Guest dor123 Posted May 20, 2009 ID:81841 Share Posted May 20, 2009 Recently Anti-Malware reported several important windows files in my computer as a trojan.agent and erased then and my windows became unstabled.From what i read from the internet This threat is really non exist in the world and only detected by rouge security programs. Malwarebytes be asked to remove this threat from its definitions! Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted May 20, 2009 Root Admin ID:81862 Share Posted May 20, 2009 You should be able to restore the files from the Quarantine TAB if they are.Please post your logs so that we can see what was detected.Thank you. Link to post Share on other sites More sharing options...
Guest dor123 Posted May 20, 2009 ID:81866 Share Posted May 20, 2009 Files like: cisvc.exe, ieudinit.exe, spoolsv.exe and registry entries related to them. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted May 20, 2009 Root Admin ID:81912 Share Posted May 20, 2009 If you can please post the logs that were run when it removed them.Thank you. Link to post Share on other sites More sharing options...
Guest dor123 Posted May 21, 2009 ID:82049 Share Posted May 21, 2009 I canwt post the logs because i removed the program from the computer. Link to post Share on other sites More sharing options...
yardbird Posted May 21, 2009 ID:82053 Share Posted May 21, 2009 I canwt post the logs because i removed the program from the computer.Can you re-scan & post back? Hum removed program, I missed that! Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted May 21, 2009 Root Admin ID:82082 Share Posted May 21, 2009 Okay, well without the logs not much we can do about it at this point.Sorry. Link to post Share on other sites More sharing options...
Guest dor123 Posted May 21, 2009 ID:82083 Share Posted May 21, 2009 In any case Trojan.agent is a fake threat and should be removed from the definition. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted May 21, 2009 Root Admin ID:82086 Share Posted May 21, 2009 Well unfortunately we need an actual /developer log file to verify and remove it from the list. Name alone is not enough.If someone else posts it or runs into it we can have them post a /developer log and we can then check and verify and remove it if it is in fact a FP.Thank you though for your input on this, much appreciated. Link to post Share on other sites More sharing options...
Guest dor123 Posted May 25, 2009 ID:83286 Share Posted May 25, 2009 Here is a log i got after the scan. All the inftected files are important to windows.Malwarebytes' Anti-Malware 1.36Database version: 2176Windows 5.1.2600 Service Pack 325/05/2009 17:27:59mbam-log-2009-05-25 (17-27-59).txtScan type: Quick ScanObjects scanned: 84652Time elapsed: 3 minute(s), 37 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 8Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:C:\WINDOWS\system\ieudinit.exe (Trojan.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Doron\Application Data\Microsoft\mstinit.exe (Trojan.Agent) -> Quarantined and deleted successfully.C:\WINDOWS\system32\drivers\rsvp.exe (Trojan.Agent) -> Quarantined and deleted successfully.C:\WINDOWS\system32\drivers\cisvc.exe (Trojan.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Doron\Local Settings\Application Data\Microsoft\sessmgr.exe (Trojan.Agent) -> Quarantined and deleted successfully.C:\WINDOWS\system\cisvc.exe (Trojan.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Doron\Application Data\Microsoft\comrepl.exe (Trojan.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Doron\Local Settings\Application Data\spoolsv.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully. Link to post Share on other sites More sharing options...
mountaintree16 Posted May 25, 2009 ID:83319 Share Posted May 25, 2009 I had Trojan.Agent come up on some scans too, and I deleted it and there was no problem with the computer after I deleted them.I wonder if something off happened with your system?Are the problems still occurring?Here is a log i got after the scan. All the inftected files are important to windows.Malwarebytes' Anti-Malware 1.36Database version: 2176Windows 5.1.2600 Service Pack 325/05/2009 17:27:59mbam-log-2009-05-25 (17-27-59).txtScan type: Quick ScanObjects scanned: 84652Time elapsed: 3 minute(s), 37 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 8Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:C:\WINDOWS\system\ieudinit.exe (Trojan.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Doron\Application Data\Microsoft\mstinit.exe (Trojan.Agent) -> Quarantined and deleted successfully.C:\WINDOWS\system32\drivers\rsvp.exe (Trojan.Agent) -> Quarantined and deleted successfully.C:\WINDOWS\system32\drivers\cisvc.exe (Trojan.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Doron\Local Settings\Application Data\Microsoft\sessmgr.exe (Trojan.Agent) -> Quarantined and deleted successfully.C:\WINDOWS\system\cisvc.exe (Trojan.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Doron\Application Data\Microsoft\comrepl.exe (Trojan.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Doron\Local Settings\Application Data\spoolsv.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully. Link to post Share on other sites More sharing options...
Baz. Posted May 25, 2009 ID:83320 Share Posted May 25, 2009 Hi,As far as I can see thats no "fake threat".....why would spoolsv.exe be in your application data folder?cisvc.exe should be in system32 folder too....rsvp.exe is not a windows that I know of...ieudinit.exe should be in system32 folder again (if at all)and the rest of those .exes raise suspicion in app data folder.All is well as far as I can see. Link to post Share on other sites More sharing options...
David Spector Posted May 26, 2009 ID:83396 Share Posted May 26, 2009 The malware that is frequently called Trojan.agent or Trojan.fake is not a fake threat, in my experience. I have spent days trying to get rid of it and will give more info in a separate posting. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted May 26, 2009 Root Admin ID:83412 Share Posted May 26, 2009 Those are Trojans if they're in that path location. Executable files do not belong there. Post will be closed, they're not false positives and we will not remove them from detection. If you want them to not be detected on your system then you can place them on the ignore list.Thank you. Link to post Share on other sites More sharing options...
Recommended Posts