4 replies to this topic

[Mobli1]

Hi,

I have 2 computers - a desktop running WinXPSP3 and a laptop running Windows7 64Bit. Both are protected by Norton Internet Security.

On 9th July I ran a SUPERAntiSpyware update and a full scan - something I generally do once a week. A few tracking cookies were picked up as usual but both machines reported the same problem in D:\WINDOWS\INSTALLER - see the trace below

I intially thought these must be false positives but since then the desktop machine has been behaving in odd ways. I tried to manually run a Windows Update but something is preventing it from working. The Windows update screen loads as usual but instead of examining my PC it tried to install a new Update.exe and when I cancelled it went to a new page that stated:

Internet Explorer has closed this webpage to help protect your computer
A malfuntioning or malicious add-on has caused Internet Explorer to close this webpage.

I don't remeber this ever happening before so I took some screenshots and closed the browser. I tried to attached the screenshots to this posting but it returned a server error - will try again later. To me everything looks OK but I'm very suspicous of any automated download at the moment. And this is different behaviour to all my previous Windows Updates. It feels like something is not right..

Do you think this is a genuine Microsoft download or something else?

Since then, Firefox has also started redirecting to youtube and there are often long delays when browsing and opening Windows Explorer. It feels like something is working away in the background.

Please help, any help much appreciated, I'm not sure what to do next as Norton reports nothing.

Thank you
Mike

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/10/2012 at 01:59 AM

Application Version : 5.0.1150

Core Rules Database Version : 8867
Trace Rules Database Version: 6679

Scan type : Complete Scan
Total Scan Time : 02:56:09

Operating System Information
Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 240
Memory threats detected : 0
Registry items scanned : 34652
Registry threats detected : 0
File items scanned : 138591
File threats detected : 26

Adware.Tracking Cookie
www.counterterrorexpo.com [ D:\DOCUMENTS AND SETTINGS\HOME\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LG9W4WF0.DEFAULT\COOKIES.SQLITE ]
.marinetraffic.com [ D:\DOCUMENTS AND SETTINGS\HOME\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LG9W4WF0.DEFAULT\COOKIES.SQLITE ]
.marinetraffic.com [ D:\DOCUMENTS AND SETTINGS\HOME\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LG9W4WF0.DEFAULT\COOKIES.SQLITE ]
.marinetraffic.com [ D:\DOCUMENTS AND SETTINGS\HOME\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LG9W4WF0.DEFAULT\COOKIES.SQLITE ]
.marinetraffic.com [ D:\DOCUMENTS AND SETTINGS\HOME\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LG9W4WF0.DEFAULT\COOKIES.SQLITE ]
.marinetraffic.com [ D:\DOCUMENTS AND SETTINGS\HOME\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LG9W4WF0.DEFAULT\COOKIES.SQLITE ]
.marinetraffic.com [ D:\DOCUMENTS AND SETTINGS\HOME\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LG9W4WF0.DEFAULT\COOKIES.SQLITE ]
.marinetraffic.com [ D:\DOCUMENTS AND SETTINGS\HOME\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LG9W4WF0.DEFAULT\COOKIES.SQLITE ]
.marinetraffic.com [ D:\DOCUMENTS AND SETTINGS\HOME\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LG9W4WF0.DEFAULT\COOKIES.SQLITE ]
.marinetraffic.com [ D:\DOCUMENTS AND SETTINGS\HOME\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LG9W4WF0.DEFAULT\COOKIES.SQLITE ]
.marinetraffic.com [ D:\DOCUMENTS AND SETTINGS\HOME\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LG9W4WF0.DEFAULT\COOKIES.SQLITE ]
.marinetraffic.com [ D:\DOCUMENTS AND SETTINGS\HOME\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LG9W4WF0.DEFAULT\COOKIES.SQLITE ]
.marinetraffic.com [ D:\DOCUMENTS AND SETTINGS\HOME\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LG9W4WF0.DEFAULT\COOKIES.SQLITE ]
.marinetraffic.com [ D:\DOCUMENTS AND SETTINGS\HOME\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LG9W4WF0.DEFAULT\COOKIES.SQLITE ]
.marinetraffic.com [ D:\DOCUMENTS AND SETTINGS\HOME\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LG9W4WF0.DEFAULT\COOKIES.SQLITE ]
.marinetraffic.com [ D:\DOCUMENTS AND SETTINGS\HOME\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LG9W4WF0.DEFAULT\COOKIES.SQLITE ]
.marinetraffic.com [ D:\DOCUMENTS AND SETTINGS\HOME\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LG9W4WF0.DEFAULT\COOKIES.SQLITE ]
.marinetraffic.com [ D:\DOCUMENTS AND SETTINGS\HOME\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LG9W4WF0.DEFAULT\COOKIES.SQLITE ]
.marinetraffic.com [ D:\DOCUMENTS AND SETTINGS\HOME\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LG9W4WF0.DEFAULT\COOKIES.SQLITE ]
.marinetraffic.com [ D:\DOCUMENTS AND SETTINGS\HOME\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LG9W4WF0.DEFAULT\COOKIES.SQLITE ]
.marinetraffic.com [ D:\DOCUMENTS AND SETTINGS\HOME\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LG9W4WF0.DEFAULT\COOKIES.SQLITE ]
.dealtime.com [ D:\DOCUMENTS AND SETTINGS\HOME\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LG9W4WF0.DEFAULT\COOKIES.SQLITE ]
stat.dealtime.com [ D:\DOCUMENTS AND SETTINGS\HOME\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LG9W4WF0.DEFAULT\COOKIES.SQLITE ]
.stats.paypal.com [ D:\DOCUMENTS AND SETTINGS\HOME\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LG9W4WF0.DEFAULT\COOKIES.SQLITE ]

Trojan.Agent/Gen-Virut
D:\WINDOWS\INSTALLER\{90110409-6000-11D3-8CFE-0150048383C9}\MISC.EXE
D:\WINDOWS\INSTALLER\{90A40409-6000-11D3-8CFE-0150048383C9}\MISC.EXE

[SAS Customer Service]

This was a false positive which was fixed, please update your definitions.

[tigin]

I had also opened a topic about this subject at http://forums.supera...false-positive/ two days ago. So, my alerts are also all false/positives?

[SAS Customer Service]

Yes, the Trojan.Agent/Gen-Virut rule detections were false positives.

[Mobli1]

I tried again this morning to upload a file to this forum but got a server error again. I tried both the simple and advanced uploader and got the same error. Is it a problem at your end?