MarkAW

Trojan.Agent/Gen-Siggen, Trojan.Agent/Gen-Agent, Trojan.Agent/Gen-Agentsmall

18 posts in this topic

After this mornings Def update two of my systems that have SAS started flagging Avast as a trojan. So i ran scans on all of my systems and all that have SAS installed on them are flagging my Avast antivirus as the above trojan agents.

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

Generated 12/21/2012 at 10:39 AM

Application Version : 5.6.1014

Core Rules Database Version : 9775

Trace Rules Database Version: 7587

Scan type : Complete Scan

Total Scan Time : 00:27:36

Operating System Information

Windows 7 Professional 32-bit, Service Pack 1 (Build 6.01.7601)

UAC On - Limited User

Memory items scanned : 666

Memory threats detected : 3

Registry items scanned : 37323

Registry threats detected : 12

File items scanned : 36014

File threats detected : 9

Trojan.Agent/Gen-Siggen

HKLM\System\ControlSet001\Services\ASWFSBLK

C:\WINDOWS\SYSTEM32\DRIVERS\ASWFSBLK.SYS

HKLM\System\ControlSet001\Enum\Root\LEGACY_ASWFSBLK

HKLM\System\ControlSet002\Services\ASWFSBLK

HKLM\System\ControlSet002\Enum\Root\LEGACY_ASWFSBLK

HKLM\System\CurrentControlSet\Services\ASWFSBLK

HKLM\System\CurrentControlSet\Enum\Root\LEGACY_ASWFSBLK

C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\ASWIDLE.DLL

C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\ASWIDLE.DLL

C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\SETUP\INF\ASWFSBLK.SYS

Trojan.Agent/Gen-Agent

HKLM\System\ControlSet001\Services\AVAST! ANTIVIRUS

C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\AVASTSVC.EXE

HKLM\System\ControlSet001\Enum\Root\LEGACY_AVAST! ANTIVIRUS

HKLM\System\ControlSet002\Services\AVAST! ANTIVIRUS

HKLM\System\ControlSet002\Enum\Root\LEGACY_AVAST! ANTIVIRUS

HKLM\System\CurrentControlSet\Services\AVAST! ANTIVIRUS

HKLM\System\CurrentControlSet\Enum\Root\LEGACY_AVAST! ANTIVIRUS

C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\AVASTSVC.EXE

C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\SCREENHOOKS32.DLL

C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\SETUP\INF\ASWRDR.SYS

Trojan.Agent/Gen-Agentsmall

C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\AHRESJS.DLL

C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\AHRESJS.DLL

C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\ASWRUNDLL.EXE

C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\DEFS\12122100\FWAUX.DLL

Share this post


Link to post
Share on other sites

Same thing has happened to me, I also use Avast. Currently running a scan, and 4 different trojans detected, all related to Avast software. I foresee problems if I allow all this to be quarantined. This needs a quick response from SAS.

Share this post


Link to post
Share on other sites

I have Alot of Customers that are having this issue and I have to stand behind it without pay Because i Recommend SAS and Avast I Can't have 2 Programs I Recommend Disabling each other.

Share this post


Link to post
Share on other sites

Having the same problem. I uninstalled Avast for now and installed MSE. I also had problems with false positives with Chrome so I have turned SAS off until they get this fixed.

Share this post


Link to post
Share on other sites

Since posting this i have run scans on my systems with Malwarebytes Anti-Malware 1.70.0.1100 and HitmanPro 3.7.0 build 185 and neither program found anything.

HitmanPro 3.7.0.185

www.hitmanpro.com

Computer name . . . . :

Windows . . . . . . . : 6.1.1.7601.X86/2

User name . . . . . . :

UAC . . . . . . . . . : Enabled

License . . . . . . . :

Scan date . . . . . . : 2012-12-21 12:45:20

Scan mode . . . . . . : EWS

Scan duration . . . . : 3m 32s

Disk access mode . . : Direct disk access (SRB)

Cloud . . . . . . . . : Internet

Reboot . . . . . . . : No

Threats . . . . . . . : 0

Traces . . . . . . . : 0

Objects scanned . . . : 797,827

Files scanned . . . . : 8,773

Remnants scanned . . : 224,231 files / 564,823 keys

Malwarebytes Anti-Malware (PRO) 1.70.0.1100

www.malwarebytes.org

Database version: v2012.12.21.10

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 10.0.9200.16439

[administrator]

Protection: Enabled

21/12/2012 12:45:59 PM

mbam-log-2012-12-21 (12-45-59).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 199517

Time elapsed: 12 minute(s), 10 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Share this post


Link to post
Share on other sites

We have had two updates in the last hour. I think they have it fixed.

