zongamin Posted January 11, 2014 ID:776785 Share Posted January 11, 2014 This came up today in a quick scan, although nothing detected by hourly flash scans or realtime protection Files Detected: 1C:\Windows\Installer\7dd7666.msi (Trojan.Agent.ED) Only thing I had recently installed was a DuckDuckGo extension in Firefox (now removed) Pretty sure this is an FP Link to post Share on other sites More sharing options...
Staff Atribune Posted January 11, 2014 Staff ID:776786 Share Posted January 11, 2014 Can you please attach the file? Link to post Share on other sites More sharing options...
zongamin Posted January 12, 2014 Author ID:776950 Share Posted January 12, 2014 Attached log Info for the file says its installer for Foxit Reader Comes up clean in this Jotti file check http://virusscan.jotti.org/en/scanresult/c7c32881f59426abd9870408af372b7743fa211c mbam-log-2014-01-11 (17-27-22).txt Link to post Share on other sites More sharing options...
Staff miekiemoes Posted January 12, 2014 Staff ID:777007 Share Posted January 12, 2014 Hi, I cannot reproduce detection here. Can you verify if this is still being detected with the latest database update? Link to post Share on other sites More sharing options...
zongamin Posted January 12, 2014 Author ID:777101 Share Posted January 12, 2014 Hi, I cannot reproduce detection here. Can you verify if this is still being detected with the latest database update?Sorry I couldnt upload the actual file here as it was an MSI and not allowed.I've deleted it now. MBAM and Hitman Pro scans now both coming up clean too. Link to post Share on other sites More sharing options...
Staff miekiemoes Posted January 12, 2014 Staff ID:777104 Share Posted January 12, 2014 I could get a hold of the file via the jotti scan log you posted here, but couldn't reproduce detection, so I believe this has been fixed already Link to post Share on other sites More sharing options...
seawolfusa Posted January 12, 2014 ID:777210 Share Posted January 12, 2014 Just had the same issue with C:\Program Files\FarStone\RestoreIT_XP\rescandisk.exe.Scaning file with F_Secure shows no issue. Time stamp on file shows it has not been modified for a few years. Went ahead and removed. Below is mbam-log: Malwarebytes Anti-Malware (PRO) 1.75.0.1300www.malwarebytes.orgDatabase version: v2014.01.12.05Windows XP Service Pack 3 x86 NTFSInternet Explorer 8.0.6001.18702Protection: Enabled1/12/2014 3:46:23 PMmbam-log-2014-01-12 (15-46-23).txtScan type: Full scan (C:\|E:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 360338Time elapsed: 1 hour(s), 23 minute(s), 35 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 1C:\Program Files\FarStone\RestoreIT_XP\rescdisk.exe (Trojan.Agent.ED) -> Quarantined and deleted successfully.(end) Link to post Share on other sites More sharing options...
Staff shadowwar Posted January 13, 2014 Staff ID:777252 Share Posted January 13, 2014 can you please restore the file from quaritine and zip and attach it here?Thanks. Link to post Share on other sites More sharing options...
seawolfusa Posted January 13, 2014 ID:777266 Share Posted January 13, 2014 can you please restore the file from quaritine and zip and attach it here?Thanks.Had to restore file or my machine would not start. rescdisk.zip Link to post Share on other sites More sharing options...
seawolfusa Posted January 13, 2014 ID:777288 Share Posted January 13, 2014 can you please restore the file from quaritine and zip and attach it here?Thanks.Here is the log from running mbam.exe/developer: Malwarebytes Anti-Malware (PRO) 1.75.0.1300www.malwarebytes.orgDatabase version: v2014.01.12.06Windows XP Service Pack 3 x86 NTFSInternet Explorer 8.0.6001.18702Protection: Enabled1/12/2014 9:55:48 PMMBAM-log-2014-01-12 (23-33-09).txtScan type: Full scan (C:\|E:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 360698Time elapsed: 1 hour(s), 36 minute(s), 10 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 2C:\Documents and Settings\Dad\desktop\rescdisk.zip (Trojan.Agent.ED) -> No action taken. [ef57318392e8bd79ad051b5449b839c7]C:\Program Files\FarStone\RestoreIT_XP\rescdisk.exe (Trojan.Agent.ED) -> No action taken. [a6a01e960f6b5ed8456dcba4ea1748b8](end) Link to post Share on other sites More sharing options...
Staff miekiemoes Posted January 13, 2014 Staff ID:777300 Share Posted January 13, 2014 Hi, This should have been fixed already. Please update and let me kknow if this is still being detected. Link to post Share on other sites More sharing options...
seawolfusa Posted January 21, 2014 ID:780727 Share Posted January 21, 2014 Sorry for the long delay in responding. I have been updating regularly but after updating the next day I no longer had the problem. Link to post Share on other sites More sharing options...
Staff miekiemoes Posted January 21, 2014 Staff ID:780746 Share Posted January 21, 2014 Thanks for the feedback! Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now