Jump to content
Samantha83

Trojan.Agents. detected

Recommended Posts

Hi,

This morning when I ran my usual SAS quick scan, it showed the following results:

Trojan.Agent/Gen-Siggen [1 item found]

Trojan.Agent/ Gen-Agent [2 items found]

Trojan.Agent/Gen-Agent-Small [2 items found]

I removed and restated the computer, as directed, but they're still showing up in the complete scan...which

I'm now running. Also, my Avast! Antivirus has been disabled...I can't get it going again.

Right now I'm waiting for the complete SAS scan to finish. But what can I do to completely eliminate these trojans? I disconnected the computer from the Internet and currently using an iPad.

Should I run complete scans of Malwarebytes and Spybot too?

Thanks,

- Sam

Share this post


Link to post
Share on other sites

Sam these are False Possitives and shoud not be Removed. Its always good practice to look at what it wants to Remove before you Remove them. Easiest way to fix this is to Uninstall Avast and Reinstall it.

I have been getting the same issues my customers have been calling me all morning due to this issue. Plz fix this I Recommend this Product and Avast to all my costumers . I can't have SAS or AVAST fighting and disabling each other This not only henders my customers but also hurts my Reputation Seeing that i Recommend It to all my customers . Seeing that I reconmend the product to them I have to back it so this will be a day of no pay. Seeing that I will be ReInstalling Avast on several Computers that I Service.

Share this post


Link to post
Share on other sites

Thanks, SouthernKitty

You're right. After the first SAS scan, I removed the "false positives" as well as Avast! The strange thing is that the SAS scans are still detecting the same false positives. Since Avast! was removed via SAS, could it be that there are still remnants?

I'll try uninstalling via my programs.

Is Avast! safe to reinstall?

Share this post


Link to post
Share on other sites

Thank you so much, SouthernKitty!

I think the reinstall was successful! Although I can't remember how to add the Avast! Sidebar to my desktop...

This whole thing took a few years off my life, hopefully it's sorted out now.

Share this post


Link to post
Share on other sites
jadinolf   

Thanks for the mess, SAS. Now my main (Windows 7) computer will not connect to any server besides gmail- no mail, no Internet.

I have 6 SAS Pro licenses. A lot of good they are doing me.

If anyone can help me connect to servers, it would be greatly appreciated. I can't seem to do it on my own. :x

Yes, I have uninstalled SAS.

Share this post


Link to post
Share on other sites

Thanks for helping me, SouthernKitty, xo

The SAS 9777 update has been installed, but I'm still seeing the same Tojans...two of them at least. (I'll take another look.)

This is what shows up (even after the update)

Core Rules Database Version : 9777

Trace Rules Database Version: 7589

Trojan.Agent/Gen-Siggen

HKLM\System\CurrentControlSet\Services\ASWFSBLK

C:\WINDOWS\SYSTEM32\DRIVERS\ASWFSBLK.SYS

HKLM\System\CurrentControlSet\Enum\Root\LEGACY_ASWFSBLK

Share this post


Link to post
Share on other sites

Ok, thanks! I just removed a tracking cookie. :)

So just to be sure, those Trojans that still show up in the scan are really and truly false positives? I don't know why the update worked for some but not for everyone...

You're fabulous, btw! :D

Share this post


Link to post
Share on other sites

Thank you! I'll keep checking SAS for updates.

(I've been so nervous about this, I completely forgot to have coffee today!) :P

*Edit* Update 9778 has just been released. It seems to have taken care of things.

Share this post


Link to post
Share on other sites
geoff   

Hi All,

We're still investigating what happened in the release procedure to cause this false positive issue. The offending definitions have been removed completely from the database.

My sincerest apologies for the false alarm. :-(

Thanks,

Geoff

Share this post


Link to post
Share on other sites
robinb9   

Hi All,

We're still investigating what happened in the release procedure to cause this false positive issue. The offending definitions have been removed completely from the database.

My sincerest apologies for the false alarm. :-(

Thanks,

Geoff

After your last update one of my clients had same problem but worse, because Superantispyware quarantined those files that are avast, it crippled avast. I had to repair avast, and when I did, avast claimed Superantispyware was a rootkits and wanted to quarantine it, I wound up uninstalling avast uninstalling Superantispyware , I then put on kingsoft antivirus to make sure the computer was actually clean. Which it was, this was terrible because of this disaster, the computer kept crashing. This is a doctors computer with very important client info on it running Superantispyware pro and avast pro. When I uninstalled avast and reinstalled it since it is a paid version, Superantispyware went nuts, so I had to uninstall both of them and I could not even charge the client because I recommended him to buy Superantispyware , and it was the culprit not avast. This all happened on the dec 21.

