Avast WEBforum
Other => Viruses and worms => Topic started by: sandman1981 on April 26, 2008, 10:39:47 AM
-
Hi;
I ran Xoftspy on my laptop (Windows Vista Home Premium - 32bit) & found following
Haxdoor.BGN = Trojan
Unregmp2 = Worm
My antivirus (Kaspersky) does not detect them, only XoftSpy does. I don't think I need to tell much here as some of you may have come across Haxdoor before (at least). Xoftspy deletes it but it comes back - an old story.
Now I believe many ppl have asked abt this virus here many times but I wanted to have a fresh response since I find it difficult to go through older threats & posts in it. Tend to get me confused.
I have tried the killbox. It doesn't delete either file.
The locations of the two malware are:
Haxdoor.GBN = C:\windows\system32\win32tm.exe
Unregmp2 in C:\windows\system32\Unregmp2.exe
-
To check if a suspect file is malware, submit the file to VirusTotal (http://www.virustotal.com/) for analysis.
If confirmed as malware by several scanners, you'll need to submit the files to Kaspersky for analysis:
newvirus[at]kaspersky.com
They also have a support forum:
http://forum.kaspersky.com/index.php?act=idx (http://forum.kaspersky.com/index.php?act=idx)
;)
-
Ok let me try
-
virus scan is not recognizing it as a virus. Only XoftSpy is :-\
File w32tm.exe received on 04.26.2008 11:57:39 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/32 (0%)
Antivirus Version Last Update Result
AhnLab-V3 2008.4.25.2 2008.04.25 -
AntiVir 7.8.0.10 2008.04.25 -
Authentium 4.93.8 2008.04.26 -
Avast 4.8.1169.0 2008.04.25 -
AVG 7.5.0.516 2008.04.25 -
BitDefender 7.2 2008.04.26 -
CAT-QuickHeal 9.50 2008.04.26 -
ClamAV 0.92.1 2008.04.26 -
DrWeb 4.44.0.09170 2008.04.26 -
eSafe 7.0.15.0 2008.04.21 -
eTrust-Vet 31.3.5736 2008.04.26 -
Ewido 4.0 2008.04.25 -
F-Prot 4.4.2.54 2008.04.25 -
F-Secure 6.70.13260.0 2008.04.26 -
FileAdvisor 1 2008.04.26 -
Fortinet 3.14.0.0 2008.04.26 -
Ikarus T3.1.1.26 2008.04.26 -
Kaspersky 7.0.0.125 2008.04.26 -
McAfee 5282 2008.04.25 -
Microsoft 1.3408 2008.04.22 -
NOD32v2 3056 2008.04.26 -
Norman 5.80.02 2008.04.25 -
Panda 9.0.0.4 2008.04.26 -
Prevx1 V2 2008.04.26 -
Rising 20.41.50.00 2008.04.26 -
Sophos 4.28.0 2008.04.26 -
Sunbelt 3.0.1056.0 2008.04.17 -
Symantec 10 2008.04.26 -
TheHacker 6.2.92.293 2008.04.26 -
VBA32 3.12.6.5 2008.04.26 -
VirusBuster 4.3.26:9 2008.04.25 -
Webwasher-Gateway 6.6.2 2008.04.26 -
-
I'd say it's probably a false positive identification by Xsoftspy then. You could send the files to them mentioning that they are identified as malware but that nothing on VirusTotal confirms their identification.
-
I have seen ppl remove this malware through HJT & KillBox. Any idea how it is done?
-
Well the file you submitted to VirusTotal is not malware, which means it's probably a legitimate Windows file, which means you really don't want to remove it.
Remove the crappy anti-spyware program that's telling you these programs are malware instead.
Here are some trusted and reliable anti-spyware programs:
Ad-Aware Free (http://www.download.com/3000-2144-10045910.html)
Spybot Search & Destroy (http://www.safer-networking.org/en/download/index.html)
SUPERAntiSpyware Free (http://www.superantispyware.com/)
-
Hmm... I'll download these but I still feel unsatisfied :( This is a brand new laptop I have.
Btw XoftSpy started showing these 2 files from yesterday. Before that it didn't show them. & my old laptop is also infested with the haxdoor.bgn in the same folder & file.
-
You need to contact Xsoftspy because they are telling you these files are malware.
Have you checked the other file at VirusTotal because it's clear w32tm.exe is not malware.
-
Yes I checked the other file also & the virus total did not recognize it as a malware.
