Author Topic: ADWARE (Read 1859 times)

visim4a1 · « **on:** August 29, 2012, 09:11:45 PM »

Malwarebytes says that HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|SonyAgent is infected with Trojan.Downloader.Gen
Avast is unable to detect it as a virus.How can I find that file and submit it virus lab for further analises?

polonus · « **Reply #1 on:** August 29, 2012, 09:33:25 PM »

Hi visim4a1,

Sent the file to virus AT avast dot com and attach the file zipped and put the password in the message,

polonus

Was it this new virus? Saw it mentioned at http://regrunreanimator.com/newvirus
Trojan Crypt – npf.sys – c6c3175d5819ee53d1319f6f2105bd32
August 27, 2012 by Alex NightWatcher · Leave a Comment
Filed under: Trojan
Trojan Crypt Also known as: Trojan Kryptik, Trojan DNAScan SHA256: d84942608ff3d2e2a1ccdd56a90137dc7910ce3b879c0a5f16b89f16a64c5041 SHA1: 6b30d53b476ec8d1d52b413ba2d9f74c9a8823f8 MD5: c6c3175d5819ee53d1319f6f2105bd32 File size: 840704 bytes Created files: %SysDir%\drivers\npf.sys – Trojan Crypt Trojan Crypt created autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\SonyAgent: C6C3175D5819EE53D1319F6F2105BD32.EXE

polonus

Pondus · « **Reply #2 on:** August 29, 2012, 09:43:53 PM »

well ....if you removed it with MBAM then you find it in MBAM quarantine.....
and if you have it in quarantine avast can not detect it ....even if it normaly would

visim4a1 · « **Reply #3 on:** August 29, 2012, 10:04:35 PM »

The problem is that MBAM has no option to extract file from quarantine ,just to restore them.Once I sent the file to MBAM's quarantine and then I restored it in order to submit to avast lab.In this moment that virus is free in my computer.I know its location ,but im unable to locate it.
Location : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|SonyAgent

Author Topic: ADWARE (Read 1859 times)

visim4a1

ADWARE

polonus

Re: ADWARE

Pondus

Re: ADWARE

visim4a1

Re: ADWARE