Welcome, Guest. Please Login or Register.
Search
Members
Login
Register
   Mischel Internet Security Forum
   TrojanHunter
   TrojanHunter Guard (Moderators: Helena, Gavin_Coe, Magnus)
   FakeAV.100		 « Previous topic | Next topic »
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print
   Author  Topic: FakeAV.100  (Read 1833 times)
xylophone
Newbie
*





   


Posts: 20
FakeAV.100
« on: Jun 4th, 2008, 3:33am »		 Quote Quote  Modify Modify
I run a domestic Dell XP.  Trojan Hunter 5, which I have been running for about a year now, has this morning, and for the first time, detected a trojan, as above.  A search reveals it is in use, with other trojans, by a hacker, dreaded word, in Beijing.
 
I also run Comodo Firewall, BOClean, Avast AV, Spybot, and CCleaner, and other protections.
 
This is a new situation for me.  How far should I be worried about this Trojan, which I have now quarantined?  
 
Thanks
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 7358
Re: FakeAV.100
« Reply #1 on: Jun 4th, 2008, 3:59am »		 Quote Quote  Modify Modify
What was the name of the file that TH detected and quarantined?
IP Logged
______
TrojanHunter V5.5.1002...No. 1 AT in my Book and on my Box(es)! Windows 7 x64 Professional on a Dell XPS 410, 8 gbyte RAM, dual WD VelociRaptors, dual 24" UltraSharp FPD monitors, Logitech 5.1 Surround Sound; Windows 7 x86 Professional on a Dell Vostro 220s, 4 gbyte RAM, dual WD VelociRaptors. Common: router, cable modem.
xylophone
Newbie
*





   


Posts: 20
Re: FakeAV.100
« Reply #2 on: Jun 4th, 2008, 4:12am »		 Quote Quote  Modify Modify
Thanks
 
According to the Log file:
 
'C:\Installed\RNPatch65.exe'
 
The Installed folder speaks for itself: it's my default location for  downloads.
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 7358
Re: FakeAV.100
« Reply #3 on: Jun 4th, 2008, 4:20am »		 Quote Quote  Modify Modify
Hmmm,,, this may be a False Positive.
 
Would you please submit the file from the Quarantine folder of TrojanHunter for analysis.  You will find it at C:\Program Files\TrojanHunter 5.0\Quarantine.
 
The link below describes how to submit a file for analysis.
 
http://www.misec.net/forum/board/FAQ/1139308293
 
If you do not hear back from Gavin or Magnus in 2-3 days, please holler back here.  With the server problems that are occurring at The Planet in Texas, things could get lost.
IP Logged
______
TrojanHunter V5.5.1002...No. 1 AT in my Book and on my Box(es)! Windows 7 x64 Professional on a Dell XPS 410, 8 gbyte RAM, dual WD VelociRaptors, dual 24" UltraSharp FPD monitors, Logitech 5.1 Surround Sound; Windows 7 x86 Professional on a Dell Vostro 220s, 4 gbyte RAM, dual WD VelociRaptors. Common: router, cable modem.
xylophone
Newbie
*





   


Posts: 20
Re: FakeAV.100
« Reply #4 on: Jun 4th, 2008, 4:59am »		 Quote Quote  Modify Modify
Thanks.
 
Am I to assume, when you mention wait 2-3 days, that it does not appear to you to be a problem that requires to be fixed immediately.
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 7358
Re: FakeAV.100
« Reply #5 on: Jun 4th, 2008, 5:13am »		 Quote Quote  Modify Modify
If I understood correctly, TH has already quarantined the file.  This neutralizes it and it should not be a problem.
IP Logged
______
TrojanHunter V5.5.1002...No. 1 AT in my Book and on my Box(es)! Windows 7 x64 Professional on a Dell XPS 410, 8 gbyte RAM, dual WD VelociRaptors, dual 24" UltraSharp FPD monitors, Logitech 5.1 Surround Sound; Windows 7 x86 Professional on a Dell Vostro 220s, 4 gbyte RAM, dual WD VelociRaptors. Common: router, cable modem.
xylophone
Newbie
*





   


Posts: 20
Re: FakeAV.100
« Reply #6 on: Jun 4th, 2008, 6:37am »		 Quote Quote  Modify Modify
Of course.
 
Another problem - with zipping.  The instructions on that, that I am led to via the link you supplied, say
 
'1. Using Windows Explorer, locate the first file you want to zip.
2. Right click on the file and select “Send To” and “Compressed (zipped) Folder.” This will create a new compressed folder with the same name as the file, except with the extension .zip.'
 
I don't have a Compressed (zipped) Folder Send to link.  So I did a search, learned how to install it, and ran the line that does so, which it did successfully.  But no sign of it anywhere on my PC (e.g. Admin tools/Component Services/Services, no mention).  Perhaps this is because I have XP SP1 only?
 
My concern now is that if I send the file to you zipped, using my preferred zip program (CamUnzip) you may not be able to open it.  Please therefore advise on which zip program I should use.
 
IP Logged
xylophone
Newbie
*





   


Posts: 20
Re: FakeAV.100
« Reply #7 on: Jun 4th, 2008, 7:23am »		 Quote Quote  Modify Modify
Please ignore my last message about Windows compressed zip.  Have now installed it.  Worked out that so long as I had any other zip programs on the PC, the install not work.  Removed those, when worked.  Will now send off the file to your technical bods, but later today.
 
Many thanks for your help.  Appreciated
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 7358
Re: FakeAV.100
« Reply #8 on: Jun 4th, 2008, 7:38am »		 Quote Quote  Modify Modify
You are very welcome... and thanks for the submittal (in advance).  Wink
IP Logged
______
TrojanHunter V5.5.1002...No. 1 AT in my Book and on my Box(es)! Windows 7 x64 Professional on a Dell XPS 410, 8 gbyte RAM, dual WD VelociRaptors, dual 24" UltraSharp FPD monitors, Logitech 5.1 Surround Sound; Windows 7 x86 Professional on a Dell Vostro 220s, 4 gbyte RAM, dual WD VelociRaptors. Common: router, cable modem.
Gavin_Coe
Trojan Analyst
*****





   
WWW  

Gender: male
 Posts: 3912
Re: FakeAV.100
« Reply #9 on: Jun 5th, 2008, 12:06am »		 Quote Quote  Modify Modify
Thanks, am still trying to catch up with all the downloads and trojans but will fix this immediately
IP Logged
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print

« Previous topic | Next topic »