Trojan.Agent/Gen-FakeAlert

Page 1 of 6 123 ... LastLast

  1. Posts : 223
    Windows 7 Home Premium x64
       #1

    Trojan.Agent/Gen-FakeAlert


    Within the past few days my computer has been freezing which is something that has never happened before. The only solution to the issue was to reboot. Today I decided to do some virus scans. I used avast, then malwarebytes, then superantispyware. Only superantispyware turned up any results. Here's the log it produced:

    SUPERAntiSpyware Scan Log
    SUPERAntiSpyware | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

    Generated 06/20/2013 at 11:13 PM

    Application Version : 5.6.1020

    Core Rules Database Version : 10549
    Trace Rules Database Version: 8361

    Scan type : Complete Scan
    Total Scan Time : 00:46:58

    Operating System Information
    Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
    UAC On - Limited User

    Memory items scanned : 585
    Memory threats detected : 0
    Registry items scanned : 77076
    Registry threats detected : 0
    File items scanned : 117142
    File threats detected : 26

    Adware.Tracking Cookie
    D:\Users\Robert\AppData\Roaming\Microsoft\Windows\Cookies\GLG0GQ0I.txt [ /ru4.com ]
    D:\Users\Robert\AppData\Roaming\Microsoft\Windows\Cookies\DZ5SBAO8.txt [ /advertising.com ]
    D:\Users\Robert\AppData\Roaming\Microsoft\Windows\Cookies\M6V4YSHW.txt [ /apmebf.com ]
    D:\Users\Robert\AppData\Roaming\Microsoft\Windows\Cookies\PQR60DPT.txt [ /specificclick.net ]
    D:\Users\Robert\AppData\Roaming\Microsoft\Windows\Cookies\JQ021N6Z.txt [ /ad.yieldmanager.com ]
    D:\Users\Robert\AppData\Roaming\Microsoft\Windows\Cookies\DVWC5FT6.txt [ /atdmt.com ]
    D:\Users\Robert\AppData\Roaming\Microsoft\Windows\Cookies\00S4DABN.txt [ /at.atwola.com ]
    D:\Users\Robert\AppData\Roaming\Microsoft\Windows\Cookies\5OHAND8T.txt [ /bs.serving-sys.com ]
    D:\Users\Robert\AppData\Roaming\Microsoft\Windows\Cookies\6KWD7MDK.txt [ /imrworldwide.com ]
    D:\Users\Robert\AppData\Roaming\Microsoft\Windows\Cookies\5ZLW2PBV.txt [ /questionmarket.com ]
    D:\Users\Robert\AppData\Roaming\Microsoft\Windows\Cookies\2R1TBZ2O.txt [ /invitemedia.com ]
    D:\Users\Robert\AppData\Roaming\Microsoft\Windows\Cookies\RO8ZEXH9.txt [ /insightexpressai.com ]
    D:\Users\Robert\AppData\Roaming\Microsoft\Windows\Cookies\0M01F476.txt [ /a1.interclick.com ]
    D:\Users\Robert\AppData\Roaming\Microsoft\Windows\Cookies\JYEDONKC.txt [ /burstnet.com ]
    D:\Users\Robert\AppData\Roaming\Microsoft\Windows\Cookies\22YCPXRJ.txt [ /fastclick.net ]
    D:\Users\Robert\AppData\Roaming\Microsoft\Windows\Cookies\D804ZI2M.txt [ /ads.pointroll.com ]
    D:\Users\Robert\AppData\Roaming\Microsoft\Windows\Cookies\O9VVP291.txt [ /doubleclick.net ]
    D:\Users\Robert\AppData\Roaming\Microsoft\Windows\Cookies\SWF5GGLD.txt [ /casalemedia.com ]
    D:\Users\Robert\AppData\Roaming\Microsoft\Windows\Cookies\XZH3D6RH.txt [ /mediaplex.com ]
    D:\Users\Robert\AppData\Roaming\Microsoft\Windows\Cookies\LUUJV17K.txt [ /pointroll.com ]
    D:\Users\Robert\AppData\Roaming\Microsoft\Windows\Cookies\OXVECQP8.txt [ /tribalfusion.com ]
    D:\Users\Robert\AppData\Roaming\Microsoft\Windows\Cookies\O1LXQCWI.txt [ /interclick.com ]
    accounts.google.com [ D:\USERS\ROBERT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DJVFV4GO.DEFAULT\COOKIES.SQLITE ]
    accounts.google.com [ D:\USERS\ROBERT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DJVFV4GO.DEFAULT\COOKIES.SQLITE ]
    accounts.google.com [ D:\USERS\ROBERT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DJVFV4GO.DEFAULT\COOKIES.SQLITE ]

    Trojan.Agent/Gen-FakeAlert[Local]
    D:\USERS\ROBERT\APPDATA\LOCAL\TEMP\RAR$EXA0.063\AISUITE_II_V20101_SA_Z77_XPWIN7_8\MYLOGO\APPSETUP\PE UPDATER\COMPAL\32\AFUWIN.EXE
    The thing that caught my attention was obviously the result at the bottom. As you can see this is from a folder which was generated when I extracted Asus' AI Suite II. This is the first time I've run scans within 13-14 days and withing that 13-14 day period I have updates this software. At first I thought this was a false positive since AI Suite II is trusted software, but I can see why it might be a legitimate threat since my computer has been freezing recently. I have removed the threat using superantispyware and I can no longer find the folder that the file was hiding in. Do you think this was a legitimate threat that I should be concerned about?
      My Computer


  2. Posts : 6,830
    Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
       #2

    ROBO731


    Run ESET Online Scanner

    On
    Hold down Control and click on ESET Online Scanner to open ESET OnlineScan in a new window
    Click the button
    Check YES, I accept the Terms of Use.
    Click the Start button.
    Accept any security warnings from your browser.
    Under scan settings, check "Scan Archives" and "Remove found threats"
    Click Advanced settings and select the following:
    ° Scan potentially unwanted applications
    ° Scan for potentially unsafe applications
    ° Enable Anti-Stealth technology
    ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    When the scan completes, click List Threats
    Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    Click the Back button.
    Click the Finish button.

    On or

    Click on http://download.eset.com/special/eos...taller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    Right click on choose on your desktop
    Check YES, I accept the Terms of Use.
    Click the Start button.
    Accept any security warnings from your browser.
    Under scan settings, check "Scan Archives" and "Remove found threats"
    Click Advanced settings and select the following:
    ° Scan potentially unwanted applications
    ° Scan for potentially unsafe applications
    ° Enable Anti-Stealth technology
    ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    When the scan completes, click List Threats
    Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    Click the Back button.
    Click the Finish button.
      My Computer


  3. Posts : 223
    Windows 7 Home Premium x64
    Thread Starter
       #3

    Okay. Here's the report, It didn't turn up anything to do with the result that superantispyware removed, but it found several other threats.
    Trojan.Agent/Gen-FakeAlert Attached Files
      My Computer


  4. Posts : 6,830
    Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
       #4

    Did you run any hardware scans ?

    Memory test

      My Computer


  5. Posts : 223
    Windows 7 Home Premium x64
    Thread Starter
       #5

    Okay. I will run this tonight since it says that it can take several hours and I have 16 GB of RAM. Are you able to tell me a bit about those other threats that have been found.
      My Computer


  6. Posts : 6,830
    Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
       #6

    Looked liked executables to software except for one that was a temp file with a random number on the name .
      My Computer


  7. Posts : 223
    Windows 7 Home Premium x64
    Thread Starter
       #7

    I looked up the Win32/OpenCandy result and it doesn't really concern me. It's nice to have it removed, but it's not that big a deal to me. I was already aware that my android backups contained viruses, but I don't think they are doing anything to my computer.

    Do you think that the threat detected by superantispyware was a file which became infected or do you think that the file came like that?

    Thanks for all the help so far.
      My Computer


  8. Posts : 6,830
    Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
       #8

    Where did you get those executables ?


    Download HitManPro

    64-Bit Version OS HitmanPro x64

    Drag the HitmanProx64.exe from your Downloads folder to your Desktop

    Right click on HitmanPro.exe and choose Run as administrator

    When HitmanPro opens up

    Click on the Settings button , uncheck Scan for Tracking Cookies click on the OK button

    Click on the Next button

    Click on No, I only want to perform a one-time scan to check this computer on the Setup page . Click Next once done .

    Let it scan the PC once its done Click Next

    Click Activate free license to start the free 30 days trial and remove all the malicious files from your computer then click Next
      My Computer


  9. Posts : 223
    Windows 7 Home Premium x64
    Thread Starter
       #9

    I tried to edit post #7 but you saw it before it was finished. I'm not sure about how the first 3 results came about but the last five are all installers for programs. The HitManPro scan is running now.
      My Computer


  10. Posts : 223
    Windows 7 Home Premium x64
    Thread Starter
       #10

    The scan finished it only turned up a result for softonic which is a third party program installer (I think).
      My Computer


 
Page 1 of 6 123 ... LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 23:29.
Find Us