« previous next »
Pages: [1]   Go Down

Author Topic: Win32: Trojan gen - Not a False Alarm  (Read 8286 times)

0 Members and 1 Guest are viewing this topic.

magdelen11235

  • Guest
Win32: Trojan gen - Not a False Alarm
« on: August 26, 2009, 06:09:19 PM »
So like the topic, my comp has Win32 Trojan Gen, and its rootkit. I used this thread http://forum.avast.com/index.php?topic=36663.0 as my main way of dealing with the virus, but that thread was basing its action on assuming that most likely the virs was a false positive b/c there was no particular place avast! could pinpoint. However mine pinpointed to a particular place on my comp. C:\Windows\Temp\_avast4_.

So far: I restored the virus from the chest into another file par recommendation of the above thread, scanned it with virus total, which 18 detections came up, then promptly relocated it the chest.

I have run avast! anti rootkit, which detected a hidden file in my c:\users\username\appdata\local\temp\ however when I go to that path and use show hidden files from folder options the file is still unseen. it is a .tmp and there is one in there but a different name. When click "fix on avast! antirootkit it says error. Here's the log: avast! Antirootkit, version 0.9.6
Scan started: Wednesday, August 26, 2009 11:07:01 AM

File C:\Users\Magdelen11235\AppData\Local\Temp\45cd5841-1b41-442c-b03e-b6935f465e9b.tmp  **HIDDEN**

Scan finished: Wednesday, August 26, 2009 11:20:06 AM
Hidden files found: 1
Hidden registry items found: 0
Hidden processes found: 0
Hidden services found: 0
Hidden boot sectors found: 0

Dr Web Detected nothing lol.
AVG is still Scanning but has detected nothing.

SuperAntiSpyware is still scanning but has already detected a trojan called TrojanAgent/Gen-PennyStockChaser

Logged

magdelen11235

  • Guest
Re: Win32: Trojan gen - Not a False Alarm
« Reply #1 on: August 26, 2009, 06:10:32 PM »
I just used HiJackThis and two Errors came up and then the process continued. I renamed it to hiackthis.exe to hello.exe and ran the scan. No Errors. Here's the log: Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:04:35 PM, on 8/26/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\PLFSetI.exe
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files (x86)\AVG\AVG8\avgtray.exe
C:\Program Files (x86)\Razer\Mamba\RazerTray.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\AVG\AVG8\avgui.exe
C:\Users\Magdelen11235\Documents\Installers\Avast!\aswar.exe
C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Alwil Software\Avast4\ashChest.exe
C:\Users\Magdelen11235\Documents\Installers\HiJackThis\hello.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp64&d=0309&m=aspire_6920
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp64&d=0309&m=aspire_6920
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp64&d=0309&m=aspire_6920
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp64&d=0309&m=aspire_6920
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll
O2 - BHO: Partner BHO Class - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\partner.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~2\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Razer Mamba Driver] C:\Program Files (x86)\Razer\Mamba\RazerTray.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Logged

magdelen11235

  • Guest
Re: Win32: Trojan gen - Not a False Alarm
« Reply #2 on: August 26, 2009, 06:12:11 PM »
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Windows\
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Unknown owner - C:\Windows\system32\agr64svc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Unknown owner - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (file missing)
O23 - Service: Avira AntiVir Guard (AntiVirService) - Unknown owner - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Partner Service - Google Inc. - C:\ProgramData\Partner\partner.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10747 bytes

I did not do fix checked because I have no idea what to check. Anyway any help on removing this virus would greatly appreciated. I will update when superantispyware finishes its scan. Thank you
Logged

magdelen11235

  • Guest
Re: Win32: Trojan gen - Not a False Alarm
« Reply #3 on: August 26, 2009, 06:17:40 PM »
AVG scan finished found 84 warnings but no trojan all from cookies.
Log: "Scan ""Scan whole computer"" was finished."
"Warnings";"84"
"Folders selected for scanning:";"Scan whole computer"
"Scan started:";"Wednesday, August 26, 2009, 11:05:29 AM"
"Scan finished:";"Wednesday, August 26, 2009, 12:13:51 PM (1 hour(s) 8 minute(s) 21 second(s))"
"Total object scanned:";"928859"
"User who launched the scan:";"Magdelen11235"

