Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Trojan.Agent/Gen-FakeAlert

20 Jun 2013   #1
ROBO731

Windows 7 Home Premium x64
 
 
Trojan.Agent/Gen-FakeAlert

Within the past few days my computer has been freezing which is something that has never happened before. The only solution to the issue was to reboot. Today I decided to do some virus scans. I used avast, then malwarebytes, then superantispyware. Only superantispyware turned up any results. Here's the log it produced:

Quote:
SUPERAntiSpyware Scan Log
SUPERAntiSpyware | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

Generated 06/20/2013 at 11:13 PM

Application Version : 5.6.1020

Core Rules Database Version : 10549
Trace Rules Database Version: 8361

Scan type : Complete Scan
Total Scan Time : 00:46:58

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned : 585
Memory threats detected : 0
Registry items scanned : 77076
Registry threats detected : 0
File items scanned : 117142
File threats detected : 26

Adware.Tracking Cookie
D:\Users\Robert\AppData\Roaming\Microsoft\Windows\Cookies\GLG0GQ0I.txt [ /ru4.com ]
D:\Users\Robert\AppData\Roaming\Microsoft\Windows\Cookies\DZ5SBAO8.txt [ /advertising.com ]
D:\Users\Robert\AppData\Roaming\Microsoft\Windows\Cookies\M6V4YSHW.txt [ /apmebf.com ]
D:\Users\Robert\AppData\Roaming\Microsoft\Windows\Cookies\PQR60DPT.txt [ /specificclick.net ]
D:\Users\Robert\AppData\Roaming\Microsoft\Windows\Cookies\JQ021N6Z.txt [ /ad.yieldmanager.com ]
D:\Users\Robert\AppData\Roaming\Microsoft\Windows\Cookies\DVWC5FT6.txt [ /atdmt.com ]
D:\Users\Robert\AppData\Roaming\Microsoft\Windows\Cookies\00S4DABN.txt [ /at.atwola.com ]
D:\Users\Robert\AppData\Roaming\Microsoft\Windows\Cookies\5OHAND8T.txt [ /bs.serving-sys.com ]
D:\Users\Robert\AppData\Roaming\Microsoft\Windows\Cookies\6KWD7MDK.txt [ /imrworldwide.com ]
D:\Users\Robert\AppData\Roaming\Microsoft\Windows\Cookies\5ZLW2PBV.txt [ /questionmarket.com ]
D:\Users\Robert\AppData\Roaming\Microsoft\Windows\Cookies\2R1TBZ2O.txt [ /invitemedia.com ]
D:\Users\Robert\AppData\Roaming\Microsoft\Windows\Cookies\RO8ZEXH9.txt [ /insightexpressai.com ]
D:\Users\Robert\AppData\Roaming\Microsoft\Windows\Cookies\0M01F476.txt [ /a1.interclick.com ]
D:\Users\Robert\AppData\Roaming\Microsoft\Windows\Cookies\JYEDONKC.txt [ /burstnet.com ]
D:\Users\Robert\AppData\Roaming\Microsoft\Windows\Cookies\22YCPXRJ.txt [ /fastclick.net ]
D:\Users\Robert\AppData\Roaming\Microsoft\Windows\Cookies\D804ZI2M.txt [ /ads.pointroll.com ]
D:\Users\Robert\AppData\Roaming\Microsoft\Windows\Cookies\O9VVP291.txt [ /doubleclick.net ]
D:\Users\Robert\AppData\Roaming\Microsoft\Windows\Cookies\SWF5GGLD.txt [ /casalemedia.com ]
D:\Users\Robert\AppData\Roaming\Microsoft\Windows\Cookies\XZH3D6RH.txt [ /mediaplex.com ]
D:\Users\Robert\AppData\Roaming\Microsoft\Windows\Cookies\LUUJV17K.txt [ /pointroll.com ]
D:\Users\Robert\AppData\Roaming\Microsoft\Windows\Cookies\OXVECQP8.txt [ /tribalfusion.com ]
D:\Users\Robert\AppData\Roaming\Microsoft\Windows\Cookies\O1LXQCWI.txt [ /interclick.com ]
accounts.google.com [ D:\USERS\ROBERT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DJVFV4GO.DEFAULT\COOKIES.SQLITE ]
accounts.google.com [ D:\USERS\ROBERT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DJVFV4GO.DEFAULT\COOKIES.SQLITE ]
accounts.google.com [ D:\USERS\ROBERT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DJVFV4GO.DEFAULT\COOKIES.SQLITE ]

Trojan.Agent/Gen-FakeAlert[Local]
D:\USERS\ROBERT\APPDATA\LOCAL\TEMP\RAR$EXA0.063\AISUITE_II_V20101_SA_Z77_XPWIN7_8\MYLOGO\APPSETUP\PE UPDATER\COMPAL\32\AFUWIN.EXE
The thing that caught my attention was obviously the result at the bottom. As you can see this is from a folder which was generated when I extracted Asus' AI Suite II. This is the first time I've run scans within 13-14 days and withing that 13-14 day period I have updates this software. At first I thought this was a false positive since AI Suite II is trusted software, but I can see why it might be a legitimate threat since my computer has been freezing recently. I have removed the threat using superantispyware and I can no longer find the folder that the file was hiding in. Do you think this was a legitimate threat that I should be concerned about?


