Author Topic: CCleaner Trojans  (Read 160945 times)

0 Members and 1 Guest are viewing this topic.

mauserme

  • Guest
Re: CCleaner Trojans
« Reply #105 on: May 28, 2007, 03:59:50 PM »
Instead of posting the logs navigate to that folder and let me know what files are present.

GrahamE

  • Guest
Re: CCleaner Trojans
« Reply #106 on: May 28, 2007, 04:13:30 PM »
Instead of posting the logs navigate to that folder and let me know what files are present.

Hopefully if I've done it right, there'll be a jpg attached.

mauserme

  • Guest
Re: CCleaner Trojans
« Reply #107 on: May 28, 2007, 04:21:41 PM »
Click on Tools > Folder Options at the top of the window and make sure "Show Hidden Files and Folders" is checked.  The change to a Details view and post a screen shot again.   I would like to see full file names.


I would also like you to try this (more because of the rising prevelenace of a certain root kit than anything I've seen in your logs):

Download - rustbfix.exe ...and save it to your desktop.

Double click on rustbfix.exe to run the tool.
If a Rustock.b-infection is found, you will shortly hereafter be asked to reboot the computer. The reboot will probably take quite a while, and perhaps 2 reboots will be needed. But this will happen automatically.
After the reboot 2 logfiles will open (c:\avenger.txt & c:\rustbfix\pelog.txt). Post the content of these logfiles.

If rustbfix.exe finds nothing, manually check for c:\windows\system\xpdt.sys



EDIT:  I'll be back in a while ...
« Last Edit: May 28, 2007, 04:23:55 PM by mauserme »

GrahamE

  • Guest
Re: CCleaner Trojans
« Reply #108 on: May 28, 2007, 04:28:08 PM »
Click on Tools > Folder Options at the top of the window and make sure "Show Hidden Files and Folders" is checked.  The change to a Details view and post a screen shot again.   I would like to see full file names.

JPG attached. I'll try the rustbfix thing and get back to you.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88787
  • No support PMs thanks
Re: CCleaner Trojans
« Reply #109 on: May 28, 2007, 04:28:53 PM »
Yeah, I can understand that. I suppose that if I turned it off before using CCleaner, I wouldn't have the problems with that either. The only problem I see with that is - how far do you take it? If I turn Avast off completely, I'd never detect a virus, but...
I know what you're saying.  And honestly I never turn off avast! before doing other scans either.

In the past it may not have been a problem as avast specialised in virus detections with limited adware/spyware detections. However now avast is adding adware and spyware signatures like there is no tomorrow, so I think we are seeing some crossover in detections. That is why I always pause standard shield whilst running another third party security scan.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.1.6099 (build 24.1.8821.762) UI 1.0.796/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

mauserme

  • Guest
Re: CCleaner Trojans
« Reply #110 on: May 28, 2007, 04:35:26 PM »
If rustbfix.exe finds nothing, manually check for c:\windows\system\xpdt.sys
This should read c:\windows\system32\xpdt.sys

Sorry about the typo.

GrahamE

  • Guest
Re: CCleaner Trojans
« Reply #111 on: May 28, 2007, 04:38:41 PM »
In the past it may not have been a problem as avast specialised in virus detections with limited adware/spyware detections. However now avast is adding adware and spyware signatures like there is no tomorrow, so I think we are seeing some crossover in detections. That is why I always pause standard shield whilst running another third party security scan.

I understand that could be the problem. It would be nice though to get some sort of official confirmation that the reason for all these false-positives since April 27th is because of that (assuming they are all FP's).

This should read c:\windows\system32\xpdt.sys

ok.  :)

GrahamE

  • Guest
Re: CCleaner Trojans
« Reply #112 on: May 28, 2007, 04:46:21 PM »
If rustbfix.exe finds nothing, manually check for c:\windows\system\xpdt.sys

Nothing found by rustbfix.exe.

No entry for C:\Windows\System32\xpdt.sys

mauserme

  • Guest
Re: CCleaner Trojans
« Reply #113 on: May 29, 2007, 08:24:02 PM »
I see the VPS history shows a second update yesterday fixing definitions and false positives.