"Warnings"
"File";"Infection";"Result"
"C:\Users\Magdelen11235\AppData\Roaming\Mozilla\Firefox\Profiles\5m9s41ux.default\cookies.sqlite";"Found Tracking cookie.Doubleclick";"Potentially dangerous object"
"C:\Users\Magdelen11235\AppData\Roaming\Mozilla\Firefox\Profiles\5m9s41ux.default\cookies.sqlite:\247realmedia.com.855b46d";"Found Tracking cookie.247realmedia";"Potentially dangerous object"
"C:\Users\Magdelen11235\AppData\Roaming\Mozilla\Firefox\Profiles\5m9s41ux.default\cookies.sqlite:\2o7.net.3b7e7590";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Users\Magdelen11235\AppData\Roaming\Mozilla\Firefox\Profiles\5m9s41ux.default\cookies.sqlite:\ad.yieldmanager.com.539b0606";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Users\Magdelen11235\AppData\Roaming\Mozilla\Firefox\Profiles\5m9s41ux.default\cookies.sqlite:\ad.yieldmanager.com.557bf2b0";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Users\Magdelen11235\AppData\Roaming\Mozilla\Firefox\Profiles\5m9s41ux.default\cookies.sqlite:\adbrite.com.71beeff9";"Found Tracking cookie.Adbrite";"Potentially dangerous object"
"C:\Users\Magdelen11235\AppData\Roaming\Mozilla\Firefox\Profiles\5m9s41ux.default\cookies.sqlite:\adbrite.com.775ee79c";"Found Tracking cookie.Adbrite";"Potentially dangerous object"
"C:\Users\Magdelen11235\AppData\Roaming\Mozilla\Firefox\Profiles\5m9s41ux.default\cookies.sqlite:\adbrite.com.d5e309c2";"Found Tracking cookie.Adbrite";"Potentially dangerous object"
"C:\Users\Magdelen11235\AppData\Roaming\Mozilla\Firefox\Profiles\5m9s41ux.default\cookies.sqlite:\adbrite.com.e1f04284";"Found Tracking cookie.Adbrite";"Potentially dangerous object"
"C:\Users\Magdelen11235\AppData\Roaming\Mozilla\Firefox\Profiles\5m9s41ux.default\cookies.sqlite:\atdmt.com.7247c262";"Found Tracking cookie.Atdmt";"Potentially dangerous object"
"C:\Users\Magdelen11235\AppData\Roaming\Mozilla\Firefox\Profiles\5m9s41ux.default\cookies.sqlite:\atdmt.com.b3e33b5f";"Found Tracking cookie.Atdmt";"Potentially dangerous object"
"C:\Users\Magdelen11235\AppData\Roaming\Mozilla\Firefox\Profiles\5m9s41ux.default\cookies.sqlite:\fastclick.net.8a6435e9";"Found Tracking cookie.Fastclick";"Potentially dangerous object"
"C:\Users\Magdelen11235\AppData\Roaming\Mozilla\Firefox\Profiles\5m9s41ux.default\cookies.sqlite:\fastclick.net.8dd1284a";"Found Tracking cookie.Fastclick";"Potentially dangerous object"
"C:\Users\Magdelen11235\AppData\Roaming\Mozilla\Firefox\Profiles\5m9s41ux.default\cookies.sqlite:\fastclick.net.9b41aa53";"Found Tracking cookie.Fastclick";"Potentially dangerous object"
"C:\Users\Magdelen11235\AppData\Roaming\Mozilla\Firefox\Profiles\5m9s41ux.default\cookies.sqlite:\fastclick.net.fac3d6f0";"Found Tracking cookie.Fastclick";"Potentially dangerous object"
"C:\Users\Magdelen11235\AppData\Roaming\Mozilla\Firefox\Profiles\5m9s41ux.default\cookies.sqlite:\mediaplex.com.323e9a10";"Found Tracking cookie.Mediaplex";"Potentially dangerous object"
"C:\Users\Magdelen11235\AppData\Roaming\Mozilla\Firefox\Profiles\5m9s41ux.default\cookies.sqlite:\advertising.com.1820df7a";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Users\Magdelen11235\AppData\Roaming\Mozilla\Firefox\Profiles\5m9s41ux.default\cookies.sqlite:\advertising.com.203aa218";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Users\Magdelen11235\AppData\Roaming\Mozilla\Firefox\Profiles\5m9s41ux.default\cookies.sqlite:\advertising.com.525a5fb9";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Users\Magdelen11235\AppData\Roaming\Mozilla\Firefox\Profiles\5m9s41ux.default\cookies.sqlite:\advertising.com.b624fa46";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Users\Magdelen11235\AppData\Roaming\Mozilla\Firefox\Profiles\5m9s41ux.default\cookies.sqlite:\advertising.com.f62113d5";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Users\Magdelen11235\AppData\Roaming\Mozilla\Firefox\Profiles\5m9s41ux.default\cookies.sqlite:\bs.serving-sys.com.5bf1f00f";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Users\Magdelen11235\AppData\Roaming\Mozilla\Firefox\Profiles\5m9s41ux.default\cookies.sqlite:\mediaplex.com.f652b123";"Found Tracking cookie.Mediaplex";"Potentially dangerous object"
