Jump to content
rl22

Gromozon trojan?

Recommended Posts

SAS quick scan shows 11 instances of The trojan Gromozon. After selecting "remolve threats" and rebooting, all 11 show up again.

I searched SAS web site for an explanation but only found one forum question concerning Gromozon from 2006 which was unaswered.

No other virus/malware scan from other vendors shows an infection.

SUPERAntiSpyware Scan Log

https://www.superantispyware.com

Generated 07/18/2012 at 11:44 AM

Application Version : 5.1.1002

Core Rules Database Version : 8919

Trace Rules Database Version: 6731

Scan type : Quick Scan

Total Scan Time : 00:07:15

Operating System Information

Windows Vista Home Premium 32-bit (Build 6.00.6000)

UAC Off - Administrator

Memory items scanned : 484

Memory threats detected : 0

Registry items scanned : 27237

Registry threats detected : 0

File items scanned : 6695

File threats detected : 11

Trojan.Gromozon (RootKit)

C:\USERS\PAVILION\DESKTOP\THUMBS.MS\COM1.{D3E34B21-9D75-101A-8C3D-00AA001A1652}\?ã.\LASTF\360AMIGO SYSTEM SPEEDUP.LNK

C:\USERS\PAVILION\DESKTOP\THUMBS.MS\COM1.{D3E34B21-9D75-101A-8C3D-00AA001A1652}\?ã.\LASTF\DOCCHECKLIST.PDF

C:\USERS\PAVILION\DESKTOP\THUMBS.MS\COM1.{D3E34B21-9D75-101A-8C3D-00AA001A1652}\?ã.\LASTF\FREE WINDOW REGISTRY REPAIR.LNK

C:\USERS\PAVILION\DESKTOP\THUMBS.MS\COM1.{D3E34B21-9D75-101A-8C3D-00AA001A1652}\?ã.\LASTF\INSTRUCTIONS_FOR_THEWORK.PDF

C:\USERS\PAVILION\DESKTOP\THUMBS.MS\COM1.{D3E34B21-9D75-101A-8C3D-00AA001A1652}\?ã.\LASTF\OPENOFFICE.ORG 3.0 (EN-US) INSTALLATION FILES\LICENSES\LICENSE_EN-US.HTML

C:\USERS\PAVILION\DESKTOP\THUMBS.MS\COM1.{D3E34B21-9D75-101A-8C3D-00AA001A1652}\?ã.\LASTF\OPENOFFICE.ORG 3.0 (EN-US) INSTALLATION FILES\READMES\README_EN-US.HTML

C:\USERS\PAVILION\DESKTOP\THUMBS.MS\COM1.{D3E34B21-9D75-101A-8C3D-00AA001A1652}\?ã.\LASTF\OPENOFFICE.ORG 3.0 (EN-US) INSTALLATION FILES\SETUP.EXE

C:\USERS\PAVILION\DESKTOP\THUMBS.MS\COM1.{D3E34B21-9D75-101A-8C3D-00AA001A1652}\?ã.\LASTF\ORBIT.LNK

C:\USERS\PAVILION\DESKTOP\THUMBS.MS\COM1.{D3E34B21-9D75-101A-8C3D-00AA001A1652}\?ã.\LASTF\PASSWORD-FOLDER-SETUP-BETA.EXE

C:\USERS\PAVILION\DESKTOP\THUMBS.MS\COM1.{D3E34B21-9D75-101A-8C3D-00AA001A1652}\?ã.\LASTF\RADIOSURE.LNK

C:\USERS\PAVILION\DESKTOP\THUMBS.MS\COM1.{D3E34B21-9D75-101A-8C3D-00AA001A1652}\?ã.\LASTF\USB SAFEGUARD (J).LNK

Share this post


Link to post
Share on other sites

Thanks for the response. I had tried the Prevx tool and it found no infection. I don't experience any anomalies with web sites so, I don't "believe" I am infected.

I'll assume SAS is messed up.

Share this post


Link to post
Share on other sites

If you use the built-in false positive reporter on the summary screen, it will send information to our definitions team about those items and if they are false positives they will be corrected.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...