Trojan.Agent/Gen-UsrMgr - Wubi Windows Installer

[TheKid7]

Yesterday, I downloaded the LinuxMint 10 RC ISO image and burned it to a CD on one of my Windows XP Pro PC's. Upon finishing the burn process, I opened the CD/DVD burner tray to remove the CD. Immediately I got some sort of message something about pyrun.exe and No Disk. I was unable to close the message. I tried to close it with Windows Task Manager but it still would not close. I wound up restarting the PC to get rid of the message.

This morning I ran a scan with SAS Free and it said that it detected a Trojan in a Temp folder. I uploaded the two suspect Trojan files to VirusTotal and the only positive was SAS. I decided to Quarantine the suspect files with SAS. The suspect files showed LinuxMint icons.

Is this a real Trojan or a false positive?

After doing some research I found that these files most likely are part of the Wubi Windows Installer Program.

Thanks in Advance.

SAS Log:

Trojan.Agent/Gen-UsrMgr

C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\TEMP\PYL11B2.TMP\PYLAUNCHER.EXE

C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\TEMP\PYL11B2.TMP\PYRUN.EXE

C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\TEMP\PYL11B2.TMP.EXE

[Seth]

Welcome to the SAS forum kid:)

Those files are FP's

Release them from quarantine and restart the computer. Make sure SAS is fully updated and run a complete scan. If they still show when the scan completes, you'll have the option to submit those files as FP's.

Thanks!