"C:\Users\Magdelen11235\AppData\Roaming\Mozilla\Firefox\Profiles\5m9s41ux.default\cookies.sqlite:\overture.com.52ca467a";"Found Tracking cookie.Overture";"Potentially dangerous object"
"C:\Users\Magdelen11235\AppData\Roaming\Mozilla\Firefox\Profiles\5m9s41ux.default\cookies.sqlite:\overture.com.e626e6be";"Found Tracking cookie.Overture";"Potentially dangerous object"
"C:\Users\Magdelen11235\AppData\Roaming\Mozilla\Firefox\Profiles\5m9s41ux.default\cookies.sqlite:\questionmarket.com.3eb5a9f1";"Found Tracking cookie.Questionmarket";"Potentially dangerous object"
"C:\Users\Magdelen11235\AppData\Roaming\Mozilla\Firefox\Profiles\5m9s41ux.default\cookies.sqlite:\revsci.net.50e13b1b";"Found Tracking cookie.Revsci";"Potentially dangerous object"
"C:\Users\Magdelen11235\AppData\Roaming\Mozilla\Firefox\Profiles\5m9s41ux.default\cookies.sqlite:\ad.yieldmanager.com.830b6f08";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Users\Magdelen11235\AppData\Roaming\Mozilla\Firefox\Profiles\5m9s41ux.default\cookies.sqlite:\ad.yieldmanager.com.87a9ab5d";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Users\Magdelen11235\AppData\Roaming\Mozilla\Firefox\Profiles\5m9s41ux.default\cookies.sqlite:\ad.yieldmanager.com.ff92306";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Users\Magdelen11235\AppData\Roaming\Mozilla\Firefox\Profiles\5m9s41ux.default\cookies.sqlite:\adbrite.com.44f92a69";"Found Tracking cookie.Adbrite";"Potentially dangerous object"
"C:\Users\Magdelen11235\AppData\Roaming\Mozilla\Firefox\Profiles\5m9s41ux.default\cookies.sqlite:\atdmt.com.74c5668";"Found Tracking cookie.Atdmt";"Potentially dangerous object"
"C:\Users\Magdelen11235\AppData\Roaming\Mozilla\Firefox\Profiles\5m9s41ux.default\cookies.sqlite:\advertising.com.1dfa2206";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Users\Magdelen11235\AppData\Roaming\Mozilla\Firefox\Profiles\5m9s41ux.default\cookies.sqlite:\atdmt.com.9e6d7fd3";"Found Tracking cookie.Atdmt";"Potentially dangerous object"
"C:\Users\Magdelen11235\AppData\Roaming\Mozilla\Firefox\Profiles\5m9s41ux.default\cookies.sqlite:\burstnet.com.27341d57";"Found Tracking cookie.Burstnet";"Potentially dangerous object"
"C:\Users\Magdelen11235\AppData\Roaming\Mozilla\Firefox\Profiles\5m9s41ux.default\cookies.sqlite:\burstnet.com.c4fe2ebb";"Found Tracking cookie.Burstnet";"Potentially dangerous object"
"C:\Users\Magdelen11235\AppData\Roaming\Mozilla\Firefox\Profiles\5m9s41ux.default\cookies.sqlite:\casalemedia.com.156cbc67";"Found Tracking cookie.Casalemedia";"Potentially dangerous object"
"C:\Users\Magdelen11235\AppData\Roaming\Mozilla\Firefox\Profiles\5m9s41ux.default\cookies.sqlite:\casalemedia.com.1773afc";"Found Tracking cookie.Casalemedia";"Potentially dangerous object"
"C:\Users\Magdelen11235\AppData\Roaming\Mozilla\Firefox\Profiles\5m9s41ux.default\cookies.sqlite:\casalemedia.com.80ad4799";"Found Tracking cookie.Casalemedia";"Potentially dangerous object"
"C:\Users\Magdelen11235\AppData\Roaming\Mozilla\Firefox\Profiles\5m9s41ux.default\cookies.sqlite:\casalemedia.com.987e6b46";"Found Tracking cookie.Casalemedia";"Potentially dangerous object"
"C:\Users\Magdelen11235\AppData\Roaming\Mozilla\Firefox\Profiles\5m9s41ux.default\cookies.sqlite:\fastclick.net.57e8da10";"Found Tracking cookie.Fastclick";"Potentially dangerous object"
"C:\Users\Magdelen11235\AppData\Roaming\Mozilla\Firefox\Profiles\5m9s41ux.default\cookies.sqlite:\fastclick.net.6fd479aa";"Found Tracking cookie.Fastclick";"Potentially dangerous object"
Logged

