Jump to content
Kajisight

Trojan.Agent FP

Recommended Posts

Okay, database #2886 reports my PC is clean. The 19 trojans no longer appear. (Yes, I have Avast 4.8 free.)

Share this post


Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.41

Great stuff guys, all clear now. :D

Database version: 2886

Windows 6.0.6002 Service Pack 2

01/10/2009 17:44:09

mbam-log-2009-10-01 (17-44-09).txt

Scan type: Quick Scan

Objects scanned: 82490

Time elapsed: 2 minute(s), 55 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Share this post


Link to post
Share on other sites

BRAVO!!!! Update 2886 did the job:

Malwarebytes' Anti-Malware 1.41

Database version: 2886

Windows 5.1.2600 Service Pack 3

1-10-2009 19:04:27

mbam-log-2009-10-01 (19-04-27).txt

Scan type: Full Scan (C:\|)

Objects scanned: 171856

Time elapsed: 21 minute(s), 45 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

thanks guys! <sigh of relief> :D

Share this post


Link to post
Share on other sites

I'm happey to say that data base 2886 fixed the problem. I was haaving the same issue that the others here reported. I'm a little confused as to why a friend with identical programs (avast and malwarebytes) did not have this problem... Nevertheless, great job by the staff at Malwarebytes. I absolutely love the program, trust it and recommend it to everyone i come in contact with about computers.. Once again, thanks malwarebyte techs... :D:D

Share this post


Link to post
Share on other sites
Guest SFdude

:D

Call me naive, (and I love MBAM), but...

Just because these 19 Trojan warning messages

don't appear anymore in MBAM latest db update,

----> what is the chance that the offending OCX file (actskin4.ocx),

from a 3rd party AVAST vendor

is really a False Positive?

Could somebody at MBAM or AVAST give us

a definitive "all clear" on this "actskin4.ocx" file from a 3d party vendor?

SFdude

Share this post


Link to post
Share on other sites

Great- I agree Its fixed and I am on Database version: 2886

---------------------------------------

Malwarebytes' Anti-Malware 1.41

Database version: 2886

Windows 5.1.2600 Service Pack 3

10/1/2009 1:26:05 PM

mbam-log-2009-10-01 (13-26-05).txt

Scan type: Quick Scan

Objects scanned: 92526

Time elapsed: 6 minute(s), 15 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Share this post


Link to post
Share on other sites
:D

Call me naive, (and I love MBAM), but...

Just because these 19 Trojan warning messages

don't appear anymore in MBAM latest db update,

----> what is the chance that the offending OCX file (actskin4.ocx),

from a 3rd party AVAST vendor

is really a False Positive?

Could somebody at MBAM or AVAST give us

a definitive "all clear" on this "actskin4.ocx" file from a 3d party vendor?

SFdude

It is a confirmed false positive on a GUID detection.

One of our researchers(was'nt me) added a signature for a GUID value in the registry as it was being set by malware.

MBAM smart engine then tracked the GUID and all related registry components and files that they pointed too and produced the detections.

However in this case is not only malware that was seen to use this GUID but after further investigation it was being used by legitimate applications too.

Apologies on behalf of the researcher that made the error and sorry for any inconvenience or undue alarm caused.

Share this post


Link to post
Share on other sites
Guest SFdude
It is a confirmed false positive on a GUID detection.

One of our researchers(was'nt me) added a signature for a GUID value in the registry as it was being set by malware.

MBAM smart engine then tracked the GUID and all related registry components and files that they pointed too and produced the detections.

However in this case is not only malware that was seen to use this GUID but after further investigation it was being used by legitimate applications too.

Apologies on behalf of the researcher that made the error and sorry for any inconvenience or undue alarm caused.

Thank you, Fatdcuk.

Really do appreciate that "all clear" confirmation on this False Positive,

and the quick response time.

I love MBAM and AVAST!

(and count on both for security). :D

SFdude

Share this post


Link to post
Share on other sites

Fixed for me now, I restored all items I quarenteed earlier and the re-ran a scan.

Malwarebytes' Anti-Malware 1.41

Database version: 2888

Windows 5.1.2600 Service Pack 3

10/1/2009 4:06:48 PM

mbam-log-2009-10-01 (16-06-48).txt

Scan type: Quick Scan

Objects scanned: 123687

Time elapsed: 2 minute(s), 40 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Share this post


Link to post
Share on other sites
It is a confirmed false positive on a GUID detection.

One of our researchers(was'nt me) added a signature for a GUID value in the registry as it was being set by malware.

MBAM smart engine then tracked the GUID and all related registry components and files that they pointed too and produced the detections.

However in this case is not only malware that was seen to use this GUID but after further investigation it was being used by legitimate applications too.

Apologies on behalf of the researcher that made the error and sorry for any inconvenience or undue alarm caused.

Glad to officially hear that it is a false alarm, but one small question. I still have the original 17 alleged trojans in quarantine.....and when I ran MBAM midday, had 19 but didn't quarantine them. Noticed then that the System 32 file was rebuilt.....so should those quarantines be returned or deleted. My educated guess is ignore them. But would like to hear from you what to do.

First time on this Forum, and must say that your program is super!! Only one I am using other than SpywareBlaster......and Avast of course. Oh, and I put Zone Alarm on last night when I thought I was infested with trojans!! :D

Figgs....and a big HI DE HO to Raid. :D

Share this post


Link to post
Share on other sites

Everything is fixed now, Thank you all.

regards

nmb

Share this post


Link to post
Share on other sites

Hi Figgs,

They are safe to restore from quarantine as they will overwrite anything that had been replaced after MBAM removal.

Share this post


Link to post
Share on other sites
Hi Figgs,

They are safe to restore from quarantine as they will overwrite anything that had been replaced after MBAM removal.

