Time elapsed: 1 hour(s), 24 minute(s), 31 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Program Files (x86)\Adobe\Adobe Flash CS5\FlashIK.dll (Trojan.Agent) -> No action taken.

(end)

[MrCharlie]

Please find this file and upload to VirusTotal for a free scan, let me know the results (just copy back the url)

http://www.virustotal.com/

C:\Program Files (x86)\Adobe\Adobe Flash CS5\FlashIK.dll

MrC

[BloodCaramel]

I clicked "Re-analysis", is that the right one?

https://www.virustotal.com/file/06b50a2c0c31a6f74d25df5e51cf439ecde7a227b4be407f20fe51040dff9263/analysis/1344947188/

[MrCharlie]

It's clean, may be a false positive. MrC

[BloodCaramel]

So should I ignore the file and do a rescan?

[MrCharlie]

Please do this first: (don't delete that file, just take no action towards it)

1. Click the Start Menu.

2. Click Run.

3. Type in "mbam.exe /developer", without the quotes.

4. Run the same type of scan you did before and save the logfile and post it.

MrC

[MrCharlie]

??????????? MrC

[BloodCaramel]

Ah sorry for the late reply, the scan is still going on(it's full scan)

[BloodCaramel]

No viruses were detected.

Here's the log.

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.14.02

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Dell :: RAVEN-LAPPY [administrator]

14/8/2012 8:47:55 PM

mbam-log-2012-08-14 (20-47-55).txt

Scan type: Full scan (C:\|D:\|E:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 414126

Time elapsed: 1 hour(s), 21 minute(s), 53 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

[MrCharlie]

OK, you're good....MrC

[flashed]

OK, you're good....MrC

Hello MrCharlie,

I also am new to the forum, and experienced the same thing this morning with the CS5.5 version of this file (if indeed they aren't identical). Problem is, I can't follow the steps given here because I quarantined it and can't seem to restore the file. Apparently MB has problems with writing privileges for certain directories. I did a second full scan after quarantining the dll and restarting the computer, which reported no malicious items found.

Should I relax and consider this a false positive, or should I try to get the file back so it can be examined? I'm not worried too much about it being unretrievable; I've not yet used Flash CS5.5, and if I need to I can reinstall it.

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.14.06

Windows 7 x86 NTFS

Internet Explorer 9.0.8112.16421

***************************

8/14/2012 11:34:49 AM

mbam-log-2012-08-14 (11-34-49).txt

Scan type: Full scan (C:\|D:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 476896

Time elapsed: 1 hour(s), 51 minute(s), 4 second(s) [aborted]

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Program Files\Adobe\Adobe Flash CS5.5\FlashIK.dll (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

[MrCharlie]

It looks like a false positive, why can't you restore the file??

If we can can get a sample of the file, it could be submitted and checked.

@BloodCaramel, can you zip up and attach FlashIK.dll for us?

MrC

[flashed]

It looks like a false positive, why can't you restore the file??

If we can can get a sample of the file, it could be submitted and checked.

@BloodCaramel, can you zip up and attach FlashIK.dll for us?

MrC

Not sure. I click either "restore" or "restore all" and all that happens is the "Exit" button gets highlighted. The entry in the Quarantine list remains, doesn't change in any way, and the file doesn't reappear in the directory. No notifications appear or anything.

I searched for this behavior and apparently MB has a known issue where it doesn't have permission to write to certain folders, and so people are unable to restore their files from quarantine. Would be nice if there were a "restore to" option or something.

[MrCharlie]

I see you posted in the False Positive section, lets see if BloodCaramel supplies a sample.

MrC

[MrCharlie]

I just downloaded that file and MB popped up and quarantined it, uploaded it to VT and it's clean??

https://www.virustotal.com/file/69fa6cf143bd22e31d3b988193a70cb16398717ba56fbbd0d9dada2a51186f9e/analysis/

MrC

[flashed]

I just downloaded that file and MB popped up and quarantined it, uploaded it to VT and it's clean??

https://www.virustot...86f9e/analysis/

MrC

That's a rather comprehensive list of antimalware software. In fact, the only one I've heard of that isn't on there is MB. Why is that?

But if they say it's good, then I guess I can relax.

Thanks MrC, I appreciate it.

[MrCharlie]

MB will get it straighten out, MrC

EDIT: Been fixed in the latest update.

[Maurice Naggar]

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.