Mattech

As feedback MRT came back clear, therfore SAS Quarantine on the second time (because of restore not SAS) seems to have succeeded again. I did not submit it as FP in the end as i wanted to play it safe and just remove it. Let just hope the odd system repair was a one off...

Its running full scan now. Fingers crossed it doesn't take too long. Thanks for your quick response.

Okay well SAS conducted the removal. However a couple of days later i did another scan revealing a clean system (apart from a couple of tracking cookies) then when i rebooted my PC went into 'SystemRepair' start up. The repair did a 'System Restore'. So i re-scanned and it revealed the Trojan that went into Quarantine had once again appeared. As did another unwanted file. I'm kind of thinking 3 possibilities. Either the Trojan is clever and caused the re-store itself however if it was Quarantined surely this would not happen. Or my second guess is that this just 'happened' due to a bad update etc. And third is that this is a FP and putting it into Quarantine is causing issues. At the end of this scan i will report the file as a FP for investigation but for reference it is under the following pathway: 'C:\PROGRAMDATA\INSTALLMATE\ and so on a number of letters and numbers ending in SETUP.DLL'. It appears twice under this name, 'Installmate' appears to be an installation programme well respected on the net. This Trojan does not appear to have ever come under this pathway. GUILTY SPARK - I do not understand your MRT instructions? Please expand? Thanks again.

Hi all, For some reason recently after conducting a update on my SAS free and then doing a scan, despite my antivirus running realtime, scanning daily, like today SAS happened to come across the Trojan aforementioned in my topic name. I did a little bit of research on its characteristics i.e. browser manipulation (IE and FF), internet slowdown and the other little treats that come with Trojans none of which i was experiencing. It also came attached in a Program i have no knowledge of on my PC. However SAS happily quarantined it, i scanned again, came back clean, then ran my AV which also came back clean. I don't think the fact i was using Avant browser made any difference, i just generally thing this is a FP as it featured in one of the latest updates. Although my knowledge of how to pick out FP's isn't very good and i was hoping that the SAS community could help enlighten me also. Thanks