When I learned the problem was Superantispyware I uninstalled it and reinstalled avast and everything calmed down. I waited until I saw you did an update to fix it and was going to reinstall Superantispyware but my client refused it because this is the second time this has happened, the first was when you put out an update a few months ago and almost all my clients wound up with 300 FP's

And worse I now lost this client over this mess

So thank you Superantispyware. Before nick sold the company, this hardly ever happened, I really like your program but you need to test these updates before you put them out

If this continues to happen I will have no recourse to stop selling it

My reputation is at stake here and I cannot loose anymore clients over this

Robin

Share this post


Link to post
Share on other sites
HiroPro   

Avast! is up and running again, Malwarebytes and Spybot are clean. But even after the latest SAS updates, it's still showing the same Trojans. Should I uninstall SAS for now?

Are you aware that SAS can have exclusions !!!

I set all my AV and malware protection to exclude the app directories, %appdata% folder and quarantine location of each others software footprint.

IMHO this is a NO BRAINER software policy and one I thought most IT people were aware of but it appear to not be the case. Why do you people even think the exclusion functionality is even there in practically ALL AV/malware protection software !!!

Share this post


Link to post
Share on other sites
HiroPro   

After your last update one of my clients had same problem but worse, because Superantispyware quarantined those files that are avast, it crippled avast. I had to repair avast, and when I did, avast claimed Superantispyware was a rootkits and wanted to quarantine it, I wound up uninstalling avast uninstalling Superantispyware , I then put on kingsoft antivirus to make sure the computer was actually clean. Which it was, this was terrible because of this disaster, the computer kept crashing. This is a doctors computer with very important client info on it running Superantispyware pro and avast pro. When I uninstalled avast and reinstalled it since it is a paid version, Superantispyware went nuts, so I had to uninstall both of them and I could not even charge the client because I recommended him to buy Superantispyware , and it was the culprit not avast. This all happened on the dec 21.

When I learned the problem was Superantispyware I uninstalled it and reinstalled avast and everything calmed down. I waited until I saw you did an update to fix it and was going to reinstall Superantispyware but my client refused it because this is the second time this has happened, the first was when you put out an update a few months ago and almost all my clients wound up with 300 FP's

And worse I now lost this client over this mess

So thank you Superantispyware. Before nick sold the company, this hardly ever happened, I really like your program but you need to test these updates before you put them out

If this continues to happen I will have no recourse to stop selling it

My reputation is at stake here and I cannot loose anymore clients over this

Robin

How about this Robin...

You learn how to use the features of SAS and create exclusions for the AVAST! files and quarantine location.

Any IT person worth their salt would have already done this no !?!

:rolleyes:

Share this post


Link to post
Share on other sites
HiroPro   

After your last update one of my clients had same problem but worse, because Superantispyware quarantined those files that are avast, it crippled avast. I had to repair avast, and when I did, avast claimed Superantispyware was a rootkits and wanted to quarantine it, I wound up uninstalling avast uninstalling Superantispyware , I then put on kingsoft antivirus to make sure the computer was actually clean. Which it was, this was terrible because of this disaster, the computer kept crashing. This is a doctors computer with very important client info on it running Superantispyware pro and avast pro. When I uninstalled avast and reinstalled it since it is a paid version, Superantispyware went nuts, so I had to uninstall both of them and I could not even charge the client because I recommended him to buy Superantispyware , and it was the culprit not avast. This all happened on the dec 21.

When I learned the problem was Superantispyware I uninstalled it and reinstalled avast and everything calmed down. I waited until I saw you did an update to fix it and was going to reinstall Superantispyware but my client refused it because this is the second time this has happened, the first was when you put out an update a few months ago and almost all my clients wound up with 300 FP's

And worse I now lost this client over this mess

So thank you Superantispyware. Before nick sold the company, this hardly ever happened, I really like your program but you need to test these updates before you put them out

If this continues to happen I will have no recourse to stop selling it

My reputation is at stake here and I cannot loose anymore clients over this

Robin

I hate to say it but man... SAS is not very good for realtime protection. Infact it's so poor I don't even use it for such though I haven't lab tested the newest builds. IMHO a much better solution for your Doctor client is the following.

Eset NOD32

MBAM pro for realtime and content filtering.

Outpost Pro firewall if needed and not to complex for user

SAS for ondemand scanning based on a schedual that scans before system backup

Hitman pro for ondemand scanning based on a schedual that scans before weekly full image backup

Also create exclusion rules for each program to ignor the files and quarantines of the other applications. This is what I do for my clients and I have never experienced FP issues due to the fact I don't allow each program to even scan the file footprint of each other's installation.

