« previous next »
Pages: [1]   Go Down

Author Topic: Winbuilder scan showing Trojan horse?  (Read 3941 times)

0 Members and 1 Guest are viewing this topic.

dbknox

  • Guest
Winbuilder scan showing Trojan horse?
« on: February 06, 2008, 05:15:38 PM »
I just updated my "Avast" virus definitions and ran a scan and got several hits I presume these are false positives, here is a copy of the logs.


Quote
01/02/2008 5:08:34 PM Dennis 5400 Sign of "Win32:Agent-RNO [trj]" has been found in "C:\WinBuilder\Projects\Tools\WimUtil.exe" file.
01/02/2008 5:14:54 PM SYSTEM 1900 Sign of "Win32:Agent-RNO [trj]" has been found in "C:\WinBuilder\Projects\Tools\WimUtil.exe" file.
01/02/2008 5:30:28 PM Dennis 5400 Sign of "Win32:Agent-RNO [trj]" has been found in "K:\Downloads Jan 2 2008\VistaPe stuff\WinBuilder\Projects\Tools\WimUtil.exe" file.
01/02/2008 5:47:32 PM Dennis 5952 Sign of "Win32:Agent-RNO [trj]" has been found in "C:\WinBuilder\ISO\VistaPE.iso\sources\boot.wim" file.
01/02/2008 5:48:02 PM Dennis 5952 Sign of "Win32:Agent-RNO [trj]" has been found in "C:\WinBuilder\ISO\VistaPE.iso" file.
01/02/2008 5:48:54 PM Dennis 4420 Sign of "Win32:Agent-RNO [trj]" has been found in "C:\WinBuilder\Target\VistaPE\sources\boot.wim" file.
01/02/2008 7:17:54 PM SYSTEM 1964 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: C:\Windows\System32\conime.exe (C:\Windows\System32\conime.exe) returning error, 00000005.


Has anybody else experienced this?
Logged

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89210
  • No support PMs thanks
Re: Winbuilder scan showing Trojan horse?
« Reply #1 on: February 06, 2008, 06:33:20 PM »
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here. I feel virustotal is the better option as it uses the windows version of avast (more packers supported) and there are currently over 30 different scanners.

If it is indeed a false positive, add it to the exclusions lists: Standard Shield, Customize, Advanced, Add and Program Settings, Exclusions Restore it to its original location, periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the Standard Shield and Program Settings, exclusions.

Send the sample to virus@avast.com zipped and password protected with the password in email body, a link to this topic might help and false positive in the subject.

Or you can send it from the chest (select the file, right click, email to Alwil Software). No need to zip and PW protect when the sample is sent from chest. A copy of the file/s will remain in the original location, so any further action you take can remove that.
Logged
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.4.6112 (build 24.4.9067.762) UI 1.0.803/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Maxx_original

  • Moderator
  • Super Poster
  • *
  • Posts: 1479
Re: Winbuilder scan showing Trojan horse?
« Reply #2 on: February 06, 2008, 10:38:33 PM »
virustotal was dead for a few days (i don't know if it is fully available for all geo-IP locations now), you can try also http:// virusscan.jotti.org ;)
Logged

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89210
  • No support PMs thanks
Re: Winbuilder scan showing Trojan horse?
« Reply #3 on: February 07, 2008, 12:18:38 AM »
VT is up now, I just uploaded a test file.
Logged
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.4.6112 (build 24.4.9067.762) UI 1.0.803/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

dbknox

  • Guest
Re: Winbuilder scan showing Trojan horse?
« Reply #4 on: February 07, 2008, 02:32:17 AM »
Hi guys, appreciate the help I am on dial-up so I sent the smallest file this is the result see below not picked up by too many others. Also one of the files that had a hit was VistaPe it was of course too large for me to upload.

Antivirus   Version   Last Update   Result
AhnLab-V3   2008.2.6.10   2008.02.05   -
AntiVir   7.6.0.62   2008.02.06   -
Authentium   4.93.8   2008.02.05   -
Avast   4.7.1098.0   2008.02.06   Win32:Agent-RNO
AVG   7.5.0.516   2008.02.06   -
BitDefender   7.2   2008.02.06   -
CAT-QuickHeal   9.00   2008.02.04   -
ClamAV   0.92   2008.02.06   -
DrWeb   4.44.0.09170   2008.02.06   -
eSafe   7.0.15.0   2008.01.28   suspicious Trojan/Worm
eTrust-Vet   31.3.5512   2008.02.05   -
Ewido   4.0   2008.02.06   -
FileAdvisor   1   2008.02.06   -
Fortinet   3.14.0.0   2008.02.06   -
F-Prot   4.4.2.54   2008.02.05   -
F-Secure   6.70.13260.0   2008.02.06   -
Ikarus   T3.1.1.20   2008.02.06   Win32.HLLW.Spreader.17
Kaspersky   7.0.0.125   2008.02.06   -
McAfee   5224   2008.02.06   -
Microsoft   1.3204   2008.02.06   -
NOD32v2   2853   2008.02.06   -
Norman   5.80.02   2008.02.06   -
Panda   9.0.0.4   2008.02.05   -
Prevx1   V2   2008.02.06   Heuristic: Suspicious File With Anti-Security Technology
Rising   20.29.22.00   2008.01.30   -
Sophos   4.26.0   2008.02.06   -
Sunbelt   2.2.907.0   2008.02.05   -
Symantec   10   2008.02.06   -
TheHacker   6.2.9.210   2008.02.06   -
VBA32   3.12.6.0   2008.02.06   -
VirusBuster   4.3.26:9   2008.02.06   -
Webwasher-Gateway   6.6.2   2008.02.06   -
Additional information
File size: 666398 bytes
Logged
Pages: [1]   Go Up
« previous next »