False Positive: Win32: Trojan-gen {Other} (Virus/Worm)

[DavidR]

OK let us know the results.

[Fawkes]

I scanned with both programs in safe mode SuperAnti-spyware didn't find anything but Malware bytes did.Here's the log file

Malwarebytes' Anti-Malware 1.30
Database version: 1306
Windows 6.0.6000

11/17/2008 6:30:39 PM
mbam-log-2008-11-17 (18-30-26).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 124164
Time elapsed: 16 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 (Trojan.Agent) -> No action taken.

Files Infected:
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Trojan.Agent) -> No action taken.
C:\RECYCLER\crack_3.exe (Heuristics.Malware) -> No action taken.

[DavidR]

Run it again and allow the detections to be selected (by default they are) and click the Remove selected, that makes a copy in the quarantine and deletes the original.

All this is in one of your recycle bins, the last perhaps of note, cracks are very high risk files, outside of any legal or moral issue of using cracks, they frequently come with uninvited guests, after all who are you going to complain to if you happen to get infected using a crack.

[Fawkes]

So you just want me to run the scan again n tell it to remove all 3 things basically yeah lol?.

[DavidR]

Yes, that's about it as your report has "No action taken" since that is only generated after the scan is complete. You have to run it again to be able to remove them, they appear to be good detections and considering their location Recycler (trash can) they are of little value even assuming it was not a good detection so a no lose scenario.

[Fawkes]

Sweet.Thanks Mate.Just wanted to make sure before I do it lol.

[DavidR]

You're welcome.

[Fawkes]

I did it and I'm scanning again so I'll let ya know what happens.Scanned it a few times and nothing so far.Anything else I should do now?

[DavidR]

No, just continue but monitor activity on your system, any thing out of the ordinary.

Now you have those new tools, use them to back-up avast and improve overall detection, they don't use resources unless they are actually scanning so no real issue there. Weekly update their signatures and then do a scan.

[Fawkes]

ok cool.Just had one other question.Do you think it's alright plug in my ipod to put songs on it or put stuff on my ps3 ? or should I wait awhile?.

Thanks again.Wouldn't have a clue as to what to do if you didn't help me lol.

[DavidR]

I think it probably would, transfer what you want to put on either ipod or ps3 into a temporary folder (Transit, etc. any name) and scan the contents of that folder.

I would also suggest it might be worthwhile scanning the destination drives to make sure there is nothing suspect on those before the transfer.

[Sydney]

Yeah thanks, David. It's always good to read your posts cause your detailed explanations offer information for everyone, not just the person affected by a certain problem !! Syd.

[DavidR]

You're welcome, that's the value of the forums, lots of information there for those who use the search function or browse it

[Fawkes]

Heya David,

Not sure if I can keep on typing in this thread cause technically it's not a false positive I don't think lol.But since you've helped me I haven't had anything pop up until literally just a few minutes ago avast notified me that in C:\users\Gus\AppData\Local that a  Micro-128(whatever that is) was found the original file name is 00000217.Just curious as to what course of action I should take and any idea why I would keep getting this?.

Thanks .

[DavidR]

It would probably be best to keep it separate and create a new post if you need more help after confirming the detection one way or another.

VirusTotal - Multi engine on-line virus scanner and report the findings in the new topic, the URL in the Address bar of the VT results page (if avast and gdata are the only scanners to detect anything). You can't do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect\* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.