Another thing I do for my clients is get them to open a OpenDNS account. By using their DNS servers for your client you can then take advantage of their domain/URL filtering. Site that host malware simply will not be accessable due to DNS lookup filtering by OpenDNS. Many many tier 1 outfits and major corporations use OpenDNS for this very reason alone!

I have not seen a client become infected using this methodology and software in almost 4 years !!!

PS they are all Win7 X64 systems though... I can't believe people in a business environment are still using XP considering it's piss poor security and unstablility.

Share this post


Link to post
Share on other sites
HiroPro   

After your last update one of my clients had same problem but worse, because Superantispyware quarantined those files that are avast, it crippled avast. I had to repair avast, and when I did, avast claimed Superantispyware was a rootkits and wanted to quarantine it, I wound up uninstalling avast uninstalling Superantispyware , I then put on kingsoft antivirus to make sure the computer was actually clean. Which it was, this was terrible because of this disaster, the computer kept crashing. This is a doctors computer with very important client info on it running Superantispyware pro and avast pro. When I uninstalled avast and reinstalled it since it is a paid version, Superantispyware went nuts, so I had to uninstall both of them and I could not even charge the client because I recommended him to buy Superantispyware , and it was the culprit not avast. This all happened on the dec 21.

When I learned the problem was Superantispyware I uninstalled it and reinstalled avast and everything calmed down. I waited until I saw you did an update to fix it and was going to reinstall Superantispyware but my client refused it because this is the second time this has happened, the first was when you put out an update a few months ago and almost all my clients wound up with 300 FP's

And worse I now lost this client over this mess

So thank you Superantispyware. Before nick sold the company, this hardly ever happened, I really like your program but you need to test these updates before you put them out

If this continues to happen I will have no recourse to stop selling it

My reputation is at stake here and I cannot loose anymore clients over this

Robin

You install avast and MSE at the SAME TIME !?! (I don't think the hooks for each can work at the same time buddy)

I don't think that's a good idea at all to install two AV programs at the same time.

Also don't crap all over SAS because you are to stupid to learn to use it's functionality like for example exclusions. If you had IT skill more than simply installing the friggin software then you would have created exclusions that simply made SAS completely ignore your beloved Avast's files and you would have never had the problem in the first place.

I suggest you switch to a new security methodology and software.

Eset NOD32

MBAM Pro realtime

Outpost Pro firewall

SAS Pro scheduled scan before each incremental backup

HitmanPro scheduled scan before weekly full backup

OpenDNS dns services

This is what I use with clients and I've never had a FP render a machine inoperable nor mess with other AV software nor even an infection in like... YEARS. The thing is though buddy I know how to use the software properly with skills above that of an luser luddite thus I create exclusions between the various apps so they don't conflict with each other or scan each others files or quarantines. Also all my clients are on Win7 X64 not XP win32 like so many foolish outfits are still using. Bloody masochists if you ask me !

Share this post


Link to post
Share on other sites
robinb9   

don't you dare tell me how to set up stuff, I have been in this business for 20 years, have beta tested software for antispyware and antivirus programs that long also. I do know you cannot run 2 antivirus protections together. MSE was not even on this machine and if you read my post correctly you would see I ran Kingsoft, and if you knew about kingsoft antivirus program you would learn you can run it with another AV- go to the website and see for yourself.

As for excluding an antispyware in Superantispyware or visa versa, you should not have to do that. I have been running Superantispyware since it came out and never had to exclude it from the antivirus program or visa versa. The program should just work. and besides the company states it can run along side other antivirus programs so why exlcude it if the company claims there are no problems. Of course if Superantispyware stated it on their help site on their website you need to exclude iits files from being scanned by Avast or another antivirus program of course I would set it up. that way.

Share this post


Link to post
Share on other sites

So if there was a fix recently, I am still getting this trojan to show up, and it seems like it isn't in the avast folder, but tell me if I'm wrong. So what should I do about this?

Scan Log

http://www.superantispyware.com

Generated 01/07/2013 at 09:41 AM

Application Version : 5.6.1014

Core Rules Database Version : 9834

Trace Rules Database Version: 7646

Scan type : Complete Scan

Total Scan Time : 00:25:46

Operating System Information

Windows 7 Professional 64-bit, Service Pack 1 (Build 6.01.7601)

UAC On - Limited User

Memory items scanned : 699

Memory threats detected : 0

Registry items scanned : 71667

Registry threats detected : 0

File items scanned : 44043

File threats detected : 1

Trojan.Agent/Gen-Siggen

C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\23.0.1271.97\AVFORMAT-54.DLL

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×