Thanks Fatdcuk....I will restore them now. It was just a minor point, but wanted to make sure before I did that seeing as the System 32 file was replaced. You are up late!! :D

Cheers....from Canada

Share this post


Link to post
Share on other sites
Glad to officially hear that it is a false alarm, but one small question. I still have the original 17 alleged trojans in quarantine.....and when I ran MBAM midday, had 19 but didn't quarantine them. Noticed then that the System 32 file was rebuilt.....so should those quarantines be returned or deleted. My educated guess is ignore them. But would like to hear from you what to do.

First time on this Forum, and must say that your program is super!! Only one I am using other than SpywareBlaster......and Avast of course. Oh, and I put Zone Alarm on last night when I thought I was infested with trojans!! :D

Figgs....and a big HI DE HO to Raid. :D

Thanks? I guess. :D

Share this post


Link to post
Share on other sites
Thanks? I guess. :D

But of course, mon ami! Glad to read your face again. :D

I was surprised you saw this. I am an Admin on a UK Genealogy Forum which is extremely similar to this one and one of these days I will figure it out, lol.

Share this post


Link to post
Share on other sites
But of course, mon ami! Glad to read your face again. :blink:

I was surprised you saw this. I am an Admin on a UK Genealogy Forum which is extremely similar to this one and one of these days I will figure it out, lol.

I had this very problem this morning! i just updated MBAM, restored the files and ran another scan, it was clean, and Avast now opens! Sorry about starting another thread. I will try to remember to do a search first next time. :D

Share this post


Link to post
Share on other sites
i just ran a quick scan and it found 19 infections, I then ran the scan in the developer mode.

Malwarebytes' Anti-Malware 1.41

Database version: 2880

Windows 5.1.2600 Service Pack 2

9/30/2009 10:15:29 PM

mbam-log-2009-09-30 (22-15-27).txt

Scan type: Quick Scan

Objects scanned: 92798

Time elapsed: 1 minute(s), 33 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 17

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{3831331e-0d11-4716-871d-68f3b11d23c9} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142

5241869142325712067181869192068269413014739]

HKEY_CLASSES_ROOT\TypeLib\{90f3d7b3-92e7-44ba-b444-6a8e2a3bc375} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142

5241869142325712067181869192068269413014739]

HKEY_CLASSES_ROOT\Interface\{4921908c-7090-4d37-a6b3-fc447f08378a} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142

5241869142325712067181869192068269413014739]

HKEY_CLASSES_ROOT\Interface\{750fc67c-0311-4391-9864-a2efed49bd28} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142

5241869142325712067181869192068269413014739]

HKEY_CLASSES_ROOT\Interface\{f3fc950c-7583-4377-bad8-efbeaa33273c} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142

5241869142325712067181869192068269413014739]

HKEY_CLASSES_ROOT\CLSID\{0944d16c-d0f4-4389-982a-a085595a9eb3} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142

5241869142325712067181869192068269413014739]

HKEY_CLASSES_ROOT\CLSID\{3dcd2bc5-8489-48ae-891f-90c8b2f19f56} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142

5241869142325712067181869192068269413014739]

HKEY_CLASSES_ROOT\CLSID\{52c01a76-19e2-4a50-ae8a-38ffbccf9182} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142

5241869142325712067181869192068269413014739]

HKEY_CLASSES_ROOT\CLSID\{5954ea75-9bfa-461a-bd34-cea3a861ff19} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142

5241869142325712067181869192068269413014739]

HKEY_CLASSES_ROOT\CLSID\{762ec429-1a5d-4ab8-844a-9a552e1241da} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142

5241869142325712067181869192068269413014739]

HKEY_CLASSES_ROOT\CLSID\{a506ef88-9efc-4522-bfe1-a8e886a64d80} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142

5241869142325712067181869192068269413014739]

HKEY_CLASSES_ROOT\CLSID\{a5704c37-40da-49ef-904b-97e5f5f9b1c5} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142

5241869142325712067181869192068269413014739]

HKEY_CLASSES_ROOT\CLSID\{b87799af-2ce9-4daa-93cf-65f002035369} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142

5241869142325712067181869192068269413014739]

HKEY_CLASSES_ROOT\CLSID\{bbc73c94-337c-43cc-b52c-31eb9fa34013} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142

5241869142325712067181869192068269413014739]

HKEY_CLASSES_ROOT\CLSID\{c406f816-318d-4f7d-81cb-ba93ca7b70d5} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142

5241869142325712067181869192068269413014739]

HKEY_CLASSES_ROOT\CLSID\{d502d4a3-03e6-4eae-a14e-69606ca63430} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142

5241869142325712067181869192068269413014739]

HKEY_CLASSES_ROOT\CLSID\{ec22770d-3343-4c56-8a8d-3e560475f655} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142

5241869142325712067181869192068269413014739]

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\actskin4.ocx (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142

5241869142325712067181869192068269413014739]

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\actskin4.ocx (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142

5241869142325712067181869192068269413014739]

I uploaded the actskin4.ocx file to VirusTotal, here's the link to the results.(Only 1 scanner on VirusTotal found something, it was eSafe that detected "Win32.Flooder.IM.VB." Since just 1 at VT found it, it prolly is a FP?)

Actskin4.ocx is necesssary for Avas anti virus to load and run...I restored it fro my MB quarantine file ad now Avast runs fine.

Share this post


Link to post
Share on other sites
Restored the items from quarantine and Avast! starts up fine. The user interface for Avast! is "skinnable" -- I assume that they use a package from a third party.

How many items did you retore ? I only restored the " actskin4.ocx " file ....quarantined as a trojan agent

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.