" Database Version 9777 - 12-21-2012

Trojan.Agent/Gen 1 Items Added/Updated Trojan.Agent/Gen-Dropper 2 Items Added/Updated Trojan.Agent/Gen-FakeAlert 1 Items Added/Updated Trojan.Agent/Gen-FakeAV 1 Items Added/Updated Trojan.Agent/Gen-Frauder 1 Items Added/Updated

Database Version 9776 - 12-21-2012

Trojan.Agent/Gen-FakeAV 1 Items Added/Updated Trojan.Agent/Gen-Inject 1 Items Added/Updated Trojan.Agent/Gen-KillAV 1 Items Added/Updated Trojan.Agent/Gen-Klez 1 Items Added/Updated Trojan.Agent/Gen-Rimecud 1 Items Added/Updated Trojan.Agent/Gen-Spy 1 Items Added/Updated Trojan.Agent/Gen-Tepfer 1 Items Added/Updated"

Share this post


Link to post
Share on other sites

We have had two updates in the last hour. I think they have it fixed.

" Database Version 9777 - 12-21-2012

Trojan.Agent/Gen 1 Items Added/Updated Trojan.Agent/Gen-Dropper 2 Items Added/Updated Trojan.Agent/Gen-FakeAlert 1 Items Added/Updated Trojan.Agent/Gen-FakeAV 1 Items Added/Updated Trojan.Agent/Gen-Frauder 1 Items Added/Updated

Database Version 9776 - 12-21-2012

Trojan.Agent/Gen-FakeAV 1 Items Added/Updated Trojan.Agent/Gen-Inject 1 Items Added/Updated Trojan.Agent/Gen-KillAV 1 Items Added/Updated Trojan.Agent/Gen-Klez 1 Items Added/Updated Trojan.Agent/Gen-Rimecud 1 Items Added/Updated Trojan.Agent/Gen-Spy 1 Items Added/Updated Trojan.Agent/Gen-Tepfer 1 Items Added/Updated"

Yup just downloaded and installed the second update and it seems to have worked. Thanks :-)

Share this post


Link to post
Share on other sites

I too am having problems, but mine seem a little more complicated than what I've read below.

I have been using the free SUPERAntiSpyware for quite a long time and finally purchased it. If this isn't fixed, I want my money back.

On my main desktop, after I scanned and then quarantined/removed these Trojan infections, I rebooted and that action completely disabled Avast. I had to go through the whole process of uninstalling and reinstalling, and then everything was fine, until I opened SAS, when I got the warning window all over again. I just disabled it.

I have an older Gateway laptop on which I also have SAS and Avast. When I scanned I got the same 16 Trojan infections found on my desktop. After quarantining then I did NOT reboot. Avast continued to work; I did a scan with it. When I rescanned with SAS it showed that nothing was found.

However, back to my desktop, where the problem doesn't seem to be going away. It seems to have gotten rid of the problem on my little laptop, but not on my desktop. I just opened SAS again and clicked to scan. It is finding the problems all over again and I've got the warning again.

I can't seem to attach a file here. Every time I try it says: Error The server returned an error during upload.

Update: I downloaded and installed the updates mentioned above, but so far SAS is still finding 3 of these Trojans.

Update: I ran SAS yet again and this time it came out clear. Now I just hope when I have to restart it doesn't disable my Avast again.

Share this post


Link to post
Share on other sites

Trust the selected items and re-scan. You may have to re-install Avast if SAS has cleaned it already to replace missing files.You may not be able to trust items once they have been cleaned. uninstall Avast, Uninstall SAS. Re-install Avast first, then re- install SAS, Run scan and then you can trust items.

Share this post


Link to post
Share on other sites

Hi All,

We're still investigating what happened in the release procedure to cause this false positive issue. The offending definitions have been removed completely from the database.

My sincerest apologies for the false alarm. :-(

Thanks,

Geoff

Share this post


Link to post
Share on other sites

I posted earlier. Thought everything was ok. Then I had to do a restart and after that Avast is again completely disabled.

I'm running a scan with SAS right now.

It did not find any of these avast-related Trojans so I don't know what's going on.

I guess I will uninstall SAS, uninstall Avast again and then reinstall both and see what happens.

UPDATE: I just un- and reinstalled Avast for the second time today, and un- and reinstalled SAS. I did a scan with SAS and all was ok. Now I'm going to do a restart again and if I have to start this process for a third time I may have to say good-bye to SAS.

Share this post


Link to post
Share on other sites

try this, right click on the SAS bug in the tray, select "View Blocked Spyware Applications" and see if SAS is still blocking Avast. Mine was and I selected it and said to unblock it.

Share this post


Link to post
Share on other sites

Hi guyz, i am here also for saying something about Trojan.Agent/Gen-Siggen. I have been also infected by this trojan. It is very critical and also it is very difficult to remove from PC. But, i have a solution by which i have completely removed this trojan from my PC. I hope all of you can also remove this threat from your PC with this process. The process is:

  • You have to update your PC by regularly applying patches and fixes provided by windows.
  • You should have a powerful antivirus program installed and updated.
  • You have to install a strong firewall program in your security system.

By these tricks, you can get rid of this vicious threats completely.

Link removed - Moderator

Edited by GuiltySpark
shameless self prom

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.