Jump to content
robinb9

Is this a false positive?

Recommended Posts

i just checked 3 client machines and found superantispyware - torjan.agent/genmsfalse

2 are xp media center and are totally different

and both machines are in two different locations and have absolutely nothing to do with each other

1 is a vista home premium (mine)

this seems to have happened after the last update 6/20/09

I just scanned my vista on thursday and it was clean. Machine was off all weekend and did an update this morning so i figured let me test it and do a full scan. sure enough the trojan is on it with the same exact files

I am still doing the vista scan but i will put the log in when done. The others are sitting in quarantine

1st machine log- xp media center sp3:

SUPERAntiSpyware Scan Log

https://www.superantispyware.com

Generated 06/20/2009 at 04:14 PM

Application Version : 4.26.1004

Core Rules Database Version : 3949

Trace Rules Database Version: 1891

Scan type : Quick Scan

Total Scan Time : 00:14:51

Memory items scanned : 594

Memory threats detected : 0

Registry items scanned : 555

Registry threats detected : 0

File items scanned : 10599

File threats detected : 1

Trojan.Agent/Gen-MSFake

C:\I386\MSVCRT.DLL

2nd machine: xp media center sp3:

SUPERAntiSpyware Scan Log

https://www.superantispyware.com

Generated 06/22/2009 at 11:56 AM

Application Version : 4.26.1004

Core Rules Database Version : 3949

Trace Rules Database Version: 1891

Scan type : Complete Scan

Total Scan Time : 00:57:25

Memory items scanned : 512

Memory threats detected : 0

Registry items scanned : 6204

Registry threats detected : 0

File items scanned : 23745

File threats detected : 2

Trojan.Agent/Gen-MSFake

C:\I386\MSVCRT.DLL

C:\WINDOWS\$NTSERVICEPACKUNINSTALL$\MSVCRT.DLL

Share this post


Link to post
Share on other sites

here is the vista home premium's scans too

seems they all have the exact same file in question

SUPERAntiSpyware Scan Log

https://www.superantispyware.com

Generated 06/22/2009 at 12:59 PM

Application Version : 4.26.1004

Core Rules Database Version : 3949

Trace Rules Database Version: 1891

Scan type : Complete Scan

Total Scan Time : 01:22:41

Memory items scanned : 891

Memory threats detected : 0

Registry items scanned : 7790

Registry threats detected : 0

File items scanned : 41379

File threats detected : 3

Adware.Tracking Cookie

C:\Users\Robinb\AppData\Roaming\Microsoft\Windows\Cookies\robinb@atdmt[2].txt

Trojan.Agent/Gen-MSFake

C:\$INPLACE.~TR\MACHINE\DATA\WINDOWS\SYSTEM32\MSVCRT.DLL

C:\I386\MSVCRT.DLL

anyone else seeing this?

robin

Share this post


Link to post
Share on other sites

wonderful, i am remotely on the 4 computers that had it, just updated them and am running new scans. I will let you know either way

when they finish

robin

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×