Has there been any change on your computer?


GrahamE

  • Guest
Re: CCleaner Trojans
« Reply #114 on: May 30, 2007, 12:21:39 AM »
Has there been any change on your computer?

To be honest, I'm not sure. This is the last avast alert I've had when using CCleaner:

 28/05/2007 17:06:34   SYSTEM   1480   Sign of "Win32:Agent-GWD [Trj]" has been found in "C:\Documents and Settings\GE\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat" file. 

I can't be certain whether this was before or after the update. I haven't been online much today, but I've had nothing so far (come off and used CCleaner 3 times). Everything in the Chest is still alerting as viruses. I don't know whether it's possible for the problem with CCleaner to have been sorted and for the stuff in the Chest to be still recognised and alerted upon.

Is it possible that the stuff that is in the Chest is part of the code for these viruses (coincidentally, perhaps), and because it's in the Chest, it's still recognised as such, while at the same time, when CCleaner cleans and these codes are found, the updates cause Avast to realise that they aren't part of a virus or Trojan, but just a small piece of their codes? Or should the update, if it is to do with this problem, stop the items in the Chest being recognised as well?

I guess we're back on the 'time will tell' road... :-\

GrahamE

  • Guest
Re: CCleaner Trojans
« Reply #115 on: May 30, 2007, 01:29:22 AM »
Doh!!!

I've just found out that my ISP, Tiscali, is having problems with any emails sent from Tiscali accounts. This has apparently been going on since the 25th May for definite, and possibly for some time before that. I wondered why people weren't replying to me. Thank God for that - I was starting to think everyone hated me! (No thanks, I don't need a reply to that bit!  8)).

From what I gather, even though I'm sending stuff through the Avast Chest, it will still go through the Tiscali server. This means that anything I've sent to Avast from that date has not got through to them, and possibly none of it. Is it permitted to use unpleasant language on this Forum? It's hardly surprising they haven't sorted it - they probably don't know about it!!!!!!!!!!!!!!!!!  >:( >:( >:(

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88787
  • No support PMs thanks
Re: CCleaner Trojans
« Reply #116 on: May 30, 2007, 01:39:40 AM »
You could use one of the file hosting sites to upload a couple of samples, I will download and forward them to avast.

Rapidshare file upload -  Host your files with RapidShare FOR FREE! http://rapidshare.com useful if you haven't got an email client (or in your case a problem with your ISP email).

Once uploaded, post the URL link and any password her so they can be downloaded and forwarded.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.1.6099 (build 24.1.8821.762) UI 1.0.796/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

GrahamE

  • Guest
Re: CCleaner Trojans
« Reply #117 on: May 30, 2007, 01:45:34 AM »
Hey, thanks for the offer, that's really nice of you!  :)

Will I be able to upload them straight from the Chest, or do I need to do something first?

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88787
  • No support PMs thanks
Re: CCleaner Trojans
« Reply #118 on: May 30, 2007, 02:07:47 AM »
No the chest is a protected area no application other than avast can do anything in there. You can certain;y point the upload location there but when done, you will find a 0KB file size.

Right click on the files you want to upload and select extract, select a temporary location, create one, call it SuspectFiles (or use an existing one), you could add that to the exclusions when you extract the file standard shield will alert.
That is why I suggest creating the suspect folder and adding that to the exclusions or you will have to pause standard shield for the extraction and possibly the upload, having an exclusions suspect folder is probably the easiest option.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.1.6099 (build 24.1.8821.762) UI 1.0.796/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

GrahamE

  • Guest
Re: CCleaner Trojans
« Reply #119 on: May 30, 2007, 02:25:34 AM »
Sorry, I sort of figured it out while I was waiting, although I didn't add them to the exclusion list, and there was no alert. Odd? They are still being alerted on in the Chest if I scan them.

I uploaded them as single files, so there are a few URLs. Easier if you log in as me I suppose. User name is *******, password is ******** (original to the end!)


EDIT: Thanks again.  :)
« Last Edit: May 30, 2007, 02:58:01 PM by GrahamE »