tycho90213 Posted June 21, 2009 Today I ran the latest version of SAS with the latest updates on a friend's infected computer, and in addition to finding some malware, it also flagged C:\Windows\System32\MSVCRT.DLL as Trojan.Agent/Gen-MSFake. It was checked to be removed by default, and I allowed it to be deleted along with some other files. Upon reboot, I immediately received a BSOD with the following message: STOP: c000021a {Fatal System Error} The windows Logon Process system process terminated unexpectedly with a status of 0xc0000135 (0x00000000 0x00000000). The system has been shut down. I spent over 4 hours trying to debug what had gone wrong. Safe mode and Last Known Good Configuration all resulted in the same error. After much searching, I narrowed the error down to the fact that MSVCRT.DLL was missing. Using Ubuntu to replace the file, viola!, the system booted fine. I submitted the quarantined MSVCRT.DLL to both Jotti and Virustotal (File size: 343040 bytes, MD5: b0fefa816d61ec66aa765ddf534eab5e), and both gave it a clean bill of health. I can see nothing wrong with the file. I even re-ran SAS on the now clean system, and it still flags MSVCRT.DLL as infected. Please rectify this false-positive as soon as possible, as I fear that people with less technical skills may entirely lose their Win XP installation in the process. Thank you! Share this post Link to post Share on other sites
khakiman Posted June 21, 2009 Same here. Superantispyware detected C:\Windows\System32\MSVCRT.DLL and reported it as Trojan.Agent/Gen-MSFake. Fortunately, I did not delete it. Scans by Avira and Malwarebytes of same file were clean. Is this a false positive? Share this post Link to post Share on other sites
prairie dog Posted June 21, 2009 If you take it out of Quarantine it goes back like it was before? When you restore it out of quarantine it will go back to the proper location Share this post Link to post Share on other sites
khakiman Posted June 22, 2009 It's all well and good that you learned something, but it would be more helpful if the developer folks at SAS actually told us whether it was in fact a FP. Since three users have already written about the problem over the last couple of days, I would think that a response would be in order. Share this post Link to post Share on other sites
khakiman Posted June 22, 2009 This was already sent in (yesterday) and I am still awaiting a reply! Share this post Link to post Share on other sites
khakiman Posted June 22, 2009 Thank you SAS development team and thank you fellow posters for helping get this corrected. Share this post Link to post Share on other sites
jposa002 Posted December 23, 2009 Hi I'm new to this forum. I need help. I perfomed a search on trojan.agent/gen-fake an this is the closet post I got. Just wondering. I was infected by the above trojan, I'm running Windows xp on my EE notebook. I think it gave me a bogus security message I selected not to block and then it took me to some porn website. I did a scan right away and the sas quarantined it, I removed it from quarantine, don't know if I did the right thing. The scan I perfomed also quarantined rogue.agent/gen. My internet explorer was affected its blocking all internet traffic, except any sites that start with https, ie banks, att wireless account. I have performed both with SAS and AVG a complete system scan, and it has been clean except for the cookies. My question is can I fix the internet issue? If so how? Thank you. Share this post Link to post Share on other sites
SUPERAntiSpy Posted December 28, 2009 Hi I'm new to this forum. I need help. I perfomed a search on trojan.agent/gen-fake an this is the closet post I got. Just wondering. I was infected by the above trojan, I'm running Windows xp on my EE notebook. I think it gave me a bogus security message I selected not to block and then it took me to some porn website. I did a scan right away and the sas quarantined it, I removed it from quarantine, don't know if I did the right thing. The scan I perfomed also quarantined rogue.agent/gen. My internet explorer was affected its blocking all internet traffic, except any sites that start with https, ie banks, att wireless account. I have performed both with SAS and AVG a complete system scan, and it has been clean except for the cookies. My question is can I fix the internet issue? If so how? Thank you. Try our repairs section in SUPERAntiSpyware's Preferences. Share this post Link to post Share on other sites