Jump to content
Everest

(Trojan.Agent)

Recommended Posts

Is this file part of my OS?

is it infected? :P

can I clean the file without deleting it? :P

it's probably False positive because me Avira Antivir say it's clean.. :P

any help is welcomed ... thank you :)

P.S. I did run dev mod as suggested and attached the Log .. hope you can help me with that B)

Always a good idea with any suspect files to upload the suspect file to VirusTotal service for 39 second opinions.

http://www.virustotal.com

Can you please copy and paste a link to the scan report page generated.

Thanks in advance :)

Share this post


Link to post
Share on other sites

Let me see if I can fix this , there might actually be a rare app that uses this path . I'm going add a filter on this that should miss the legit version .

Share this post


Link to post
Share on other sites

what filter ?

installed where ?

so ..

I don't get it.. Is the file infected?

I will update and restore the file and scan again ..

thanx

Share this post


Link to post
Share on other sites

Many thanks for uploading your sample :)

I can confirm that this is a genuine detection by MBAM and not a F/P after prelimary analysis.

Here's some handy pointers since the file has faked Microsoft information attached to it and at first glance would appear genuine.

VirusTotal Report was inconclusive as only PX flagged the file but simple google search of MD5 returns 0 results.

http://www.google.co.uk/search?sourceid=na...2e9cdadd8febc10

This is totally irregular for a Microsoft genuine file and the first clear indicator all is not what it seems B)

Share this post


Link to post
Share on other sites

MBAM does not detect the file anymore !!!

maby detection was removed with the update !!

the file is still in C:/windows/system32 ..

detection for the file was removed and MBAM no longer detect the file !!

should I delete it manually ?

if so, make shore to add it back to the detection file.

what does MD5 mean anyway?

thanx,

Share this post


Link to post
Share on other sites
MBAM does not detect the file anymore !!!

maby detection was removed with the update !!

the file is still in C:/windows/system32 ..

detection for the file was removed and MBAM no longer detect the file !!

should I delete it manually ?

if so, make shore to add it back to the detection file.

what does MD5 mean anyway?

thanx,

Hi,

In laymans terms it is a tool for indexing files by generating a value unique to that particular file.

Here's the Wiki for MD5

http://en.wikipedia.org/wiki/MD5

If you look at the bottom of the virustotal report amongst other data there will always be a MD5 generated value for the uploaded file.

As far as the target file goes then it is safe to manually delete it if you know how too and it was removed from being flagged by MBAM until we could investigate it further and determine whether it was f/p or not B)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.