Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Trojan.VB.VZO

24 Jul 2009   #11
Mercurial

Windows 7 32bit RTM
 
 

which AV you using?


My System SpecsSystem Spec
.
24 Jul 2009   #12
DJG

 

Quote   Quote: Originally Posted by Mercurial View Post
which AV you using?
Hi Mercurial,

I'm using Agnitum's Outpost Security Suite, the latest release which just went public.
My System SpecsSystem Spec
25 Jul 2009   #13
ussj4brolli

Windows 7 PRO x64
 
 

Quote   Quote: Originally Posted by DJG View Post
Hi Mercurial,

I'm using Agnitum's Outpost Security Suite, the latest release which just went public.
Have you tried a few of the online scanners?
Im sure this has ben resolved due to the newest untouched RTM available so you prob. reinstalled.
Any resolution?
My System SpecsSystem Spec
.

25 Jul 2009   #14
DJG

 

The file is ~.7 GB. I calculate it takes me over 2.5 hrs to upload if all goes well at my 800Kbs upstream rate, and renders the rest of my internet activity pretty useless as it sucks up all my upstream bandwidth. I'm doing one upload to Agnitum - one attempt already got canned as I tried some other internet surfing, and I have to remember not to reboot while this is going on . I'll post when I have more details. Meanwhile my house and tenants need some looking after .
My System SpecsSystem Spec
25 Jul 2009   #15
DJG

 

Well, as I was about to start a new upload marathon, I suddenly had the idea, if it was scanning OK before and then starts scanning positive after the update from 7/23 (verified in two images - I hadn't used 7232 since the 18th, and when I first booted the scan was OK, then after the latest update it scanned positive like in 7600), maybe the new updates would correct a false positive?

Well, I just scanned it again since I've had a bunch of updates since the 23rd, and I'm back to negative again! Woo-hoo! Either way I'll send it to them and have them peruse it.
My System SpecsSystem Spec
25 Jul 2009   #16
mickey megabyte

ultimate 64 sp1
 
 

all's well that ends well - good to see that it was indeed a false positive

one day AV makers will get it right...
My System SpecsSystem Spec
25 Jul 2009   #17
DJG

 

Quote   Quote: Originally Posted by mickey megabyte View Post
all's well that ends well - good to see that it was indeed a false positive

one day AV makers will get it right...
Yes, and pigs will fly, and the governments (all of them) will be just, efficient and effective, and relatively tax-free . I'm appreciative of AV being part science, part black art .

Well my second upload attempt crapped out also sometime while I was having lunch - I think the file is just too big. I'll see if I get any response in their forum.
My System SpecsSystem Spec
25 Jul 2009   #18
mickey megabyte

ultimate 64 sp1
 
 

did you say in the OP that the file was part of a zip archive?

can you isolate the 'suspect' file and just upload that, rather than the whole zip?
My System SpecsSystem Spec
25 Jul 2009   #19
darkassain

Windows 7 Ult x64(x2), HomePrem x32(x4), Server 08 (+VM), 08 R2 (VM) , SuSe 11.2 (VM), XP 32 (VM)
 
 

from what i can tell it might have been a single file in a zip archive from what i can see...

if you are able to recreate the same scenario you could the AV off then scan the folder you extracted the archive too...

and for the AV makers, well Morro is coming out so it turn ugly (and it just out to be good for us consumers as there is a base standard which every commercial AV vendor must at least surpass in order to be profitable...)
My System SpecsSystem Spec
25 Jul 2009   #20
DJG

 

Well, I have been reluctant to do anything that might remotely trigger the potential malware, not even opening the archive with Winzip (I actually have a license, how anal is that!) until I have a better handle on the sitch.

And unfortunately it appears my false positive gone experience wasn't quite true. What happened is I did a file-specific right-click / Scan for malware, and apparently that works different, or possible doesn't work as expected in Win 7 which is still in beta trim for this release. I just did another full system scan and they (I have two copies currently) showed up again.

The good news? The same sig showed up this time three times, the two zip archives, and an OCX in my 7232 partition's SysWOW64, mswinsck.ocx which is a skimpy 106KB. And it matches what might have been installed by that installation ZIP. I'll send that and see what happens now.

BTW, the right-click / Scan for malware gives positive on the OCX file, but not on the ZIP that seems to contain it.


Attached Images
  
My System SpecsSystem Spec
Reply

 Trojan.VB.VZO




Thread Tools




Similar help and support threads
Thread Forum
Trojan called 'Trojan.Generic.2582177' on my system
Hi, I have Window7 Ultimate 64 bit on my system. I use Bitfender as my antivirus software. This morning it informed me that it has found a file infected with a virus called 'Trojan.Generic.2582177' which it cannot clean. I've contacted Bitfender to see if they know what I should do but haven't...
System Security
Need some help got a trojan
Hello, First off sorry if this is in wrong area. My parents have got a trojan ( Smart internet protection) even tho they was protected using Mcafee internet security. Anyways, when i tried to open mcafee to run a system scan it would not let me. I don't know any thing about what to do, i have...
System Security
Trojan:Win32/FakeSpypro & Trojan:JS/FakeSpypro
A little help,please.Got this trojan earlier.It disabled MSE,MBAM,Internet,CCleaner,and pretty much anything .exe.Claimed everything was infected...so says whatever fake AV program that came with it.(I wish I could figure out how to use the indention tool here)I had to restart,open task manager...
System Security
Trojan, Please HELP!!!
Well, I’m a little embarrassed to say, I’ve been hit with a rather nasty Trojan. McAfee detected it right away, and I told it to quarantine the junk, and I assumed it had… until IE kept opening with random junk pages I didn’t prompt it to open. :mad: I therefore, did not write down the name of...
System Security
Trojan
Hi, This other day I downloaded a file that raped my system, causing me to lose access to any .exe file aswell as the task manager. My internet was also terminated. How do I remove this menace? I scanned with AVG Free and Superantispyware but to no avail. I have DDS and HiJackThis, but...
System Security
New trojan
Hi, there's this new trojan which I found on a website. Its filename is Bookmark.exe. Strange is that only 22/40 anti malware engines were able to detect it. Currently, I was trying Norton 360 beta 4 which has failed to detect it. :shock: So far, this trojan has changed my IE8 homepage. Not...
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 08:54.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App