Jump to content
aland08

Trojan.Chifrax

Recommended Posts

Hi,

Just scanned & picked up "Trojan.Chifrax" infections in the following areas:

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe (Trojan.Chifrax) -> Quarantined and deleted successfully.

Files Infected:

C:\Documents and Settings\Alan\Local Settings\Temp\setup.exe (Trojan.Chifrax) -> Quarantined and deleted successfully.

I am heavily protected, very careful where I go online & do not download info from untrusted sources. So, I am inclined to think that this may be an FP but I see no other reports of such. I scanned with Avast late last night & was clean yet this morning MBAM picked up the Trojan.Chifrax. There was a Windows update overnight that automatically installed & restarted my pc.

I would appreciate any input. Thanks!

Share this post


Link to post
Share on other sites
Hi,

Same here

Is this a FP ?

Thanks

Yep and another same here. It happens every few days on Windows 7 x64. At first i was clicking quarantine and there was nothing every in the quarantine. Then last time i clicked ignore hoping it was some install i did that was finishing up and i wouldn't get nagged again yet today i got nagged again. I have looked in my temp folder to see if i could find the file and i can't because i was going to run it through virustotals. Malwarebytes finds nothing on its daily scans and either does NIS 2010 or Prevx. Even tried hitman since it uses many virus scanners and it found nothing also. Guys can you help because i'm assuming this is a FP because its getting annoying.

Share this post


Link to post
Share on other sites
Yep and another same here. It happens every few days on Windows 7 x64. At first i was clicking quarantine and there was nothing every in the quarantine. Then last time i clicked ignore hoping it was some install i did that was finishing up and i wouldn't get nagged again yet today i got nagged again. I have looked in my temp folder to see if i could find the file and i can't because i was going to run it through virustotals. Malwarebytes finds nothing on its daily scans and either does NIS 2010 or Prevx. Even tried hitman since it uses many virus scanners and it found nothing also. Guys can you help because i'm assuming this is a FP because its getting annoying.

Just to be clear i'm getting the file the author listed above detected in my temp directory but not the registry key.

Share this post


Link to post
Share on other sites

Hi aland08 (and other people),

If you think that is a F/P, then please follow the instruction in the post Here, and if possible, zip and attach the file(s) in question for the developers to investigate.

Thank you :)

Share this post


Link to post
Share on other sites
Hi aland08 (and other people),

If you think that is a F/P, then please follow the instruction in the post Here, and if possible, zip and attach the file(s) in question for the developers to investigate.

Thank you :)

Hi All,

Did this issue get resolved? I also just updated Malwarebytes then ran a quick scan and it detected the same 2 cases of Trojan.Chifrax in exactly the same locations:

C:\Documents and Settings\*****\Local Settings\Temp\Setup.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe

I have attached the MBAM logfile run in developer mode and the 2 files in question. Please can you let me know if these are false positives or not?

Kind Regards

mbam_log_2010_06_13__12_33_00_.zip

Setup.zip

HKEY_LOCAL_MACHINE.setup.zip

Share this post


Link to post
Share on other sites
Did this issue get resolved? ... Please can you let me know if these are false positives or not?

Don't know...MBAM never did confirm :)

Share this post


Link to post
Share on other sites

I think this was confirmed a FP in one of the other threads about this issue.

Share this post


Link to post
Share on other sites
I think this was confirmed a FP in one of the other threads about this issue.

Hi Nosirrah,

Can you confirm which post had this confirmed as a FP in? The only other thread I can find on this subject is the one titled 'False Positive of Trojan.Chifrax' posted by Schmed. However this is a slightly different scenario as it appears that they didn't actually have any of the files present on their PC? And there is no confirmation from a Malwarebytes representative that this is a FP, they just suggest disabling a 'SuperFetch service' although I don't know what this is?

If this is a false positive, do you know if this problem will be addressed in the next update so that this doesn't keep popping up as a virus?

Thanks

Share this post


Link to post
Share on other sites

Let me know if it is still being detected, this should have been fixed a few hours ago.

Share this post


Link to post
Share on other sites
Let me know if it is still being detected, this should have been fixed a few hours ago.

Hi Nosirrah,

No worries, just updated Malwarebytes and ran another scan and it no longer picks up the FP in question. Thank you very much for all your help.

Cheers

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.