magdelen11235

  • Guest
Re: Win32: Trojan gen - Not a False Alarm
« Reply #4 on: August 26, 2009, 06:18:10 PM »
"C:\Users\Magdelen11235\AppData\Roaming\Mozilla\Firefox\Profiles\5m9s41ux.default\cookies.sqlite:\mediaplex.com.dc30fb3c";"Found Tracking cookie.Mediaplex";"Potentially dangerous object"
"C:\Users\Magdelen11235\AppData\Roaming\Mozilla\Firefox\Profiles\5m9s41ux.default\cookies.sqlite:\realmedia.com.855b46d";"Found Tracking cookie.Realmedia";"Potentially dangerous object"
"C:\Users\Magdelen11235\AppData\Roaming\Mozilla\Firefox\Profiles\5m9s41ux.default\cookies.sqlite:\revsci.net.55564293";"Found Tracking cookie.Revsci";"Potentially dangerous object"
"C:\Users\Magdelen11235\AppData\Roaming\Mozilla\Firefox\Profiles\5m9s41ux.default\cookies.sqlite:\casalemedia.com.3a28db8d";"Found Tracking cookie.Casalemedia";"Potentially dangerous object"
"C:\Users\Magdelen11235\AppData\Roaming\Mozilla\Firefox\Profiles\5m9s41ux.default\cookies.sqlite:\casalemedia.com.8c65eddd";"Found Tracking cookie.Casalemedia";"Potentially dangerous object"
"C:\Users\Magdelen11235\AppData\Roaming\Mozilla\Firefox\Profiles\5m9s41ux.default\cookies.sqlite:\clickbank.net.82079eb1";"Found Tracking cookie.Clickbank";"Potentially dangerous object"
"C:\Users\Magdelen11235\AppData\Roaming\Mozilla\Firefox\Profiles\5m9s41ux.default\cookies.sqlite:\doubleclick.net.bf396750";"Found Tracking cookie.Doubleclick";"Potentially dangerous object"
"C:\Users\Magdelen11235\AppData\Roaming\Mozilla\Firefox\Profiles\5m9s41ux.default\cookies.sqlite:\hitbox.com.2b95f8a3";"Found Tracking cookie.Hitbox";"Potentially dangerous object"
"C:\Users\Magdelen11235\AppData\Roaming\Mozilla\Firefox\Profiles\5m9s41ux.default\cookies.sqlite:\hitbox.com.bbf2a6e8";"Found Tracking cookie.Hitbox";"Potentially dangerous object"
"C:\Users\Magdelen11235\AppData\Roaming\Mozilla\Firefox\Profiles\5m9s41ux.default\cookies.sqlite:\questionmarket.com.4dd5e426";"Found Tracking cookie.Questionmarket";"Potentially dangerous object"
"C:\Users\Magdelen11235\AppData\Roaming\Mozilla\Firefox\Profiles\5m9s41ux.default\cookies.sqlite:\realmedia.com.71465e38";"Found Tracking cookie.Realmedia";"Potentially dangerous object"
"C:\Users\Magdelen11235\AppData\Roaming\Mozilla\Firefox\Profiles\5m9s41ux.default\cookies.sqlite:\realmedia.com.ef906bac";"Found Tracking cookie.Realmedia";"Potentially dangerous object"
"C:\Users\Magdelen11235\AppData\Roaming\Mozilla\Firefox\Profiles\5m9s41ux.default\cookies.sqlite:\revsci.net.44927ec";"Found Tracking cookie.Revsci";"Potentially dangerous object"
