Jump to content
windymiller

Trojan.Agent.ED in WINWORD.EXE & GDIPLUS.DLL (Office 2003)?

Recommended Posts

Hi guys,

 

Thanks for reporting.

 

Yes regretably this was a FalsePositive detection(s).

 

The faulting def has since been removed.

 

Please update to the most recent database and the detection should no longer persist.

Share this post


Link to post
Share on other sites

On Thursday 2 Apr I remotely used my computer. When I came home 3 hrs later, everytime I tried to start a program, Windows installer popped up and wanted to install MS Project 2003, which I have, in addition to Office 2007. I would not give permission, but it kept re-popping up over and over, and sometimes stopped and complained about missing cab file.

I spent the next many hours trying to figure out what happened. I do have the following in my daily protection log. Was this whole incident caused by a false positive which then quarantined these files and caused all my grief?

 

Update, 4/2/2015 2:15:46 PM, SYSTEM, DSOTM, Scheduler, Malware Database, 2015.4.2.5, 2015.4.2.6,

Protection, 4/2/2015 2:15:46 PM, SYSTEM, DSOTM, Protection, Refresh, Starting,

Protection, 4/2/2015 2:15:46 PM, SYSTEM, DSOTM, Protection, Malicious Website Protection, Stopping,

Protection, 4/2/2015 2:15:46 PM, SYSTEM, DSOTM, Protection, Malicious Website Protection, Stopped,

Protection, 4/2/2015 2:15:50 PM, SYSTEM, DSOTM, Protection, Refresh, Success,

Protection, 4/2/2015 2:15:50 PM, SYSTEM, DSOTM, Protection, Malicious Website Protection, Starting,

Protection, 4/2/2015 2:15:50 PM, SYSTEM, DSOTM, Protection, Malicious Website Protection, Started,

Detection, 4/2/2015 2:37:29 PM, SYSTEM, DSOTM, Protection, Malware Protection, File, Trojan.Agent.ED, C:\Program Files (x86)\Common Files\microsoft shared\OFFICE11\UCS20.DLL, Quarantine, [ffcf6007226884b2166b3e0025ddc53b]

Detection, 4/2/2015 2:37:37 PM, SYSTEM, DSOTM, Protection, Malware Protection, File, Trojan.Agent.ED, C:\Program Files (x86)\Microsoft Office\OFFICE11\MSWEBCAP.DLL, Quarantine, [be1070f790fa74c2324f47f7eb17c43c]

Detection, 4/2/2015 2:38:11 PM, SYSTEM, DSOTM, Protection, Malware Protection, File, Trojan.Agent.ED, C:\Program Files (x86)\Microsoft Office\OFFICE11\GDIPLUS.DLL, Quarantine, [9e3090d7f496e2542f52ef4fcf33e31d]

Detection, 4/2/2015 2:38:35 PM, SYSTEM, DSOTM, Protection, Malware Protection, File, Trojan.Agent.ED, C:\Program Files (x86)\Microsoft Office\OFFICE11\UCSCRIBE.DLL, Quarantine, [1bb364034c3eae88d7aa5ce2bd458080]

Detection, 4/2/2015 2:38:52 PM, SYSTEM, DSOTM, Protection, Malware Protection, File, Trojan.Agent.ED, C:\Program Files (x86)\Microsoft Office\OFFICE11\SAEXT.DLL, Quarantine, [ede1f572a1e981b53b46f24ca45e2dd3]

Scan, 4/2/2015 3:41:13 PM, SYSTEM, DSOTM, Manual, Start:4/2/2015 3:29:48 PM, Duration:9 min 43 sec, Threat Scan, Completed, 2 Malware Detections, 0 Non-Malware Detections,

Protection, 4/2/2015 3:45:37 PM, SYSTEM, DSOTM, Protection, Malware Protection, Starting,

Protection, 4/2/2015 3:45:38 PM, SYSTEM, DSOTM, Protection, Malware Protection, Started,

Protection, 4/2/2015 3:45:38 PM, SYSTEM, DSOTM, Protection, Malicious Website Protection, Starting,

Protection, 4/2/2015 3:45:47 PM, SYSTEM, DSOTM, Protection, Malicious Website Protection, Started,

Scan, 4/2/2015 3:56:15 PM, SYSTEM, DSOTM, Manual, Start:4/2/2015 3:47:05 PM, Duration:9 min 7 sec, Threat Scan, Cancelled, 0 Malware Detections, 0 Non-Malware Detections,

Scan, 4/2/2015 4:14:07 PM, SYSTEM, DSOTM, Manual, Start:4/2/2015 3:56:34 PM, Duration:15 min 32 sec, Threat Scan, Completed, 0 Malware Detections, 4 Non-Malware Detections,

Update, 4/2/2015 4:16:45 PM, SYSTEM, DSOTM, Manual, Failed, Unable to access update server,

Scan, 4/2/2015 4:30:50 PM, SYSTEM, DSOTM, Manual, Start:4/2/2015 4:16:45 PM, Duration:14 min 4 sec, Threat Scan, Cancelled, 0 Malware Detections, 0 Non-Malware Detections,

Protection, 4/2/2015 4:42:58 PM, SYSTEM, DSOTM, Protection, Malware Protection, Starting,

Protection, 4/2/2015 4:42:59 PM, SYSTEM, DSOTM, Protection, Malware Protection, Started,

Protection, 4/2/2015 4:42:59 PM, SYSTEM, DSOTM, Protection, Malicious Website Protection, Starting,

Protection, 4/2/2015 4:43:08 PM, SYSTEM, DSOTM, Protection, Malicious Website Protection, Started,

Protection, 4/2/2015 6:10:03 PM, SYSTEM, DSOTM, Protection, Malware Protection, Starting,

Protection, 4/2/2015 6:10:03 PM, SYSTEM, DSOTM, Protection, Malware Protection, Started,

Protection, 4/2/2015 6:10:03 PM, SYSTEM, DSOTM, Protection, Malicious Website Protection, Starting,

Protection, 4/2/2015 6:10:22 PM, SYSTEM, DSOTM, Protection, Malicious Website Protection, Started,

Update, 4/2/2015 8:41:21 PM, SYSTEM, DSOTM, Manual, Malware Database, 2015.4.2.6, 2015.4.3.1,

Scan, 4/2/2015 8:56:02 PM, SYSTEM, DSOTM, Manual, Start:4/2/2015 8:41:21 PM, Duration:14 min 38 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections,

 

Share this post


Link to post
Share on other sites

Thanks for your reply. I of course was very worried about the security of everything on my computer, but also my online accounts.

Have you considered email alerts to users when a false positive of such magnitude (MS Office files) has occurred?

Thanks again.

It would have saved me, and ostensibly many others, hours of downtime. Of course next time I'll check you forums first, but still.

Share this post


Link to post
Share on other sites

I will pass that idea on.

 

Thanks for your understanding.

 

We have made some changes on the backend to prevent this in the future.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.