My System SpecsSystem Spec
.
20 Jun 2013   #2
VistaKing

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

ROBO731


Run ESET Online Scanner

On
Hold down Control and click on ESET Online Scanner to open ESET OnlineScan in a new window
Click the button
Check YES, I accept the Terms of Use.
Click the Start button.
Accept any security warnings from your browser.
Under scan settings, check "Scan Archives" and "Remove found threats"
Click Advanced settings and select the following:
Scan potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth technology
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click List Threats
Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Click the Back button.
Click the Finish button.

On or

Click on http://download.eset.com/special/eos...taller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
Right click on choose on your desktop
Check YES, I accept the Terms of Use.
Click the Start button.
Accept any security warnings from your browser.
Under scan settings, check "Scan Archives" and "Remove found threats"
Click Advanced settings and select the following:
Scan potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth technology
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click List Threats
Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Click the Back button.
Click the Finish button.
My System SpecsSystem Spec
21 Jun 2013   #3
ROBO731

Windows 7 Home Premium x64
 
 

Okay. Here's the report, It didn't turn up anything to do with the result that superantispyware removed, but it found several other threats.


Attached Files
File Type: txt ESETscan.txt (1.0 KB, 10 views)
My System SpecsSystem Spec
.

21 Jun 2013   #4
VistaKing

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

Did you run any hardware scans ?

Memory test
My System SpecsSystem Spec
21 Jun 2013   #5
ROBO731

Windows 7 Home Premium x64
 
 

Okay. I will run this tonight since it says that it can take several hours and I have 16 GB of RAM. Are you able to tell me a bit about those other threats that have been found.
My System SpecsSystem Spec
21 Jun 2013   #6
VistaKing

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

Looked liked executables to software except for one that was a temp file with a random number on the name .
My System SpecsSystem Spec
21 Jun 2013   #7
ROBO731

Windows 7 Home Premium x64
 
 

I looked up the Win32/OpenCandy result and it doesn't really concern me. It's nice to have it removed, but it's not that big a deal to me. I was already aware that my android backups contained viruses, but I don't think they are doing anything to my computer.

Do you think that the threat detected by superantispyware was a file which became infected or do you think that the file came like that?

Thanks for all the help so far.
My System SpecsSystem Spec
21 Jun 2013   #8
VistaKing

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

Where did you get those executables ?


Download HitManPro

64-Bit Version OS HitmanPro x64

Drag the HitmanProx64.exe from your Downloads folder to your Desktop

Right click on HitmanPro.exe and choose Run as administrator

When HitmanPro opens up

Click on the Settings button , uncheck Scan for Tracking Cookies click on the OK button

Click on the Next button

Click on No, I only want to perform a one-time scan to check this computer on the Setup page . Click Next once done .

Let it scan the PC once its done Click Next

Click Activate free license to start the free 30 days trial and remove all the malicious files from your computer then click Next
My System SpecsSystem Spec
21 Jun 2013   #9
ROBO731

Windows 7 Home Premium x64
 
 

I tried to edit post #7 but you saw it before it was finished. I'm not sure about how the first 3 results came about but the last five are all installers for programs. The HitManPro scan is running now.
My System SpecsSystem Spec
21 Jun 2013   #10
ROBO731

Windows 7 Home Premium x64
 
 

The scan finished it only turned up a result for softonic which is a third party program installer (I think).
My System SpecsSystem Spec
Reply

 Trojan.Agent/Gen-FakeAlert




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Trojan called 'Trojan.Generic.2582177' on my system
Hi, I have Window7 Ultimate 64 bit on my system. I use Bitfender as my antivirus software. This morning it informed me that it has found a file infected with a virus called 'Trojan.Generic.2582177' which it cannot clean. I've contacted Bitfender to see if they know what I should do but haven't...
System Security
Trojan.Agent/Gen-Faldesc
Hello there guys, In a few words, I just try to find if this kind of malware/virus is it still in a PC. The SUPERAntiSpyware has found an .exe/.pf file and successfully removed ,but I was wonder if this thread can be somwhere in background running also in different kind of file extensions (not so...
System Security
Need help removing trojan.agent.cn
Help please. I'm using Malware Bytes and every restart it quarantines this trojan as svchost.exe How can I remove it completely?
System Security
Can't delete reg trojan.agent (Malwarebytes)
Hello, I ran a full system scan with malwarebytes and found this: Registry Keys Detected: 1 HKCU\Software\Microsoft\Windows\CurrentVersion\Run (Trojan.Agent) -> Quarantined and deleted successfully. malwarebytes then prompted me to restart my computer, so I did. I ran the scan after...
System Security
Trojan.Agent
Hi Everyone - Cannot belive this! Just did a MBam quick scan and found a new item. Can anyone identify it? I removed both items and the computer needed to reboot and now I am unsure how to retrieve the log for your review. Thanks, Sally
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 03:37.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App