Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Trojan.VB.VZO


24 Jul 2009   #11

Windows 7 32bit RTM
 
 

which AV you using?


My System SpecsSystem Spec
.

24 Jul 2009   #12
DJG

 

Quote   Quote: Originally Posted by Mercurial View Post
which AV you using?
Hi Mercurial,

I'm using Agnitum's Outpost Security Suite, the latest release which just went public.
My System SpecsSystem Spec
25 Jul 2009   #13

Windows 7 PRO x64
 
 

Quote   Quote: Originally Posted by DJG View Post
Hi Mercurial,

I'm using Agnitum's Outpost Security Suite, the latest release which just went public.
Have you tried a few of the online scanners?
Im sure this has ben resolved due to the newest untouched RTM available so you prob. reinstalled.
Any resolution?
My System SpecsSystem Spec
.


25 Jul 2009   #14
DJG

 

The file is ~.7 GB. I calculate it takes me over 2.5 hrs to upload if all goes well at my 800Kbs upstream rate, and renders the rest of my internet activity pretty useless as it sucks up all my upstream bandwidth. I'm doing one upload to Agnitum - one attempt already got canned as I tried some other internet surfing, and I have to remember not to reboot while this is going on . I'll post when I have more details. Meanwhile my house and tenants need some looking after .
My System SpecsSystem Spec
25 Jul 2009   #15
DJG

 

Well, as I was about to start a new upload marathon, I suddenly had the idea, if it was scanning OK before and then starts scanning positive after the update from 7/23 (verified in two images - I hadn't used 7232 since the 18th, and when I first booted the scan was OK, then after the latest update it scanned positive like in 7600), maybe the new updates would correct a false positive?

Well, I just scanned it again since I've had a bunch of updates since the 23rd, and I'm back to negative again! Woo-hoo! Either way I'll send it to them and have them peruse it.
My System SpecsSystem Spec
25 Jul 2009   #16

ultimate 64 sp1
 
 

all's well that ends well - good to see that it was indeed a false positive

one day AV makers will get it right...
My System SpecsSystem Spec
25 Jul 2009   #17
DJG

 

Quote   Quote: Originally Posted by mickey megabyte View Post
all's well that ends well - good to see that it was indeed a false positive

one day AV makers will get it right...
Yes, and pigs will fly, and the governments (all of them) will be just, efficient and effective, and relatively tax-free . I'm appreciative of AV being part science, part black art .

Well my second upload attempt crapped out also sometime while I was having lunch - I think the file is just too big. I'll see if I get any response in their forum.
My System SpecsSystem Spec
25 Jul 2009   #18

ultimate 64 sp1
 
 

did you say in the OP that the file was part of a zip archive?

can you isolate the 'suspect' file and just upload that, rather than the whole zip?
My System SpecsSystem Spec
25 Jul 2009   #19

Windows 7 Ult x64(x2), HomePrem x32(x4), Server 08 (+VM), 08 R2 (VM) , SuSe 11.2 (VM), XP 32 (VM)
 
 

from what i can tell it might have been a single file in a zip archive from what i can see...

if you are able to recreate the same scenario you could the AV off then scan the folder you extracted the archive too...

and for the AV makers, well Morro is coming out so it turn ugly (and it just out to be good for us consumers as there is a base standard which every commercial AV vendor must at least surpass in order to be profitable...)
My System SpecsSystem Spec
25 Jul 2009   #20
DJG

 

Well, I have been reluctant to do anything that might remotely trigger the potential malware, not even opening the archive with Winzip (I actually have a license, how anal is that!) until I have a better handle on the sitch.

And unfortunately it appears my false positive gone experience wasn't quite true. What happened is I did a file-specific right-click / Scan for malware, and apparently that works different, or possible doesn't work as expected in Win 7 which is still in beta trim for this release. I just did another full system scan and they (I have two copies currently) showed up again.

The good news? The same sig showed up this time three times, the two zip archives, and an OCX in my 7232 partition's SysWOW64, mswinsck.ocx which is a skimpy 106KB. And it matches what might have been installed by that installation ZIP. I'll send that and see what happens now.

BTW, the right-click / Scan for malware gives positive on the OCX file, but not on the ZIP that seems to contain it.


Attached Images
  
My System SpecsSystem Spec
Reply

 Trojan.VB.VZO




Thread Tools



Similar help and support threads for2: Trojan.VB.VZO
Thread Forum
Solved Need some help got a trojan System Security
Is that a Trojan? System Security
trojan BSOD Help and Support
Trojan:Win32/FakeSpypro & Trojan:JS/FakeSpypro System Security
Solved Trojan, Please HELP!!! System Security
Trojan System Security
New trojan System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 04:47 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33