llau Posted January 4, 2013 Hi there, My computer is running Norton Internet Security, and I just did a scan and it found quite a few files it thought were trojans. I submitted a few to VirusTotal.com to check and the three I submitted were OK according to their results. Here's my log file: SUPERAntiSpyware Scan Log https://www.superantispyware.com Generated 01/03/2013 at 10:56 PM Application Version : 5.6.1014 Core Rules Database Version : 9821 Trace Rules Database Version: 7633 Scan type : Complete Scan Total Scan Time : 01:57:32 Operating System Information Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600) Administrator Memory items scanned : 747 Memory threats detected : 0 Registry items scanned : 39044 Registry threats detected : 1 File items scanned : 112189 File threats detected : 239 PUP.CNETInstaller C:\DOCUMENTS AND SETTINGS\guest\MY DOCUMENTS\DOWNLOADS\CNET2_MONITORBRIGHT_ZIP.EXE PUP.iBryte C:\DOCUMENTS AND SETTINGS\guest\MY DOCUMENTS\DOWNLOADS\DOWNLOADMANAGER_SETUP (1).EXE C:\DOCUMENTS AND SETTINGS\guest\MY DOCUMENTS\DOWNLOADS\DOWNLOADMANAGER_SETUP.EXE Trojan.Agent/Gen-Trexer C:\I386\SCHANNEL.DLL C:\WINDOWS\$HF_MIG$\KB935840\SP2QFE\SCHANNEL.DLL C:\WINDOWS\$NTSERVICEPACKUNINSTALL$\SCHANNEL.DLL Trojan.Agent/Gen-Kazy[ico] C:\PROGRAM FILES\MICROSOFT WORKS\1033\WKLNLNG.DLL Adware.DirectDownloader C:\RECYCLER\S-1-5-21-3271295672-706164286-3085662288-1006\DC1.EXE C:\RECYCLER\S-1-5-21-3271295672-706164286-3085662288-1006\DC2.EXE Trojan.Dropper/Win-NV C:\WINDOWS\$HF_MIG$\KB896423\SP2QFE\SPOOLSV.EXE C:\WINDOWS\$HF_MIG$\KB900725\SP2QFE\LINKINFO.DLL C:\WINDOWS\$NTSERVICEPACKUNINSTALL$\LINKINFO.DLL C:\WINDOWS\$NTSERVICEPACKUNINSTALL$\SPOOLSV.EXE Can you tell me if any of these are not false positives? Thanks very much, V. Share this post Link to post Share on other sites
GuiltySpark Posted January 4, 2013 Hi llau , I would definately get rid of : CNET2_MONITORBRIGHT_ZIP.EXE DOWNLOADMANAGER_SETUP (1).EXE DOWNLOADMANAGER_SETUP.EXE C:\RECYCLER\S-1-5-21-3271295672-706164286-3085662288-1006\DC1.EXE C:\RECYCLER\S-1-5-21-3271295672-706164286-3085662288-1006\DC2.EXE As for the others (win files). You should wait for SAS to contact you, or you could try running MBAM in Safe mode. If it detects the same/similar things (same pathway/file/folder(s)) then you may have to Disinfect them so as not to remove any critical files from the system. Also try running SAS in Safe mode to see if results are similar. Share this post Link to post Share on other sites