Jump to content

Threat Detected by AVG: Trojan horse PSW Generic6.AQPD

Gobstopper

By Gobstopper
in Resolved Malware Removal Logs

 Share

Recommended Posts

Gobstopper

Gobstopper

Posted
Posted

Hi. Recently received a warning from AVG Free when browsing with Internet Explorer. This warning appears every time a page is loaded and at random intervals as well. The error is not reported when browsing with Firefox.

The exact error popup message is as follows:

AVG Resident Shield alert

Threat detected!

File name: C:\Windows\SysWoW64\Macromed\Flash\FlashUtil10a.exe

Threat name: Trojan horse PSW Generic6.AQPD

Detected an open

Options: Heal, Move to Vault, Ignore, Help

Actions to take are: Heal, Move to Vault, Ignore, Help

Any action taken leads to the following responses in this order:

1. Do you want to force the threat removal?

2. Forced removal can cause system instability or even crash.

3. Some files cannot be healed. The action was interrupted by user.

Logs:

Malware Bytes

Malwarebytes' Anti-Malware 1.30

Database version: 1399

Windows 6.0.6001 Service Pack 1

11/15/2008 12:10:43 AM

mbam-log-2008-11-15 (00-10-43).txt

Scan type: Quick Scan

Objects scanned: 49062

Time elapsed: 2 minute(s), 51 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Panda Active Scan

;*******************************************************************************

********************************************************************************

*

*******************

ANALYSIS: 2008-11-15 01:05:55

PROTECTIONS: 1

MALWARE: 24

SUSPECTS: 0

;*******************************************************************************

********************************************************************************

*

*******************

PROTECTIONS

Description Version Active Updated

;===============================================================================

================================================================================

=

===================

AVG Anti-Virus Free 8.0 Yes Yes

;===============================================================================

================================================================================

=

===================

MALWARE

Id Description Type Active Severity Disinfectable Disinfected Location

;===============================================================================

================================================================================

=

===================

00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Users\Paolo\AppData\Roaming\Microsoft\Windows\Cookies\paolo@trafficmp[2].txt

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Paolo\AppData\Roaming\Microsoft\Windows\Cookies\Low\paolo@doubleclick[1].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Paolo\AppData\Roaming\Microsoft\Windows\Cookies\paolo@atdmt[2].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Paolo\AppData\Roaming\Microsoft\Windows\Cookies\Low\paolo@atdmt[2].txt

00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Paolo\AppData\Roaming\Microsoft\Windows\Cookies\Low\paolo@fastclick[1].txt

00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\Paolo\AppData\Roaming\Microsoft\Windows\Cookies\Low\paolo@tribalfusion[1].txt

00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\Paolo\AppData\Roaming\Microsoft\Windows\Cookies\Low\paolo@mediaplex[1].txt

00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Paolo\AppData\Roaming\Microsoft\Windows\Cookies\Low\paolo@com[1].txt

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Paolo\AppData\Roaming\Microsoft\Windows\Cookies\Low\paolo@ad.yieldmanager[2].txt

00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Users\Paolo\AppData\Roaming\Microsoft\Windows\Cookies\Low\paolo@apmebf[2].txt

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Paolo\AppData\Roaming\Microsoft\Windows\Cookies\paolo@serving-sys[1].txt

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Paolo\AppData\Roaming\Microsoft\Windows\Cookies\Low\paolo@serving-sys[2].txt

00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Paolo\AppData\Roaming\Microsoft\Windows\Cookies\Low\paolo@bs.serving-sys[1].txt

00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Paolo\AppData\Roaming\Microsoft\Windows\Cookies\paolo@bs.serving-sys[1].txt

00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Users\Paolo\AppData\Roaming\Microsoft\Windows\Cookies\Low\paolo@server.iad.liveperson[1].txt

00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Paolo\AppData\Roaming\Microsoft\Windows\Cookies\paolo@advertising[1].txt

00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Paolo\AppData\Roaming\Microsoft\Windows\Cookies\Low\paolo@advertising[2].txt

00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Users\Paolo\AppData\Roaming\Microsoft\Windows\Cookies\Low\paolo@statse.webtrendslive[1].txt

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Paolo\AppData\Roaming\Microsoft\Windows\Cookies\Low\paolo@ads.pointroll[2].txt

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Paolo\AppData\Roaming\Microsoft\Windows\Cookies\paolo@ads.pointroll[2].txt

00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Paolo\AppData\Roaming\Microsoft\Windows\Cookies\Low\paolo@realmedia[1].txt

00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\Paolo\AppData\Roaming\Microsoft\Windows\Cookies\Low\paolo@questionmarket[1].txt

00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\Paolo\AppData\Roaming\Microsoft\Windows\Cookies\paolo@questionmarket[1].txt

00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Users\Paolo\AppData\Roaming\Microsoft\Windows\Cookies\Low\paolo@zedo[1].txt

00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Users\Paolo\AppData\Roaming\Microsoft\Windows\Cookies\Low\paolo@bluestreak[2].txt

00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Users\Paolo\AppData\Roaming\Microsoft\Windows\Cookies\Low\paolo@target[1].txt

00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Users\Paolo\AppData\Roaming\Microsoft\Windows\Cookies\Low\paolo@did-it[1].txt

00207936 Cookie/Adviva TrackingCookie No 0 Yes No C:\Users\Paolo\AppData\Roaming\Microsoft\Windows\Cookies\Low\paolo@adviva[2].txt

00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Users\Paolo\AppData\Roaming\Microsoft\Windows\Cookies\Low\paolo@atwola[1].txt

00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Users\Paolo\AppData\Roaming\Microsoft\Windows\Cookies\paolo@atwola[2].txt

03587590 Adware/Yassist Adware No 0 No No C:\Users\Paolo\AppData\Local\Temp\DivDAFA.tmp\DivXInstaller.exe[

Link to post
Share on other sites
Gobstopper

Gobstopper

Posted
  • Author
Posted

Hey Raid. Thanks for the quick reply. I went into C:\Windows\SysWoW64\Macromed\Flash and couldn't find the file named FlashUtil10a.exe.

It does appear to be a false positive, but I wanted to make sure since I was reading an article on CNN.com that led me to a white supremacist website that my antivirus warned me had a trojan. It seems weird that it would be a coincidence that the website would have a trojan and then I would have a false positive with my antivirus. Can't really do much now though since I can't locate the file. "Show hidden files and folders" was checked in folder options and windows search produced no matches.

Link to post
Share on other sites
Raid

Raid

Posted
Posted
Hey Raid. Thanks for the quick reply. I went into C:\Windows\SysWoW64\Macromed\Flash and couldn't find the file named FlashUtil10a.exe.

It does appear to be a false positive, but I wanted to make sure since I was reading an article on CNN.com that led me to a white supremacist website that my antivirus warned me had a trojan. It seems weird that it would be a coincidence that the website would have a trojan and then I would have a false positive with my antivirus. Can't really do much now though since I can't locate the file. "Show hidden files and folders" was checked in folder options and windows search produced no matches.

Okay, I'll go ahead and close out this thread.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept