Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Are these spyware?

26 Feb 2010   #1
shortmantuff

Windows 7 Home Premium x86
 
 
Are these spyware?

Hey guys, I just ran a scan on SUPERAntiSpyware and it found 2 trojans. I don't think either of them are legit trojans but wanted your opinions.

C:\TOSHIBAUPDATE\UPDATEX86.EXE

&

C:\WINDOWS\CLOSESEC.EXE

Also, is there a place on the internet to check for legit spyware files? Like a list that lists them?


My System SpecsSystem Spec
.
26 Feb 2010   #2
Jonathan_King

Windows 7 Professional x64
 
 

Sure, try uploading them here: VirusTotal - Free Online Virus and Malware Scan

That will run it through a number of scanners and give you a report.
My System SpecsSystem Spec
26 Feb 2010   #3
shortmantuff

Windows 7 Home Premium x86
 
 

It said 4/41 programs found it to be spyware (at least I think that is what it means). So, does this mean it's legit?
My System SpecsSystem Spec
.

26 Feb 2010   #4
Jonathan_King

Windows 7 Professional x64
 
 

I'd say it's probably legit. I didn't see much on Google about it being malware either.
My System SpecsSystem Spec
26 Feb 2010   #5
shortmantuff

Windows 7 Home Premium x86
 
 

Both of them are Toshiba based programs. It was just weird because I've ran SUPERAntiSpyware earlier in the week and it didn't detect these. That's why I worried a little.
My System SpecsSystem Spec
26 Feb 2010   #6
Jonathan_King

Windows 7 Professional x64
 
 

You know those anti-virus programs. One day they don't detect anything, the next day they do.
My System SpecsSystem Spec
26 Feb 2010   #7
jav

Windows 7 Ultimate x86 SP1
 
 

can you post links from virustotal scans... please
My System SpecsSystem Spec
26 Feb 2010   #8
shortmantuff

Windows 7 Home Premium x86
 
 

Virustotal. MD5: 9df7b80c4e0bed1c1e3a36a20c4074fd Trojan-Dropper.Win32.Mudrop.flp!A2 Trojan.Agent.ATV Trojan/Downloader.gen

...and I cannot find the other file. I've always been bad at locating files within the computer. I asked for some help on it before but no one responded to me.
My System SpecsSystem Spec
26 Feb 2010   #9
jav

Windows 7 Ultimate x86 SP1
 
 

ok, as I can see you gave results for:

C:\WINDOWS\CLOSESEC.EXE

vendors which detec it right now according to virus total:

a-squared - Trojan-Dropper.Win32.Mudrop.flp!A2 (note that "A2" at the end it means that only a2 engine of the a-sqaured detected it. (a-sqaured uses it's own a2 and Ikarus AV engines)) A-sqaure is known for some False Positives.
CAT-QuickHeal - Trojan.Agent.ATV (not sure about QuickHeal)
McAfee+ Artemis - Artemis!9DF7B80C4E0B(note: McAfee dosen't detect it. It is detected by McAfee Atremis only!) Artemis is cloud based technology, known for some False Positives...
TheHacker - Trojan/Downloader.gen (can't comment on this one)

Further analyses of "C:\WINDOWS\CLOSESEC.EXE" led me to finding to this:
https://forum.f-prot.com/index.php?topic=1694.0

as you can see it's official F-prot (AV company) forum.
And as you can see a few months ago, this file was detected by F-prot as malware aswell.
But look at the last post by F-Prot virus researcher/developer that it is probably False Positive and soon will be deleted from database.
Now from virustotal link you posted, we can see it has indeed been taken out of database.

So, I would say it is probably False Positive.


P.S. Just noticed the Original Poster on the Forum link I gave uses laptop from Toshiba like you.
My System SpecsSystem Spec
26 Feb 2010   #10
shortmantuff

Windows 7 Home Premium x86
 
 

Yeah, I found that link too. I found it after I posted this though.
My System SpecsSystem Spec
Reply

 Are these spyware?




Thread Tools




Similar help and support threads
Thread Forum
Comparable Anti-spyware Software to Super Anti-spyware
I have 2 PCs. I am in the process of setting up both of them with MSE, Super Anti-spyware, and Malware Bytes. I have 2 lifetime licenses for MAB and one lifetime license for SAS. SAS no longer sell lifetime licenses and I need a program that sells lifetime licenses comparable to SAS. Any...
System Security
Spyware, keylogger?
Can someone please explain how spyware and keylogger be put in some software you downloaded? Can they steal your credit card #? Is it done through programming please? Thanks for your advice.
System Security
Viruses and Spyware
Last night my laptop was sitting idle for a few hours. I had Word 2010 minimized but didn't have any documents opened in Word. When I went to shut down my PC, I closed out Word and a document from 2 days ago was opened but minimized. Is it possible for malware to open/minimize documents? No one...
System Security
Spyware? IDK
Every.. Say 3-5 hours I get this random popup in my browser. It's just an image: http://amch.questionmarket.com/static/ninemsn-300x250-1l-eng-nul.gif Not sure where it's from, though. I didn't click anything for it to come up it just does. The URL is: **REMOVED**
Browsers & Mail
I think I've got spyware!!!
I think my Win7 may have spyware!!! Twice today I noticed that when my screensaver was active, it disappeared and went back to my desktop. It just happened again. Are these symptoms of spyware??? :mad::sick:
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 20:27.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App