Hey guys, I just ran a scan on SUPERAntiSpyware and it found 2 trojans. I don't think either of them are legit trojans but wanted your opinions.
C:\TOSHIBAUPDATE\UPDATEX86.EXE
&
C:\WINDOWS\CLOSESEC.EXE
Also, is there a place on the internet to check for legit spyware files? Like a list that lists them?
Sure, try uploading them here: VirusTotal - Free Online Virus and Malware Scan
That will run it through a number of scanners and give you a report.
It said 4/41 programs found it to be spyware (at least I think that is what it means). So, does this mean it's legit?
Both of them are Toshiba based programs. It was just weird because I've ran SUPERAntiSpyware earlier in the week and it didn't detect these. That's why I worried a little.
You know those anti-virus programs. One day they don't detect anything, the next day they do.
can you post links from virustotal scans... please :)
Virustotal. MD5: 9df7b80c4e0bed1c1e3a36a20c4074fd Trojan-Dropper.Win32.Mudrop.flp!A2 Trojan.Agent.ATV Trojan/Downloader.gen
...and I cannot find the other file. I've always been bad at locating files within the computer. I asked for some help on it before but no one responded to me.
ok, as I can see you gave results for:
C:\WINDOWS\CLOSESEC.EXE
vendors which detec it right now according to virus total:
a-squared - Trojan-Dropper.Win32.Mudrop.flp!A2 (note that "A2" at the end it means that only a2 engine of the a-sqaured detected it. (a-sqaured uses it's own a2 and Ikarus AV engines)) A-sqaure is known for some False Positives.
CAT-QuickHeal - Trojan.Agent.ATV (not sure about QuickHeal)
McAfee+ Artemis - Artemis!9DF7B80C4E0B(note: McAfee dosen't detect it. It is detected by McAfee Atremis only!) Artemis is cloud based technology, known for some False Positives...
TheHacker - Trojan/Downloader.gen (can't comment on this one)
Further analyses of "C:\WINDOWS\CLOSESEC.EXE" led me to finding to this:
https://forum.f-prot.com/index.php?topic=1694.0
as you can see it's official F-prot (AV company) forum.
And as you can see a few months ago, this file was detected by F-prot as malware aswell.
But look at the last post by F-Prot virus researcher/developer that it is probably False Positive and soon will be deleted from database.
Now from virustotal link you posted, we can see it has indeed been taken out of database.
So, I would say it is probably False Positive.
P.S. Just noticed the Original Poster on the Forum link I gave uses laptop from Toshiba like you.
Yeah, I found that link too. I found it after I posted this though.
Quote