gearyboy Posted January 11, 2012 Hi there Like a couple of other users on this forum, have come across a backdoor agent that none of the programs I've tried so far seem to completely remove. (It's the one in that ends up in the registry) Below is a copy of the scan log from one of my original attempts using your Pro trial software. Each time I delete it using the SAS software, another scan reveals it's still there, albeit with a slightly different title - at least SAS spots it, other software tried doesnt even tell me it's there! Same trojan tho. Not sure if it's a coincidence but my AVG won't function properly and Microsoft Security Essentials and Windows Firewall are unable to start or be updated (window updates fail too). Might there be a diagnostic solution to this one? Running out of possible ideas for getting rid of it, hope you can help! SUPERAntiSpyware Scan Log https://www.superantispyware.com Generated 01/11/2012 at 04:58 PM Application Version : 5.0.1142 Core Rules Database Version : 8121 Trace Rules Database Version: 5933 Scan type : Quick Scan Total Scan Time : 00:08:11 Operating System Information Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002) UAC On - Limited User (Administrator User) Memory items scanned : 749 Memory threats detected : 0 Registry items scanned : 64823 Registry threats detected : 1 File items scanned : 8003 File threats detected : 0 Malware.Trace HKU\S-1-5-21-210253645-849558031-2135496171-1000\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON#SHELL Thanks in advance! Matthew Share this post Link to post Share on other sites
SAS Customer Service Posted January 11, 2012 Hi Matthew, Create a ticket at www.superantispyware.com/csr so I can send you a diagnostic and we can check out the shell value. Share this post Link to post Share on other sites
GJbean Posted January 23, 2012 Hi there Like a couple of other users on this forum, have come across a backdoor agent that none of the programs I've tried so far seem to completely remove. (It's the one in that ends up in the registry) Below is a copy of the scan log from one of my original attempts using your Pro trial software. Each time I delete it using the SAS software, another scan reveals it's still there, albeit with a slightly different title - at least SAS spots it, other software tried doesnt even tell me it's there! Same trojan tho. Not sure if it's a coincidence but my AVG won't function properly and Microsoft Security Essentials and Windows Firewall are unable to start or be updated (window updates fail too). Might there be a diagnostic solution to this one? Running out of possible ideas for getting rid of it, hope you can help! SUPERAntiSpyware Scan Log https://www.superantispyware.com Generated 01/11/2012 at 04:58 PM Application Version : 5.0.1142 Core Rules Database Version : 8121 Trace Rules Database Version: 5933 Scan type : Quick Scan Total Scan Time : 00:08:11 Operating System Information Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002) UAC On - Limited User (Administrator User) Memory items scanned : 749 Memory threats detected : 0 Registry items scanned : 64823 Registry threats detected : 1 File items scanned : 8003 File threats detected : 0 Malware.Trace HKU\S-1-5-21-210253645-849558031-2135496171-1000\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON#SHELL Thanks in advance! Matthew Is there a solution yet? Share this post Link to post Share on other sites
GJbean Posted January 23, 2012 Hi is there a fix for this yet? thanks. Share this post Link to post Share on other sites
SAS Customer Service Posted January 23, 2012 I don't believe he ever created a ticket, if you are having the same issue please create a ticket and I'll send you the diagnostic. Share this post Link to post Share on other sites
Kilraha Posted January 24, 2012 Hi Matthew, Create a ticket at www.superantispyware.com/csr so I can send you a diagnostic and we can check out the shell value. Hi, I have a similar problem with this WINLOGON shell. Am using AVAST which Action Center could not see and my research led me to this forum. I created a ticket so hopefully you can help. Larry Share this post Link to post Share on other sites
GuiltySpark Posted January 26, 2012 Hi Gearyboy and others , If its a reappearing trojan the best thing to do would be to momentarily turn off System Restore, then run SAS in safe mode, restart, re-run SAS if no trojans are found turn on System Restore and run SAS one last time. Share this post Link to post Share on other sites
Kilraha Posted January 26, 2012 Hi GuiltySpark, Is the restart after safe mode a normal restart or is all of the above in safe mode? Share this post Link to post Share on other sites
GuiltySpark Posted January 26, 2012 Hi Kilraha , Re-start after safe mode is Normal mode. Share this post Link to post Share on other sites
Kilraha Posted January 29, 2012 Thanks for the tip GuiltySpark but unfortunately this malware just keeps on coming back. I tried several times with protection off but as soon as I log on the malware is created everytime. I did open a ticket and had SAS customer care look at it and after running some diagnostics they say they cannot find anything wrong. They advise to put it on the "Trust/allow" list. Not sure I like this idea to much but then again I am no expert. Is this what they call a false positive? Regarding symptoms of this particular reported Malware I have no idea of what to look out for. Everything appears to be normal but is it really. If anybody else has this particular problem and is is aware of acute symptoms then perhaps they can share them. I would like to get to the bottom of this and understand what happened so I can have confidence in my use of it. All advise appreciated. Thanks, Share this post Link to post Share on other sites
GuiltySpark Posted January 29, 2012 Kilraha , I understand your concern however if SAS customer... say it's nothing to worry about then you may have to accept this, just make sure you have a decent Anti Virus program running Real time protection and with a built in Behaviour monitor. Share this post Link to post Share on other sites
Kilraha Posted January 29, 2012 GuiltySpark, I fell happy enough about accepting it ..... cause I actually believe this happened sometime ago. I came across the Malware by accident when researching an issue with Action Center not detecting my AV (this is how I came by SuperAntiSpyware) so I thing its been there for some time. I user Avast and I'm happy with that too. solved the Action Center problem by using Avast uninstall tool and re-installing again. All the same I'll continue to research as I learning quiet a bit too and that's not a bad thing now is it:). Share this post Link to post Share on other sites
SAS Customer Service Posted January 30, 2012 The detection in itself is not a threat, it is a sign or "trace" of malware, which in this case seemed to be a false positive as we were unable to find anything out of the ordinary in the diagnostic. Share this post Link to post Share on other sites
Kilraha Posted January 30, 2012 Thanks for the confirmation - puts my mind at ease. Share this post Link to post Share on other sites