Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Gromozon trojan?

Started by rl22, Jul 18 2012 09:36 PM

Please log in to reply

3 replies to this topic

#1 rl22

Member

Members
10 posts

Posted 18 July 2012 - 09:36 PM

SAS quick scan shows 11 instances of The trojan Gromozon. After selecting "remolve threats" and rebooting, all 11 show up again.

I searched SAS web site for an explanation but only found one forum question concerning Gromozon from 2006 which was unaswered.

No other virus/malware scan from other vendors shows an infection.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/18/2012 at 11:44 AM

Application Version : 5.1.1002

Core Rules Database Version : 8919
Trace Rules Database Version: 6731

Scan type : Quick Scan
Total Scan Time : 00:07:15

Operating System Information
Windows Vista Home Premium 32-bit (Build 6.00.6000)
UAC Off - Administrator

Memory items scanned : 484
Memory threats detected : 0
Registry items scanned : 27237
Registry threats detected : 0
File items scanned : 6695
File threats detected : 11

Trojan.Gromozon (RootKit)
C:\USERS\PAVILION\DESKTOP\THUMBS.MS\COM1.{D3E34B21-9D75-101A-8C3D-00AA001A1652}\?ã.\LASTF\360AMIGO SYSTEM SPEEDUP.LNK
C:\USERS\PAVILION\DESKTOP\THUMBS.MS\COM1.{D3E34B21-9D75-101A-8C3D-00AA001A1652}\?ã.\LASTF\DOCCHECKLIST.PDF
C:\USERS\PAVILION\DESKTOP\THUMBS.MS\COM1.{D3E34B21-9D75-101A-8C3D-00AA001A1652}\?ã.\LASTF\FREE WINDOW REGISTRY REPAIR.LNK
C:\USERS\PAVILION\DESKTOP\THUMBS.MS\COM1.{D3E34B21-9D75-101A-8C3D-00AA001A1652}\?ã.\LASTF\INSTRUCTIONS_FOR_THEWORK.PDF
C:\USERS\PAVILION\DESKTOP\THUMBS.MS\COM1.{D3E34B21-9D75-101A-8C3D-00AA001A1652}\?ã.\LASTF\OPENOFFICE.ORG 3.0 (EN-US) INSTALLATION FILES\LICENSES\LICENSE_EN-US.HTML
C:\USERS\PAVILION\DESKTOP\THUMBS.MS\COM1.{D3E34B21-9D75-101A-8C3D-00AA001A1652}\?ã.\LASTF\OPENOFFICE.ORG 3.0 (EN-US) INSTALLATION FILES\READMES\README_EN-US.HTML
C:\USERS\PAVILION\DESKTOP\THUMBS.MS\COM1.{D3E34B21-9D75-101A-8C3D-00AA001A1652}\?ã.\LASTF\OPENOFFICE.ORG 3.0 (EN-US) INSTALLATION FILES\SETUP.EXE
C:\USERS\PAVILION\DESKTOP\THUMBS.MS\COM1.{D3E34B21-9D75-101A-8C3D-00AA001A1652}\?ã.\LASTF\ORBIT.LNK
C:\USERS\PAVILION\DESKTOP\THUMBS.MS\COM1.{D3E34B21-9D75-101A-8C3D-00AA001A1652}\?ã.\LASTF\PASSWORD-FOLDER-SETUP-BETA.EXE
C:\USERS\PAVILION\DESKTOP\THUMBS.MS\COM1.{D3E34B21-9D75-101A-8C3D-00AA001A1652}\?ã.\LASTF\RADIOSURE.LNK
C:\USERS\PAVILION\DESKTOP\THUMBS.MS\COM1.{D3E34B21-9D75-101A-8C3D-00AA001A1652}\?ã.\LASTF\USB SAFEGUARD (J).LNK

Back to top

#2 GuiltySpark

Advanced Member

Moderators
439 posts

LocationThe Space Between Two Points

Posted 19 July 2012 - 09:09 PM

Hi rl22 ,

If you believe you are infected try THIS tool.

Its designed to pick out Rootkits.

Using No Way - As Way, Having No Limitation - As Limitation.

http://techstep123.co.uk/

http://tgigeeks.boards.net/

Back to top

#3 rl22

Member

Members
10 posts

Posted 20 July 2012 - 03:52 PM

Thanks for the response. I had tried the Prevx tool and it found no infection. I don't experience any anomalies with web sites so, I don't "believe" I am infected.
I'll assume SAS is messed up.

Back to top

#4 SAS Customer Service

Advanced Member

Moderators
890 posts

Posted 20 July 2012 - 04:11 PM

If you use the built-in false positive reporter on the summary screen, it will send information to our definitions team about those items and if they are false positives they will be corrected.

Customer Service
SUPERAntiSpyware
www.superantispyware.com