Jump to content
Michelle_83

Trojan.Agent/Gen_Decay

Recommended Posts

Hi,

When I ran a full SAS scan this morning (the free version), it picked up a trojan.agent/gen_decay. It was placed in quarintine, and I restarted the computer. But when I ran the scan again (just to be sure it was removed), it picked up the same trojan again. If it helps, the second scan seemed to detect the trojan in the very same area as a tracking cookie. (I didn't pay attention to it the first time because I was too worried.)

Should I run scans from all other program ( Avast, Malwarebytes, etc...)?

Thank you!

Also, should I wait until I know what's going on before logging onto anything important?

Share this post


Link to post
Share on other sites

when are you doing an update because now i have 30 clients who have emailed me panicking thinking they have a trojan and I sent them out an email to restore it - so they did and it keeps popping up saying again there is a trojan!!

So far i see no update for it. I told them to every few hours manually check for updates and once the update comes in then restore it

robin

Share this post


Link to post
Share on other sites

the problem is it pops up right in your face like you were being attacked, they are not seeing it in a scan. And when (i went into 2 computers to see what was going on) and i restored it, 15 minutes later it popped up again and automatically quarantined it. It is not seeing it in a scan, I ran a quick scan and superantispyware did not see it. Seems it just pops up ramdonly.

robin

Share this post


Link to post
Share on other sites

I experienced the same frustrating problem while running a complete scan this evening. Two threats came up (Trojan Agent Gen-Decay). I followed the prompts on the screen and had it removed, rebooting the system. Ran another complete scan aftewards and still came up with the same two threats and one tracking cookie.

I also noticed since removing the "Trojan" , the dialog box which used to show the time and temperature in the upper right hand corner of the screen no longer shows up. Instead, it says my Internet connection is not connected. However, I can connect to the Internet. Does anyone know how to get this dialog box back? I am running Windows 7.

Thanks for any advice.

Share this post


Link to post
Share on other sites

This is a false positive meaning that item is being incorrectly detected. You can disregard that detection, it will no longer appear with the next update.

I experienced the same frustrating problem while running a complete scan this evening. Two threats came up (Trojan Agent Gen-Decay). I followed the prompts on the screen and had it removed, rebooting the system. Ran another complete scan aftewards and still came up with the same two threats and one tracking cookie.

I also noticed since removing the "Trojan" , the dialog box which used to show the time and temperature in the upper right hand corner of the screen no longer shows up. Instead, it says my Internet connection is not connected. However, I can connect to the Internet. Does anyone know how to get this dialog box back? I am running Windows 7.

Thanks for any advice.

This is one of the reasons there needs to be updates on weekends like they do during the week. When there is a False Positive reported it should immediatly be looked at and fixed! The last update was yesterday at 5:30AM PDT. :-(

Make Sure SAS is updated.

kimj, The answer to your question: Open SAS and go to your Quarantine files in SAS. Mark the ones you want to Restore and restore them. I would reboot after that.

Good Luck - Because sometimes security programs do not restore the right way or do not restore at all. I hope all the False Positives Restore and bring back the things that are missing.

Share this post


Link to post
Share on other sites

it is not going to work because i did this on every machine that has it included all 7 of mine so now the count is 47 machines have this false positive, as soon as you reboot it comes back as you see here

https://imgur.com/8EWxe

Please fix this now!!

robin

Share this post


Link to post
Share on other sites

Sorry to hear that it doesn't work Robin. :-(

Not a way to run a business: Leave everyone hang with False Positives on the weekend!

I HAVE UNINSTALLED SAS FROM ALL OF MY COMPUTERS UNTIL THIS COMPANY GETS ITS ACT TOGETHER!

Share this post


Link to post
Share on other sites

i am hoping one of them reads this today and applies a fix and if not first thing tomorrow. I have instructed all my clients to just wait for the update, once it comes restore the files it quarantined. Also if you try to open Acrobat reader it will crash because these files are being held by Superantispyware

I advised my clients not to open a pdf file till this is fixed.

This is real bad because i Have clients who are lawyers and accountants and almost everything comes to them in pdfs.

And i use pdfs too for my manuals, which btw i am working on one now and i cannot convert it to a pdf till this is finished so i am not a happy camper right now.

robin

Share this post


Link to post
Share on other sites

SAS Customer Service, back at the beginning of April, reported this as a False Positive. So an Updated version of SAS apparently requires something more than a fix over a weekend.. Since my SAS wasn't working and, via the trouble ticket, they had me uninstall then download an updated version which contains this same false positive, the trouble ticket is still open and I've asked for an explanation as to why the FP they knew about in April has not been fixed.. However, I think it strange they would have me download a version of the program they KNOW will yield a FP wihtout telling me it is false. I highly resent the time I spent investigating it. It's a worriesome situation when a company with a sterling reputation is so unresponsive to a problem like this.

Bahb

Share this post


Link to post
Share on other sites

SAS Customer Service, back at the beginning of April, reported this as a False Positive. So an Updated version of SAS apparently requires something more than a fix over a weekend.. Since my SAS wasn't working and, via the trouble ticket, they had me uninstall then download an updated version which contains this same false positive, the trouble ticket is still open and I've asked for an explanation as to why the FP they knew about in April has not been fixed.. However, I think it strange they would have me download a version of the program they KNOW will yield a FP wihtout telling me it is false. I highly resent the time I spent investigating it. It's a worriesome situation when a company with a sterling reputation is so unresponsive to a problem like this.

Bahb

This is not the same false positive. A false positive occurs when a definition meant to detect an infected item is instead detecting a good item, it is unrelated to the program version.

Share this post


Link to post
Share on other sites

6/17/12 at 4:19CST. I also had a "Trojan.Agent/Gen_Decay" finding from SAS. I had the time & had done things a bit differently since I wanted to know how long the different scan options would take. I updated SAS (only 7 days old). I ran a complete SAS scan with the option for not checking anything modified before the last 30 days. I deleted the 63 items found. I ran a quick scan. Found nothing. I then ran a 2nd complete scan and unchecked the 30 day option, which allowed checking modifications older than 30 days. This is when SAS found the Trojan.Agent/Gen_Decay item.

The two items found under Gen_Decay had the following data which I list without regards to trying to get caps correct: c:\Program Files(x86)\Adobe Reader 10.0...\reader_SL.EXE and the second items read: c:\Windows\Installer\$patchcache&\MA...Reader_SL.EXE. These were under the heading something like, "Critical threat. These items should be removed from your computer immediately."

I removed both items and rebooted the computer. Unlike some readers, after the reboot, I am still able to connect to the internet and my time/date display in Win7 as they normally do. Everything seems to be working normally. For the heck of it I then ran another complete SAS scan, including items modified more than 30 days ago with these findings: The scan took about 4 minutes longer than normal. Two tracking cookies were found, which is a case of SAS telling on itself since the only site I had connected to since the last scan & reboot was the SAS site. SAS does have an issue for which it needs to follow up & fix but, at least in my case, deleting the items found did not seem to have any negative effects.

Share this post


Link to post
Share on other sites

This is not the same false positive. A false positive occurs when a definition meant to detect an infected item is instead detecting a good item, it is unrelated to the program version.

well it is still a FP or something, when are you going to send up a fix for it since it seems all my clients are getting this so it is definetly not a trojan

robi

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

×
×
  • Create New...