Jump to content
Sign in to follow this  
TheKid7

Trojan.Agent/Gen-UsrMgr - Wubi Windows Installer

Recommended Posts

Yesterday, I downloaded the LinuxMint 10 RC ISO image and burned it to a CD on one of my Windows XP Pro PC's. Upon finishing the burn process, I opened the CD/DVD burner tray to remove the CD. Immediately I got some sort of message something about pyrun.exe and No Disk. I was unable to close the message. I tried to close it with Windows Task Manager but it still would not close. I wound up restarting the PC to get rid of the message.

This morning I ran a scan with SAS Free and it said that it detected a Trojan in a Temp folder. I uploaded the two suspect Trojan files to VirusTotal and the only positive was SAS. I decided to Quarantine the suspect files with SAS. The suspect files showed LinuxMint icons.

Is this a real Trojan or a false positive?

After doing some research I found that these files most likely are part of the Wubi Windows Installer Program.

Thanks in Advance.

SAS Log:

Trojan.Agent/Gen-UsrMgr

C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\TEMP\PYL11B2.TMP\PYLAUNCHER.EXE

C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\TEMP\PYL11B2.TMP\PYRUN.EXE

C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\TEMP\PYL11B2.TMP.EXE

Share this post


Link to post
Share on other sites

Welcome to the SAS forum kid:)

Those files are FP's

Release them from quarantine and restart the computer. Make sure SAS is fully updated and run a complete scan. If they still show when the scan completes, you'll have the option to submit those files as FP's.

Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×