Jump to content


Photo

Trojan.Agent/Gen-Kryptik


  • Please log in to reply
75 replies to this topic

#1 peteh

peteh

    Newbie

  • Members
  • Pip
  • 1 posts

Posted 27 August 2012 - 02:00 PM

Since my last update SuperAntiSpyWare has been reporting Trojan.Agent/Gen-Kryptik it is locating it in SuperAntiSpyWare's own files

What point is there using a problem that appears to report itself as a threat?

#2 rcdailey

rcdailey

    Newbie

  • Members
  • Pip
  • 8 posts

Posted 27 August 2012 - 02:14 PM

I noticed that same detection today, when SAS blocked what it said was that malware while I was browsing, but then identified 41 instances of infection when I started a full scan, including the files belonging to Malwarebytes Pro. I stopped the scan because I did not want to quarantine Malwarebytes. Instead, I am runnning a full scan using Malwarebytes at this moment. I doubt that Malwarebytes would run at all if infected, but I will do some other scans if possible to see whether any other software detects an infection.

#3 Veritor

Veritor

    Member

  • Members
  • PipPip
  • 14 posts

Posted 27 August 2012 - 02:18 PM

Similar experience. In my case, I had gone on vacation and got back yesterday. I had scanned all my computers (Norton, MWB, SAS, all clean) and then shut them all down for the week. I booted them back up yesterday, checked email and did some minor browsing to generally safe sites, news sites, Drudge Report, etc.

4 different computers this morning report infestations of this trojan, even in SAS operating files, in OpenOffice install files (which I haven't used in months), even in install files of old programs lke Corel Ventura (now that's old!) I run the PRO versions of these softwares and I run a FULL SAS scan every night at 2am. Last night's scans ran entirely clean.

I noticed you pushed through an update around 6am this morning with inclusion of detection info for this particular Trojan and a bunch of others.

Either we've all been infected for a long long time and never knew it, despite diligently using your software (and others) regularly, OR... something is wrong with the signature info you've assigned to these viruses and your engine is picking up entirely safe files as infected.

I'm a cautious guy, I don't want to assume the first is impossible. But we do all need some of your expert guidance here, SAS!

#4 genegold

genegold

    Advanced Member

  • Members
  • PipPipPip
  • 48 posts

Posted 27 August 2012 - 02:20 PM

For me, out of the blue SAS Pro is identifying Unlocker and all its components as this Trojan. Obviously, someone messed up on SAS's end.

#5 rcdailey

rcdailey

    Newbie

  • Members
  • Pip
  • 8 posts

Posted 27 August 2012 - 02:24 PM

So far, nothing discovered by Malwarebytes Pro, but full scan continues.  I will probably run a full scan with Eset after this, but that takes a long time.

#6 badges

badges

    Newbie

  • Members
  • Pip
  • 2 posts

Posted 27 August 2012 - 02:26 PM

I have the identical sanario as Veritor. My system was off after a week and booted up this am. After an update I have 500+ infections of Trojan.Agent/Gen-Kryptik.

#7 Veritor

Veritor

    Member

  • Members
  • PipPip
  • 14 posts

Posted 27 August 2012 - 02:27 PM

Ok, I had another system, also shut down for a week after a clean scan. I haven't TOUCHED this system since I got back from a week's vacation. Just booted it up, updated SAS and am starting a scan. So far it's found 4 instances of this same purported Trojan.

I'm no expert, you guys are, but I'm gonna suggest something is out-of-whack with the virus definitions released this morning. It's very hard for an unpowered computer to pick up an infection.

#8 crusain

crusain

    Newbie

  • Members
  • Pip
  • 1 posts

Posted 27 August 2012 - 02:27 PM

Same deal here. SAS detected, this AM, Trojan.Agent/Gen-Kryptik in real time (Nuance PDF program). Once I did quick scan, SAS detected 135 instances, many are copies of safe exe installer programs that I keep in a storage file.

I took the real time detection out of quarantine and shut down SAS. I ran Malwarebytes and MSE with no detections. UGH!

