Jump to content

Trojan.Agent FP

Kajisight

By Kajisight
in File Detections

 Share

Recommended Posts

  • Replies 70
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

ourstanley

ourstanley

Posted
Posted

Malwarebytes' Anti-Malware 1.41

Great stuff guys, all clear now. :D

Database version: 2886

Windows 6.0.6002 Service Pack 2

01/10/2009 17:44:09

mbam-log-2009-10-01 (17-44-09).txt

Scan type: Quick Scan

Objects scanned: 82490

Time elapsed: 2 minute(s), 55 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Link to post
Share on other sites
toja

toja

Posted
Posted

BRAVO!!!! Update 2886 did the job:

Malwarebytes' Anti-Malware 1.41

Database version: 2886

Windows 5.1.2600 Service Pack 3

1-10-2009 19:04:27

mbam-log-2009-10-01 (19-04-27).txt

Scan type: Full Scan (C:\|)

Objects scanned: 171856

Time elapsed: 21 minute(s), 45 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

thanks guys! <sigh of relief> :D

Link to post
Share on other sites
joelj1964

joelj1964

Posted
Posted

I'm happey to say that data base 2886 fixed the problem. I was haaving the same issue that the others here reported. I'm a little confused as to why a friend with identical programs (avast and malwarebytes) did not have this problem... Nevertheless, great job by the staff at Malwarebytes. I absolutely love the program, trust it and recommend it to everyone i come in contact with about computers.. Once again, thanks malwarebyte techs... :D:D
Link to post
Share on other sites
Guest SFdude

Guest SFdude

Posted
Posted

:D

Call me naive, (and I love MBAM), but...

Just because these 19 Trojan warning messages

don't appear anymore in MBAM latest db update,

----> what is the chance that the offending OCX file (actskin4.ocx),

from a 3rd party AVAST vendor

is really a False Positive?

Could somebody at MBAM or AVAST give us

a definitive "all clear" on this "actskin4.ocx" file from a 3d party vendor?

SFdude

Link to post
Share on other sites
JonPaulOnLine

JonPaulOnLine

Posted
Posted

Great- I agree Its fixed and I am on Database version: 2886

---------------------------------------

Malwarebytes' Anti-Malware 1.41

Database version: 2886

Windows 5.1.2600 Service Pack 3

10/1/2009 1:26:05 PM

mbam-log-2009-10-01 (13-26-05).txt

Scan type: Quick Scan

Objects scanned: 92526

Time elapsed: 6 minute(s), 15 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites
Fatdcuk

Fatdcuk

Posted
Posted
:D

Call me naive, (and I love MBAM), but...

Just because these 19 Trojan warning messages

don't appear anymore in MBAM latest db update,

----> what is the chance that the offending OCX file (actskin4.ocx),

from a 3rd party AVAST vendor

is really a False Positive?

Could somebody at MBAM or AVAST give us

a definitive "all clear" on this "actskin4.ocx" file from a 3d party vendor?

SFdude

It is a confirmed false positive on a GUID detection.

One of our researchers(was'nt me) added a signature for a GUID value in the registry as it was being set by malware.

MBAM smart engine then tracked the GUID and all related registry components and files that they pointed too and produced the detections.

However in this case is not only malware that was seen to use this GUID but after further investigation it was being used by legitimate applications too.

Apologies on behalf of the researcher that made the error and sorry for any inconvenience or undue alarm caused.

Link to post
Share on other sites
Guest SFdude

Guest SFdude

Posted
Posted
It is a confirmed false positive on a GUID detection.

One of our researchers(was'nt me) added a signature for a GUID value in the registry as it was being set by malware.

MBAM smart engine then tracked the GUID and all related registry components and files that they pointed too and produced the detections.

However in this case is not only malware that was seen to use this GUID but after further investigation it was being used by legitimate applications too.

Apologies on behalf of the researcher that made the error and sorry for any inconvenience or undue alarm caused.

