TheKid7 Posted November 13, 2010 Yesterday, I downloaded the LinuxMint 10 RC ISO image and burned it to a CD on one of my Windows XP Pro PC's. Upon finishing the burn process, I opened the CD/DVD burner tray to remove the CD. Immediately I got some sort of message something about pyrun.exe and No Disk. I was unable to close the message. I tried to close it with Windows Task Manager but it still would not close. I wound up restarting the PC to get rid of the message. This morning I ran a scan with SAS Free and it said that it detected a Trojan in a Temp folder. I uploaded the two suspect Trojan files to VirusTotal and the only positive was SAS. I decided to Quarantine the suspect files with SAS. The suspect files showed LinuxMint icons. Is this a real Trojan or a false positive? After doing some research I found that these files most likely are part of the Wubi Windows Installer Program. Thanks in Advance. SAS Log: Trojan.Agent/Gen-UsrMgr C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\TEMP\PYL11B2.TMP\PYLAUNCHER.EXE C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\TEMP\PYL11B2.TMP\PYRUN.EXE C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\TEMP\PYL11B2.TMP.EXE Share this post Link to post Share on other sites
Seth Posted November 13, 2010 Welcome to the SAS forum kid:) Those files are FP's Release them from quarantine and restart the computer. Make sure SAS is fully updated and run a complete scan. If they still show when the scan completes, you'll have the option to submit those files as FP's. Thanks! Share this post Link to post Share on other sites