#9 Veritor

Veritor

    Member

  • Members
  • PipPip
  • 14 posts

Posted 27 August 2012 - 02:56 PM

One of my computers, the only one of the bunch running XP, cannot clean these "infections", even in safe mode:

C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SUPERANTISPYWARE.COM\SUPERANTISPYWARE\SDDLLS\SD10005.DLL

C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SUPERANTISPYWARE.COM\SUPERANTISPYWARE\SDDLLS\SD10006.DLL

C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SUPERANTISPYWARE.COM\SUPERANTISPYWARE\SDDLLS\SD10007.DLL

They get picked up by REAL-TIME PROTECTION, which is nice to see, but the scan reports them, purports to remove them, but they come right back even after a reboot. This is even using safe mode to run the scan.

Are these legit SAS files and/or has this virus infected your own program?


PS

On a Vista-32 bit system, also never used since being shut down for a week until now scanned. These persist through multiple attempts to remove as well:

Trojan.Agent/Gen-Kryptik

C:\PROGRAMDATA\SUPERANTISPYWARE.COM\SUPERANTISPYWARE\SDDLLS\SD10005.DLL
C:\PROGRAMDATA\SUPERANTISPYWARE.COM\SUPERANTISPYWARE\SDDLLS\SD10005.DLL
C:\PROGRAMDATA\SUPERANTISPYWARE.COM\SUPERANTISPYWARE\SDDLLS\SD10006.DLL
C:\PROGRAMDATA\SUPERANTISPYWARE.COM\SUPERANTISPYWARE\SDDLLS\SD10006.DLL
C:\PROGRAMDATA\SUPERANTISPYWARE.COM\SUPERANTISPYWARE\SDDLLS\SD10007.DLL
C:\PROGRAMDATA\SUPERANTISPYWARE.COM\SUPERANTISPYWARE\SDDLLS\SD10007.DLL



#10 rcdailey

rcdailey

    Newbie

  • Members
  • Pip
  • 8 posts

Posted 27 August 2012 - 03:00 PM

I checked again and found that real-time protection removed five files.  Two were in restore, and three were in SAS own app folder:  SD10005.DLL, SD10006.DLL, and SD10007.DLL.  Those can't be restored, but I believe that they are part of the installation process and aren't really needed by SAS for normal operations.  I could be wrong about that.

Correction, I can restore them, but I think I will wait for an update to SAS definitions so that I don't have to go through this whole thing again.

Added:  Full scan for both partitions on my hard drive just completed using Malwarebytes Pro found no infections.  I'm still going to wait for an update to the definitions for SAS before restoring the quarantined files, but I have disabled real-time protection for now.  I may also exit the program, especially if no new definitions show up today.

Finally, you can all come out of your storm cellars.  The sky is clear and all is well.  Core: 9127 Trace: 6939 fixes the problem.  Get the update if you have not already done so.

#11 GuiltySpark

GuiltySpark

    Volunteer Mod

  • Moderators
  • 1,016 posts
  • LocationThe Space Between Two Points

Posted 27 August 2012 - 03:06 PM

As above.

Updates are a joke today I got to 366 Critical threats before I cancelled the scan after checking the files they were seriously over sensitive findings - MBAM, Defraggler, SAS, CCleaner many more which I know are safe.

http://www.screencas...m/t/imj0uY0a6g1

http://www.screencast.com/t/hT02ZVlp

http://www.screencast.com/t/vcC7JrEal

http://www.screencast.com/t/6GFdDkbob0

http://www.screencast.com/t/bvbY9UZi

http://www.screencast.com/t/U9SjjSZP

To name but a couple.

                                                                                                           Using No Way - As Way, Having No Limitation - As Limitation.


                                                                                                                         Techstep123                            http://tgigeeks.net/

 

                                                                                                                         Anonysome Emporium                                T.I.M


#12 Reversemidas

Reversemidas

    Newbie

  • Members
  • Pip
  • 4 posts

Posted 27 August 2012 - 03:22 PM

Yes. I too am getting the same results for SAS running this morning. I canclled it out. Went to Virustotal.com and selectively ran some of the files to see if it comes up positive. Nope. All 41 programs gave it no virus on Virustotal.com, which btw SAS is 1 of the 41 virus programs it runs. What gives? Also Ran Malware btyes, same thing nothing. So is this a false positive and when will SAS folks fix this?

