Jump to content
pagesbow

Trojan.Agent / Gen-Autorunner

Recommended Posts

Hi all,

 

This is the first time I've posted here so I'm sure I'm breaking many  forum guidlines or not providing enough info etc. But here goes...

 

About four days ago I ran superantispyware and found a trojan by the name of Trojan.Agent / Gen-Autorunner I deleted it ran superantispyware again and that appeared to have removed it as it wasn't picked up in the second scan. Two days later, I went to turn off my PC and at first I thought I had made a mistake as it restarted. Turns out it wasn't - and it would also restart if I used the power off button on my machine.

 

Since about Friday I have been trying to get rid of this trojan manually to no avail. This is the log of a scan:

 

SUPERAntiSpyware Scan Log
https://www.superantispyware.com

Generated 05/05/2013 at 11:40 AM

Application Version : 5.6.1014

Core Rules Database Version : 10356
Trace Rules Database Version: 8168

Scan type       : Complete Scan
Total Scan Time : 00:38:01

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned      : 390
Memory threats detected   : 0
Registry items scanned    : 37208
Registry threats detected : 0
File items scanned        : 39639
File threats detected     : 30

Adware.Tracking Cookie
    C:\Documents and Settings\Cookies\X3CCMDFE.txt [ /atdmt.combing.com ]
    .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0IRJVAG2.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0IRJVAG2.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0IRJVAG2.DEFAULT\COOKIES.SQLITE ]
    .dmtracker.com [ C:\DOCUMENTS AND SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0IRJVAG2.DEFAULT\COOKIES.SQLITE ]
    .liveperson.net [ C:\DOCUMENTS AND SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0IRJVAG2.DEFAULT\COOKIES.SQLITE ]
    server.iad.liveperson.net [ C:\DOCUMENTS AND SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0IRJVAG2.DEFAULT\COOKIES.SQLITE ]
    .liveperson.net [ C:\DOCUMENTS AND SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0IRJVAG2.DEFAULT\COOKIES.SQLITE ]
    .c.atdmt.com [ C:\DOCUMENTS AND SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0IRJVAG2.DEFAULT\COOKIES.SQLITE ]
    .c.atdmt.com [ C:\DOCUMENTS AND SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0IRJVAG2.DEFAULT\COOKIES.SQLITE ]
    .histats.com [ C:\DOCUMENTS AND SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0IRJVAG2.DEFAULT\COOKIES.SQLITE ]
    .histats.com [ C:\DOCUMENTS AND SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0IRJVAG2.DEFAULT\COOKIES.SQLITE ]
    .imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0IRJVAG2.DEFAULT\COOKIES.SQLITE ]
    .imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0IRJVAG2.DEFAULT\COOKIES.SQLITE ]
    .doubleclick.net [ C:\DOCUMENTS AND SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0IRJVAG2.DEFAULT\COOKIES.SQLITE ]
    .estat.com [ C:\DOCUMENTS AND SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0IRJVAG2.DEFAULT\COOKIES.SQLITE ]
    stat.onestat.com [ C:\DOCUMENTS AND SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0IRJVAG2.DEFAULT\COOKIES.SQLITE ]
    stat.onestat.com [ C:\DOCUMENTS AND SETTINGS\PPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0IRJVAG2.DEFAULT\COOKIES.SQLITE ]
    stat.onestat.com [ C:\DOCUMENTS AND SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0IRJVAG2.DEFAULT\COOKIES.SQLITE ]
    .xiti.com [ C:\DOCUMENTS AND SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0IRJVAG2.DEFAULT\COOKIES.SQLITE ]
    .atdmt.com [ C:\DOCUMENTS AND SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0IRJVAG2.DEFAULT\COOKIES.SQLITE ]
    .c1.atdmt.com [ C:\DOCUMENTS AND SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0IRJVAG2.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0IRJVAG2.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0IRJVAG2.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0IRJVAG2.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0IRJVAG2.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0IRJVAG2.DEFAULT\COOKIES.SQLITE ]
    www.qsstats.com [ C:\DOCUMENTS AND SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0IRJVAG2.DEFAULT\COOKIES.SQLITE ]
    www.qsstats.com [ C:\DOCUMENTS AND SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0IRJVAG2.DEFAULT\COOKIES.SQLITE ]

Trojan.Agent/Gen-Autorunner
    C:\SWSETUP\SP34267\BIN\UPDATPNP.EXE

 

I went into C:\SWSETUP\SP34267\BIN\UPDATPNP.EXE and the file looked like this:

post-27653-0-37215300-1367759288_thumb.jpg

 

Now I know it was created in May 2006 which would suggest is not a trojan? however, everytime superantospyware "removed" it it came back so I shredded the file with AVG shredder and since then it has not returned and I have been able to turn off my PC normally.

 

So, I'm not sure what I'm asking here as I'm just a noob when it comes to this stuff....but does anyone have any thoughts on what this was/is? and is it fixed? AVG also picked up:

post-27653-0-03727100-1367760064_thumb.jpg

 

But is was removed and hasn't come back.

 

Thanks in advance.

 

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×