"C:\Users\Magdelen11235\AppData\Roaming\Mozilla\Firefox\Profiles\5m9s41ux.default\cookies.sqlite:\revsci.net.2df99d79";"Found Tracking cookie.Revsci";"Potentially dangerous object"
"C:\Users\Magdelen11235\AppData\Roaming\Mozilla\Firefox\Profiles\5m9s41ux.default\cookies.sqlite:\revsci.net.8642c85d";"Found Tracking cookie.Revsci";"Potentially dangerous object"
"C:\Users\Magdelen11235\AppData\Roaming\Mozilla\Firefox\Profiles\5m9s41ux.default\cookies.sqlite:\revsci.net.e9dbeb91";"Found Tracking cookie.Revsci";"Potentially dangerous object"
"C:\Users\Magdelen11235\AppData\Roaming\Mozilla\Firefox\Profiles\5m9s41ux.default\cookies.sqlite:\searchportal.information.com.3a8d7204";"Found Tracking cookie.Information";"Potentially dangerous object"
"C:\Users\Magdelen11235\AppData\Roaming\Mozilla\Firefox\Profiles\5m9s41ux.default\cookies.sqlite:\serving-sys.com.255d6f2f";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Users\Magdelen11235\AppData\Roaming\Mozilla\Firefox\Profiles\5m9s41ux.default\cookies.sqlite:\serving-sys.com.400f83f";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Users\Magdelen11235\AppData\Roaming\Mozilla\Firefox\Profiles\5m9s41ux.default\cookies.sqlite:\serving-sys.com.4b416ef8";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Users\Magdelen11235\AppData\Roaming\Mozilla\Firefox\Profiles\5m9s41ux.default\cookies.sqlite:\serving-sys.com.606c3d3b";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Users\Magdelen11235\AppData\Roaming\Mozilla\Firefox\Profiles\5m9s41ux.default\cookies.sqlite:\serving-sys.com.6a1cf9e8";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Users\Magdelen11235\AppData\Roaming\Mozilla\Firefox\Profiles\5m9s41ux.default\cookies.sqlite:\serving-sys.com.c9034af6";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Users\Magdelen11235\AppData\Roaming\Mozilla\Firefox\Profiles\5m9s41ux.default\cookies.sqlite:\smartadserver.com.321a5cf8";"Found Tracking cookie.Smartadserver";"Potentially dangerous object"
"C:\Users\Magdelen11235\AppData\Roaming\Mozilla\Firefox\Profiles\5m9s41ux.default\cookies.sqlite:\smartadserver.com.3e749ab9";"Found Tracking cookie.Smartadserver";"Potentially dangerous object"
"C:\Users\Magdelen11235\AppData\Roaming\Mozilla\Firefox\Profiles\5m9s41ux.default\cookies.sqlite:\smartadserver.com.5550c4ed";"Found Tracking cookie.Smartadserver";"Potentially dangerous object"
"C:\Users\Magdelen11235\AppData\Roaming\Mozilla\Firefox\Profiles\5m9s41ux.default\cookies.sqlite:\smartadserver.com.c5827141";"Found Tracking cookie.Smartadserver";"Potentially dangerous object"
"C:\Users\Magdelen11235\AppData\Roaming\Mozilla\Firefox\Profiles\5m9s41ux.default\cookies.sqlite:\tribalfusion.com.7610f0e0";"Found Tracking cookie.Tribalfusion";"Potentially dangerous object"
