Author Topic: Win32:Agent-PBF[Trj]  (Read 8941 times)

0 Members and 1 Guest are viewing this topic.

billzant

  • Guest
Win32:Agent-PBF[Trj]
« on: August 19, 2008, 07:41:37 AM »
Dear Avast Forum,

I am using Avast 4.8 Home, and it has registered a file containing this trojan - Win32:Agent-PBF[trj].

I have moved it to the chest.

I would like to use the file.

Online it suggested that the fault lay with Avast.

Is there any way I can remove/ be sure there is no trojan.

Hope you are keeping well,

All the Best

Bill Z

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89353
  • No support PMs thanks
Re: Win32:Agent-PBF[Trj]
« Reply #1 on: August 19, 2008, 03:56:59 PM »
What is the infected/suspect file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ? 
Check the avast! Log Viewer (right click the avast 'a' icon), Warning section, this contains information on all avast detections.

Why would you like to use it ?
What on-line suggests the fault lies with avast ?

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here. You can't do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect\* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.

If it is indeed a false positive, see http://forum.avast.com/index.php?topic=34950.msg293451#msg293451, how to report it to avast! and what to do to exclude them until the problem is corrected.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

billzant

  • Guest
Re: Win32:Agent-PBF[Trj]
« Reply #2 on: August 19, 2008, 04:18:15 PM »
Dear David,

Thanks for the advice.

The file, a key generator, is not from a reputable source, but I was hoping to use it.

Trojan remover was blocked from accessing it, and when I unzipped the file and clicked no action on Avast and then tried to send the result to VirusTotal was unable to do so.

I am now convinced the file is infected and will not attempt to use it.

There was a thread from a similar source that I considered not reputable which suggested that Avast saw key generators as trojans, I was hoping there was some way I could test this. As far as I am concerned you have shown me sufficient for me to be foolish to proceed further.

Thanks again for your help.

Hope you are keeping well,

All the Best

Bill Z



Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89353
  • No support PMs thanks
Re: Win32:Agent-PBF[Trj]
« Reply #3 on: August 19, 2008, 04:33:04 PM »
No problem, glad I could help.

Key Generators, apart form the moral and legal issues of using them to avoid paying for a product are rife with unwelcome gifts (read malware). The proverbial trojan, who are you going to complain too if you get infected using a key generator.

Welcome to the forums.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

billzant

  • Guest
Re: Win32:Agent-PBF[Trj]
« Reply #4 on: August 19, 2008, 04:46:28 PM »
David,

Thanks again.

Hope you are keeping well,

All the Best

Bill Z

wyrmrider

  • Guest
Re: Win32:Agent-PBF[Trj]
« Reply #5 on: August 19, 2008, 09:44:50 PM »
to test this...

Update avast rt click the ball and schedule a boot time scan
report back
a scan with MBAM and Super Anti spy would not hurt
let's see if they target your key gen- does Spybot?

did you upload the file to Virus Total?

billzant

  • Guest
Re: Win32:Agent-PBF[Trj]
« Reply #6 on: August 20, 2008, 08:13:14 AM »
Dear Wyrmryider,

I unzipped the downoad, and the Avast screen said I had the Trojan. I clicked no action.

I ran SuperAnti-spyware, and it said no infected files

I don’t know MBAM

Before I could not upload the file to Virus Total, this time I could receiving this report

http://www.virustotal.com/analisis/502eb8d43a547dd873cfcab4b8c31f5d

with many viruses found by different anti-virus software. It had been known for two years .

The schedule boot-time scan found the Trojan, and I tried to repair it, failed and deleted the file.

Thanks for the help.

Hope you are keeping well,

All the Best

Bill Z

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89353
  • No support PMs thanks
Re: Win32:Agent-PBF[Trj]
« Reply #7 on: August 20, 2008, 03:51:53 PM »
Well the VT results back-up avast detection and some report it as a backdoor, which leaves a route of entry for more malicious software, not nice.

Trojans generally can't be repaired (either by the VRDB or avast virus cleaner), because the entire content of the file is malware, so it is either move to chest or delete, move to the chest being the best option (first do no harm). When a file is in the chest it can't do any harm and you can investigate the infected warning.

The VRDB only protects certain files, mainly .exe files, it doesn't protect data files or all files, it is not a back-up program, so there are going to be many occasions where repair won't be an option.

Only true virus infection can be repaired, e.g. when a virus infects a file it adds a small part to it, provided that file is one that avast's VRDB would monitor and you have run the VRDB, then it may be possible to repair the file to its uninfected state.

However, for the most part so called viruses, trojans (adware/spyware/malware, etc.) can't be repaired because the complete content of the file is malicious.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

billzant

  • Guest
Re: Win32:Agent-PBF[Trj]
« Reply #8 on: August 20, 2008, 04:48:14 PM »
Dear David R,

Interesting. Basically you are saying the file I wanted wasn't there in the first place. Effectively the dowload was a mechanism for transporting the virus. Is this a deterrent to stop downloading?

Thanks again for your help.

Hope you are keeping well,

All the Best

Bill Z

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89353
  • No support PMs thanks
Re: Win32:Agent-PBF[Trj]
« Reply #9 on: August 20, 2008, 04:59:42 PM »
You're welcome.

It isn't a total deterrent against downloads (a good tool though) as the web shield only filters and scans http port 80 traffic, like that coming down from a web site, into your browser cache and displayed on your browser (or run).

The web shield filters it before it gets into the browser cache and can stop it at that point before it gets on to your system. Prevention is much better than cure and that is what the web shield and some of the other shields try to do, keep it off your system.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

wyrmrider

  • Guest
Re: Win32:Agent-PBF[Trj]
« Reply #10 on: August 20, 2008, 06:18:00 PM »
Malware bytes anti malware free is a great scanner to have in your bag of tricks
and as with SAS
no resources unless you run them
give it a shot

If you are Downloading questionable stuff set Avast Net scanner on High
also think about a resident antispyware
Windows Defender
Spybot T-timer
Spyware terminator (do not load the toolbar etc)
malware bytes MBAM or SAS paid
Sunbelt Counterspy paid (without AV)
At the very least Win-Patrol- very light on resources and very helpful

or HIPS

let us know results of MBAM scan if anything