Jump to content
Sign in to follow this  
Cordialis

FixGemius

Recommended Posts

I downloaded a legit freeware program that protects against Gemius. Now Malwarebytes' Anti-Malware just found a Trojan. There is not much information about it in the MBAM log, - just this one line: C:\WINDOWS\system32\Process.exe (Trojan.Agent) -> Quarantined and deleted successfully.

So now I wonder: was this a false positive? This is the download link for this legit program called FixGemius:

http://sptlarsenserious.googlepages.com/fixgemius.zip

How do I find out what's going on? I'm actually not worried but I'd like to have this legit program working in my PC - it's a quite sensible little thing. Thanks in advance for any kind of suggestions. :lol:

Share this post


Link to post
Share on other sites

This is a tool that is often used by malware to kill and delete antivirus software .

It is nothing more than a process killer app that under normal circumstances is completely harmless .

The problem is that there is no way to tell which one you have (although in this case its obviously legit) .

Right click the entry and select ignore , MBAM will not find it in a scan again .

Share this post


Link to post
Share on other sites

Thanks, but how do I know that this was a false and not a real Trojan? I might have gotten a real Trojan in the download process when I installed FixGemius? That's my dilemma: How do I find the confirmation for this in my PC? :lol: FixGemius is supposed to act as an active filter or shield. It is more than removal, I've been told?

Share this post


Link to post
Share on other sites

I have yet to see an antimalware program with guidelines or help that tells you exactly what file they want and how I can find it. Malwarebyte's Anti-Malware is no exception. I'm unable to upload the file: I have no clue as to where and how to find what. A path would be a wonder! :lol:

Share this post


Link to post
Share on other sites

The file shown that was removed. C:\WINDOWS\system32\Process.exe

You need to download the program again and install it. If you look in your C:\WINDOWS\system32\ folder you should not see a file named Process.exe

After you re-install this download you're talking about then I'm assuming that the Process.exe file will once again be there. If so then browse to that file and attempt to upload it.

Share this post


Link to post
Share on other sites

Thank you, AdvancedSetup, - the Trojan was genuine! I first searched the path as you said. No luck. Then I reinstalled the program and searched again: still no luck! It WAS NOT FixGemius that was quarantined. It was a genuine Trojan! I will start a new scan now in order to double check. I guess Malwarebytes' scanner will react again, should I be wrong about FixGemius. And I will report back, of cause.

Share this post


Link to post
Share on other sites

The new Malwarebytes scan just came back clean after FixGemius had been re-installed. So it was not a false positive, I believe. But even though the real Trojan has been deleted another program, Avira Antivir, just gave sound. It found this:

Virus or unwanted program 'TR/Drop.Softomat.AN [trojan]'

detected in file 'C:\System Volume Information\_restore{B1829B26-DD2F-4063-B395-DB9B61FBA91D}\RP2\A0000195.exe.

Action performed: Deny access

I think this was left by a freeware Norman scan or a freeware Trend Micro scan that I ran earlier today but I can't be sure of that. It wasn't a false positive the first time around as we've just seen. I'd better keep an eye on things the next couple days and run a few extra scans. Something spooky might be cooking...

Thanks a million for all this useful help and feedback, all you fine folks in here.

Share this post


Link to post
Share on other sites

Thanks, I will do that in a few minutes. Right now I'm updating and running what I have. Ad-Aware, SUPERAntiSpyware, the new scanner inside ThreatFire and Avira. I also just ran CCleaner with all boxes checked and I think I'll go and find myself an online scanner as well.

The amount of malware these days! It has gone crazy. Those criminal malware writers should be behind bars! :lol:

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.