"C:\Users\Magdelen11235\AppData\Roaming\Mozilla\Firefox\Profiles\5m9s41ux.default\cookies.sqlite:\tacoda.net.27341d57";"Found Tracking cookie.Tacoda";"Potentially dangerous object"
"C:\Users\Magdelen11235\AppData\Roaming\Mozilla\Firefox\Profiles\5m9s41ux.default\cookies.sqlite:\tacoda.net.4366831a";"Found Tracking cookie.Tacoda";"Potentially dangerous object"
"C:\Users\Magdelen11235\AppData\Roaming\Mozilla\Firefox\Profiles\5m9s41ux.default\cookies.sqlite:\tacoda.net.5935e89";"Found Tracking cookie.Tacoda";"Potentially dangerous object"
"C:\Users\Magdelen11235\AppData\Roaming\Mozilla\Firefox\Profiles\5m9s41ux.default\cookies.sqlite:\tacoda.net.c4fe2ebb";"Found Tracking cookie.Tacoda";"Potentially dangerous object"
"C:\Users\Magdelen11235\AppData\Roaming\Mozilla\Firefox\Profiles\5m9s41ux.default\cookies.sqlite:\tribalfusion.com.5eef93d0";"Found Tracking cookie.Tribalfusion";"Potentially dangerous object"
"C:\Users\Magdelen11235\AppData\Roaming\Mozilla\Firefox\Profiles\5m9s41ux.default\cookies.sqlite:\tribalfusion.com.8b22ad8c";"Found Tracking cookie.Tribalfusion";"Potentially dangerous object"
"C:\Users\Magdelen11235\AppData\Roaming\Mozilla\Firefox\Profiles\5m9s41ux.default\cookies.sqlite:\tribalfusion.com.9bc3e98f";"Found Tracking cookie.Tribalfusion";"Potentially dangerous object"
"C:\Users\Magdelen11235\AppData\Roaming\Mozilla\Firefox\Profiles\5m9s41ux.default\cookies.sqlite:\tribalfusion.com.dcc03271";"Found Tracking cookie.Tribalfusion";"Potentially dangerous object"
"C:\Users\Magdelen11235\AppData\Roaming\Mozilla\Firefox\Profiles\5m9s41ux.default\cookies.sqlite:\tribalfusion.com.ff8546b9";"Found Tracking cookie.Tribalfusion";"Potentially dangerous object"
"C:\Users\Magdelen11235\AppData\Roaming\Mozilla\Firefox\Profiles\5m9s41ux.default\cookies.sqlite:\zedo.com.27f1639b";"Found Tracking cookie.Zedo";"Potentially dangerous object"
"C:\Users\Magdelen11235\AppData\Roaming\Mozilla\Firefox\Profiles\5m9s41ux.default\cookies.sqlite:\zedo.com.6a4b36ab";"Found Tracking cookie.Zedo";"Potentially dangerous object"
"C:\Users\Magdelen11235\AppData\Roaming\Mozilla\Firefox\Profiles\5m9s41ux.default\cookies.sqlite:\zedo.com.a5b6a132";"Found Tracking cookie.Zedo";"Potentially dangerous object"
"C:\Users\Magdelen11235\AppData\Roaming\Mozilla\Firefox\Profiles\5m9s41ux.default\cookies.sqlite:\zedo.com.c1dd09f2";"Found Tracking cookie.Zedo";"Potentially dangerous object"
"C:\Users\Magdelen11235\AppData\Roaming\Mozilla\Firefox\Profiles\5m9s41ux.default\cookies.sqlite:\zedo.com.f1d14556";"Found Tracking cookie.Zedo";"Potentially dangerous object"
Logged