As for the XoftSpy, the company has stopped producing it as well as its update. But they r still providing the final update.
I think I should contact them.
-
Then you really need to contact the support people at Xsoftspy.
helpdesk@paretologic.com
-
I have emailed them.
Meanwhile I have gone through various forums with ppl having found at least haxdoor.BGN, in the same directory, with their xoftspy & their files have been recognized as malwares.
-
sandman1981, I don't what start arguing, just share my personal experience. I don't trust on Xoftspy company: false positives and not that good support. I think there are better (and free) products available to do this work, including avast itself.
-
The thing that is bugging me the most is that I found haxdoor.BGN on my older laptop (Acer 1640, WinXP) with Xoftspy. For a while it just set there in the directory (C:\windows\system32\w32tm) but in couple of days it blocked my system restore option, disabled "Hide Files" option (did not allow me to hide anything), disabled drag & drop option & did not allow me give password to my System. I removed the password & it replaced it with logon screen & disabled the logon option. God knows I found a way around to operate my windows.
I am just afraid this might happen to my new laptop as well. So far neither Haxdoor not Unregmp2 has done anything.
-
I am just afraid this might happen to my new laptop as well.
So, you can just try avast full scanning and also SuperAntispyware and/or SpywareTerminator scannings.
Also, consider, on-line scanning with Kaspersky and NOD32.
-
I just downloaded SuperAntiSpyWare. I'll try it but I think XoftSpy will continue to irritate me.
As soon as this is resolved I'll get rid of xoftspy & limewire which I believe is source of many viruses & spywares.
-
As soon as this is resolved I'll get rid of xoftspy & limewire which I believe is source of many viruses & spywares.
I think the same... Other P2P network are cleaner and safer. Also, don't forget to set ashQuick.exe to scan your downloaded files through P2P ;)
-
As soon as this is resolved I'll get rid of xoftspy & limewire which I believe is source of many viruses & spywares.
I think the same... Other P2P network are cleaner and safer. Also, don't forget to set ashQuick.exe to scan your downloaded files through P2P ;)
Will do that.
-
I just came across a forum bashing Xoftspy. May be my c:\windows\system32\w32tm.exe & c:\windows\system32\unregmp2.exe
are not effected by malware & Xoft has lost its mind.
-
I think that what Tech and others have been trying to tell you. The virustotal results would comfirm their opinions. False positive.
-
Ok really hope XoftSpy is wrong & I am going to get rid of it whether its right or wrong once my problem is confirmed by kaspersky people & XoftSpy ppl.
But about an hour ago my laptop got slower. Even the mouse pointer was hanging. I restarted the laptop & connected to the net. MSN signed in quickly as usuall but the browser stopped responding. I ran the SUPERantiSpyWare & restarted & browser started working again. So whats up with this?
-
I'm not sure what is going on. I see you are using kaspersky, correct? Also Tech advized doing a full scan with avast. You don't have both installed do you?
-
I'm not sure what is going on. I see you are using kaspersky, correct? Also Tech advized doing a full scan with avast. You don't have both installed do you?
no I haven't installed avast yet. I am using SuperAntiSpyWare & Kasparsky.
-
Good, I thought perhaps you had both avs. That would have caused problems.
I'm gettiing in here a bit late. What is SAS finding, besides the usual cookies and what type of scan settings are you using?
-
no I haven't installed avast yet. I am using SuperAntiSpyWare & Kasparsky.
To use avast, you need full Kaspersky uninstall:
See: http://forum.avast.com/index.php?topic=12079.15
KAV removal tool: http://www.ice-kav.com/utilities.php
http://www.ice-kav.com/downloads/util/KAV_Registry_Clean.zip
-
Good, I thought perhaps you had both avs. That would have caused problems.
I'm gettiing in here a bit late. What is SAS finding, besides the usual cookies and what type of scan settings are you using?
Ok .. well I don't have avast installed with Kasparsky but the hangups are still coming.
-
What is SAS finding that helps temporally reslove the problem?
-
What is SAS finding that helps temporally reslove the problem?
SAS?
-
SAS?
SuperAntispyware.
-
SAS?
SuperAntispyware.
Oh. SAS result was clean. But it itself was causing hangups so I had to uninstall it.
-
Oh. SAS result was clean. But it itself was causing hangups so I had to uninstall it.
Strange... I'm not informed of recent problems and SAS seems to be running very well side-by-side with avast...
-
I was using SAS with Kaspersky.