#13 abucha3

abucha3

    Newbie

  • Members
  • Pip
  • 1 posts

Posted 27 August 2012 - 03:27 PM

Did a scan early this morning about 2am on both SAS and Spy-Bot, and those came clean with the removal of a few tracking cookies.

I also applied the update today and suddenly I am finding these infections in SAS files, AVG files and CC cleaner files to name a few. Quite worried so disconnected my internet and in the process of running a full scan (131 detections of this trojan so far) and now my netbook is beginning to detect the same trojan!

Surely this cannot be right when I just ran a scan last night?!

Not sure what to do now! Glad others are in the same situation I guess...

#14 Duke

Duke

    Newbie

  • Members
  • Pip
  • 1 posts

Posted 27 August 2012 - 03:41 PM

I think there is a trend here. :)
Just to be safe I did 3 online scans and nothing was flagged as infected. I hope they get this sorted out soon, because until it is, SuperAntiSpyware is pretty much useless.

#15 dennisch

dennisch

    Newbie

  • Members
  • Pip
  • 1 posts

Posted 27 August 2012 - 03:58 PM

I too have the same problem as all the rest on this post. How can we tll if SAS is working on it. Seems like this site is beibg hit hard by users. SAS quarantined a lot of files needed by my computer, I had to restore them.

c'mon SAS give us a message!!!

#16 SAS Customer Service

SAS Customer Service

    Advanced Member

  • Moderators
  • 1,018 posts

Posted 27 August 2012 - 04:06 PM

There was an issue affecting some users which has been corrected with the latest release, please update your definitions now. Any items removed can be restored by opening SUPERAntiSpyware, clicking Manage Quarantine, selecting the detection and clicking Restore.
Customer Service
SUPERAntiSpyware
www.superantispyware.com

#17 Buddahfan

Buddahfan

    Advanced Member

  • Members
  • PipPipPip
  • 64 posts

Posted 27 August 2012 - 04:15 PM

Same problem here. SAS Pro is detecting iWSASC.exe as a Trojan.Agent/Gen-Kryptik. I scanned the file with Malwarebyes, avast! AIS, IObit Malware Fighter, Eset nod32. None of them showed that the file contained or was Malware.

#18 kcazzie

kcazzie

    Newbie

  • Members
  • Pip
  • 5 posts

Posted 27 August 2012 - 04:17 PM

I'm leaving on vacation and while shutting down this PC I run into this ( I had closed all my other PCs last night) - Trojan.Agent/Gen-Kryptik and its brothers and sisters - Rebooting the PC (having Pro) it would be picked usually soon as the PC was on... There was nothing I could have done but you never know... But after what I read this is a FALSE Postive and not the first from this application...

Off for a little R and R and hope when I get back this will old and in the way... ;) ...

A

Edit; FIXED, with I guess new update ~ 12:06pm CDT (us)
Thank You...
Now on to R and R 2 hrs late !!

#19 DaveHorne

DaveHorne

    Member

  • Members
  • PipPip
  • 20 posts
  • LocationVught, Netherlands

Posted 27 August 2012 - 04:19 PM

Same problem here ... and it's a good thing I Googled this Gen-Kryptic trojan before I deleted files from within SuperSpyware and a few other files in programs that I cannot imagine need to be deleted.

I didn't delete those 'critical' files and made a copy which I'll post here. I updated SuperSpyware and hope the next scan doesn't show all those what I believe are false positives.

I tried to upload that LOG file but had no luck. I'll assume the server here is being flooded with this issue.

#20 gailee

gailee

    Newbie

  • Members
  • Pip
  • 1 posts

Posted 27 August 2012 - 04:25 PM

I too was getting notifications and hundreds of threats. My SAS on both computers said it was updated 1 hr or 2 hrs ago but the latest release was not installed. The database verison I had (9126) had this threat listed but the update to 9127 does not. Strange. Running scans now and seems clean




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users