magdelen11235

  • Guest
Re: Win32: Trojan gen - Not a False Alarm
« Reply #5 on: August 26, 2009, 06:37:03 PM »
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/26/2009 at 12:26 PM

Application Version : 4.27.1002

Core Rules Database Version : 4071
Trace Rules Database Version: 2011

Scan type       : Complete Scan
Total Scan Time : 01:02:13

Memory items scanned      : 679
Memory threats detected   : 0
Registry items scanned    : 5330
Registry threats detected : 0
File items scanned        : 28527
File threats detected     : 1

Trojan.Agent/Gen-PennyStockChaser
   C:\PROGRAM FILES (X86)\CHEAT ENGINE\SYSTEMCALLSIGNAL.EXE
Logged

micky77

  • Guest
Re: Win32: Trojan gen - Not a False Alarm
« Reply #6 on: August 26, 2009, 06:55:01 PM »
Running multiple AV,s at the same time is not a good idea, I see Avast,AVG and Avira. However that aside, can you download,install,update and run a quick scan with MBAM.http://filehippo.com/download_malwarebytes_anti_malware/
Logged

magdelen11235

  • Guest
Re: Win32: Trojan gen - Not a False Alarm
« Reply #7 on: August 26, 2009, 07:32:36 PM »
i have malwarebytes ill use that too
Logged

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89052
  • No support PMs thanks
Re: Win32: Trojan gen - Not a False Alarm
« Reply #8 on: August 26, 2009, 07:48:24 PM »
Lets deal with the problems of multiple AVs, the C:\Windows\Temp\_avast4_ is where avast unpacks archives and content from the web shield for it to be scanned.

So any of the other AVs you have installed can hook the newly created file that avast would be trying to scan and could alert. At best this can cause duplication of scanning and at worst a conflict that could lock up your system.

So you really need to make a choice on what is to be your resident AV and uninstall AVG and Avira ;D

Tracking cookies, potentially dangerous object, a joke.
Don't worry about reported tracking cookies they are a minor issue and not one of security, allow them to be dealt with them though. - See http://en.wikipedia.org/wiki/HTTP_cookie.
Logged
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.3.6108 (build 24.3.8975.762) UI 1.0.801/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

magdelen11235

  • Guest
Re: Win32: Trojan gen - Not a False Alarm
« Reply #9 on: August 26, 2009, 09:00:51 PM »
avast is now the only thing running i will do scan again. avira is uninstalled
Logged

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89052
  • No support PMs thanks
Re: Win32: Trojan gen - Not a False Alarm
« Reply #10 on: August 26, 2009, 09:37:34 PM »
I would clear all Temp files first. When avast completes any scan where it uses the _avast4_ folder, it clears it out, so there shouldn't subsequently be any unp999999.tmp (where 99999, are random numbers) files left.

CCleaner - Temp File Cleaner, etc. or ClearProg - Temp File Cleaner

The most likely reason for them being left behind is the hooking by other AV stopping avast scanning and either alerting or clearing the scanned file.

Logged
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.3.6108 (build 24.3.8975.762) UI 1.0.801/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

magdelen11235

  • Guest
Re: Win32: Trojan gen - Not a False Alarm
« Reply #11 on: August 26, 2009, 09:46:21 PM »
k used ccleaner to delete temporary files. now scanning with avast!
Logged

magdelen11235

  • Guest
Re: Win32: Trojan gen - Not a False Alarm
« Reply #12 on: August 27, 2009, 01:34:52 AM »
nvm problem fixed. techie buddy helped me out. please close thread.
Logged

Offline Tarq57

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3695
  • If at first you don’t succeed; call it version 1.0
Re: Win32: Trojan gen - Not a False Alarm
« Reply #13 on: August 27, 2009, 04:26:33 AM »
You're probably best to edit (modify) your OP and insert something like "[Solved]" into the subject line.
Glad its sorted.
Logged
Windows 10,Windows Firewall,Firefox w/Adblock.
Pages: [1]   Go Up
« previous next »