Thank you, Fatdcuk.

Really do appreciate that "all clear" confirmation on this False Positive,

and the quick response time.

I love MBAM and AVAST!

(and count on both for security). :D

SFdude

Link to post
Share on other sites
Firefox

Firefox

Posted
Posted

Fixed for me now, I restored all items I quarenteed earlier and the re-ran a scan.

Malwarebytes' Anti-Malware 1.41

Database version: 2888

Windows 5.1.2600 Service Pack 3

10/1/2009 4:06:48 PM

mbam-log-2009-10-01 (16-06-48).txt

Scan type: Quick Scan

Objects scanned: 123687

Time elapsed: 2 minute(s), 40 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites
Figgs

Figgs

Posted
Posted
It is a confirmed false positive on a GUID detection.

One of our researchers(was'nt me) added a signature for a GUID value in the registry as it was being set by malware.

MBAM smart engine then tracked the GUID and all related registry components and files that they pointed too and produced the detections.

However in this case is not only malware that was seen to use this GUID but after further investigation it was being used by legitimate applications too.

Apologies on behalf of the researcher that made the error and sorry for any inconvenience or undue alarm caused.

Glad to officially hear that it is a false alarm, but one small question. I still have the original 17 alleged trojans in quarantine.....and when I ran MBAM midday, had 19 but didn't quarantine them. Noticed then that the System 32 file was rebuilt.....so should those quarantines be returned or deleted. My educated guess is ignore them. But would like to hear from you what to do.

First time on this Forum, and must say that your program is super!! Only one I am using other than SpywareBlaster......and Avast of course. Oh, and I put Zone Alarm on last night when I thought I was infested with trojans!! :D

Figgs....and a big HI DE HO to Raid. :D

Link to post
Share on other sites
Figgs

Figgs

Posted
Posted
Hi Figgs,

They are safe to restore from quarantine as they will overwrite anything that had been replaced after MBAM removal.

Thanks Fatdcuk....I will restore them now. It was just a minor point, but wanted to make sure before I did that seeing as the System 32 file was replaced. You are up late!! :D

Cheers....from Canada

Link to post
Share on other sites
Raid

Raid

Posted
Posted
Glad to officially hear that it is a false alarm, but one small question. I still have the original 17 alleged trojans in quarantine.....and when I ran MBAM midday, had 19 but didn't quarantine them. Noticed then that the System 32 file was rebuilt.....so should those quarantines be returned or deleted. My educated guess is ignore them. But would like to hear from you what to do.

First time on this Forum, and must say that your program is super!! Only one I am using other than SpywareBlaster......and Avast of course. Oh, and I put Zone Alarm on last night when I thought I was infested with trojans!! :D

Figgs....and a big HI DE HO to Raid. :D

Thanks? I guess. :D

Link to post
Share on other sites
Figgs

Figgs

Posted
Posted
Thanks? I guess. :D

But of course, mon ami! Glad to read your face again. :D

I was surprised you saw this. I am an Admin on a UK Genealogy Forum which is extremely similar to this one and one of these days I will figure it out, lol.

Link to post
Share on other sites
rosebud

rosebud

Posted
Posted
But of course, mon ami! Glad to read your face again. :blink:

I was surprised you saw this. I am an Admin on a UK Genealogy Forum which is extremely similar to this one and one of these days I will figure it out, lol.

I had this very problem this morning! i just updated MBAM, restored the files and ran another scan, it was clean, and Avast now opens! Sorry about starting another thread. I will try to remember to do a search first next time. :D

Link to post
Share on other sites
kirbeye

kirbeye

Posted
Posted
i just ran a quick scan and it found 19 infections, I then ran the scan in the developer mode.

