Jump to content
rl22

Gromozon trojan?

Recommended Posts

SAS quick scan shows 11 instances of The trojan Gromozon. After selecting "remolve threats" and rebooting, all 11 show up again.

I searched SAS web site for an explanation but only found one forum question concerning Gromozon from 2006 which was unaswered.

No other virus/malware scan from other vendors shows an infection.

SUPERAntiSpyware Scan Log

https://www.superantispyware.com

Generated 07/18/2012 at 11:44 AM

Application Version : 5.1.1002

Core Rules Database Version : 8919

Trace Rules Database Version: 6731

Scan type : Quick Scan

Total Scan Time : 00:07:15

Operating System Information

Windows Vista Home Premium 32-bit (Build 6.00.6000)

UAC Off - Administrator

Memory items scanned : 484

Memory threats detected : 0

Registry items scanned : 27237

Registry threats detected : 0

File items scanned : 6695

File threats detected : 11

Trojan.Gromozon (RootKit)

C:\USERS\PAVILION\DESKTOP\THUMBS.MS\COM1.{D3E34B21-9D75-101A-8C3D-00AA001A1652}\?ã.\LASTF\360AMIGO SYSTEM SPEEDUP.LNK

C:\USERS\PAVILION\DESKTOP\THUMBS.MS\COM1.{D3E34B21-9D75-101A-8C3D-00AA001A1652}\?ã.\LASTF\DOCCHECKLIST.PDF

C:\USERS\PAVILION\DESKTOP\THUMBS.MS\COM1.{D3E34B21-9D75-101A-8C3D-00AA001A1652}\?ã.\LASTF\FREE WINDOW REGISTRY REPAIR.LNK

C:\USERS\PAVILION\DESKTOP\THUMBS.MS\COM1.{D3E34B21-9D75-101A-8C3D-00AA001A1652}\?ã.\LASTF\INSTRUCTIONS_FOR_THEWORK.PDF

C:\USERS\PAVILION\DESKTOP\THUMBS.MS\COM1.{D3E34B21-9D75-101A-8C3D-00AA001A1652}\?ã.\LASTF\OPENOFFICE.ORG 3.0 (EN-US) INSTALLATION FILES\LICENSES\LICENSE_EN-US.HTML

C:\USERS\PAVILION\DESKTOP\THUMBS.MS\COM1.{D3E34B21-9D75-101A-8C3D-00AA001A1652}\?ã.\LASTF\OPENOFFICE.ORG 3.0 (EN-US) INSTALLATION FILES\READMES\README_EN-US.HTML

C:\USERS\PAVILION\DESKTOP\THUMBS.MS\COM1.{D3E34B21-9D75-101A-8C3D-00AA001A1652}\?ã.\LASTF\OPENOFFICE.ORG 3.0 (EN-US) INSTALLATION FILES\SETUP.EXE

C:\USERS\PAVILION\DESKTOP\THUMBS.MS\COM1.{D3E34B21-9D75-101A-8C3D-00AA001A1652}\?ã.\LASTF\ORBIT.LNK

C:\USERS\PAVILION\DESKTOP\THUMBS.MS\COM1.{D3E34B21-9D75-101A-8C3D-00AA001A1652}\?ã.\LASTF\PASSWORD-FOLDER-SETUP-BETA.EXE

C:\USERS\PAVILION\DESKTOP\THUMBS.MS\COM1.{D3E34B21-9D75-101A-8C3D-00AA001A1652}\?ã.\LASTF\RADIOSURE.LNK

C:\USERS\PAVILION\DESKTOP\THUMBS.MS\COM1.{D3E34B21-9D75-101A-8C3D-00AA001A1652}\?ã.\LASTF\USB SAFEGUARD (J).LNK

Share this post


Link to post
Share on other sites

Thanks for the response. I had tried the Prevx tool and it found no infection. I don't experience any anomalies with web sites so, I don't "believe" I am infected.

I'll assume SAS is messed up.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×