Malwarebytes' Anti-Malware 1.41

Database version: 2880

Windows 5.1.2600 Service Pack 2

9/30/2009 10:15:29 PM

mbam-log-2009-09-30 (22-15-27).txt

Scan type: Quick Scan

Objects scanned: 92798

Time elapsed: 1 minute(s), 33 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 17

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{3831331e-0d11-4716-871d-68f3b11d23c9} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142

5241869142325712067181869192068269413014739]

HKEY_CLASSES_ROOT\TypeLib\{90f3d7b3-92e7-44ba-b444-6a8e2a3bc375} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142

5241869142325712067181869192068269413014739]

HKEY_CLASSES_ROOT\Interface\{4921908c-7090-4d37-a6b3-fc447f08378a} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142

5241869142325712067181869192068269413014739]

HKEY_CLASSES_ROOT\Interface\{750fc67c-0311-4391-9864-a2efed49bd28} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142

5241869142325712067181869192068269413014739]

HKEY_CLASSES_ROOT\Interface\{f3fc950c-7583-4377-bad8-efbeaa33273c} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142

5241869142325712067181869192068269413014739]

HKEY_CLASSES_ROOT\CLSID\{0944d16c-d0f4-4389-982a-a085595a9eb3} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142

5241869142325712067181869192068269413014739]

HKEY_CLASSES_ROOT\CLSID\{3dcd2bc5-8489-48ae-891f-90c8b2f19f56} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142

5241869142325712067181869192068269413014739]

HKEY_CLASSES_ROOT\CLSID\{52c01a76-19e2-4a50-ae8a-38ffbccf9182} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142

5241869142325712067181869192068269413014739]

HKEY_CLASSES_ROOT\CLSID\{5954ea75-9bfa-461a-bd34-cea3a861ff19} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142

5241869142325712067181869192068269413014739]

HKEY_CLASSES_ROOT\CLSID\{762ec429-1a5d-4ab8-844a-9a552e1241da} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142

5241869142325712067181869192068269413014739]

HKEY_CLASSES_ROOT\CLSID\{a506ef88-9efc-4522-bfe1-a8e886a64d80} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142

5241869142325712067181869192068269413014739]

HKEY_CLASSES_ROOT\CLSID\{a5704c37-40da-49ef-904b-97e5f5f9b1c5} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142

5241869142325712067181869192068269413014739]

HKEY_CLASSES_ROOT\CLSID\{b87799af-2ce9-4daa-93cf-65f002035369} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142

5241869142325712067181869192068269413014739]

HKEY_CLASSES_ROOT\CLSID\{bbc73c94-337c-43cc-b52c-31eb9fa34013} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142

5241869142325712067181869192068269413014739]

HKEY_CLASSES_ROOT\CLSID\{c406f816-318d-4f7d-81cb-ba93ca7b70d5} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142

5241869142325712067181869192068269413014739]

HKEY_CLASSES_ROOT\CLSID\{d502d4a3-03e6-4eae-a14e-69606ca63430} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142

5241869142325712067181869192068269413014739]

HKEY_CLASSES_ROOT\CLSID\{ec22770d-3343-4c56-8a8d-3e560475f655} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142

5241869142325712067181869192068269413014739]

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\actskin4.ocx (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142

5241869142325712067181869192068269413014739]

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\actskin4.ocx (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142

5241869142325712067181869192068269413014739]

I uploaded the actskin4.ocx file to VirusTotal, here's the link to the results.(Only 1 scanner on VirusTotal found something, it was eSafe that detected "Win32.Flooder.IM.VB." Since just 1 at VT found it, it prolly is a FP?)

Actskin4.ocx is necesssary for Avas anti virus to load and run...I restored it fro my MB quarantine file ad now Avast runs fine.

Link to post
Share on other sites
kirbeye

kirbeye

Posted
Posted
Restored the items from quarantine and Avast! starts up fine. The user interface for Avast! is "skinnable" -- I assume that they use a package from a third party.

How many items did you retore ? I only restored the " actskin4.ocx " file ....quarantined as a trojan agent

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.