nalthren Posted September 20, 2013 Yea this one made me do a doubletake, currently 48 items all in my APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.62 and 29.0.1547.66 locales folders. Will post more when scan completes. EDIT: These are Google Chromes: "Version Build" folders. Now I am pretty sure this is again a FP.EDIT: Gave me one of those 'Has real time detected' windows pop ups. Never noticed that one before.... (A hour and 30 into the scan no less)EDIT: Log Generated 09/19/2013 at 11:33 PM Application Version : 5.6.1032 Core Rules Database Version : 10778 Trace Rules Database Version: 8590 Scan type : Complete Scan Total Scan Time : 02:33:09 Operating System Information Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002) UAC On - Limited User (Administrator User) Memory items scanned : 645 Memory threats detected : 0 Registry items scanned : 39304 Registry threats detected : 0 File items scanned : 51898 File threats detected : 63 Adware.Tracking Cookie C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Cookies\82SLT5E1.txt [ /lucidmedia.com ] C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Cookies\53ZFMPQC.txt [ /burstnet.com ] C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Cookies\2M40YUYQ.txt [ /casalemedia.com ] C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Cookies\MMFG7DGR.txt [ /ru4.com ] C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Cookies\SDBO580M.txt [ /media6degrees.com ] C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Cookies\AR7V4N8F.txt [ /ads.pubmatic.com ] C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Cookies\5T6CU0I1.txt [ /invitemedia.com ] C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Cookies\OTXLBO72.txt [ /www.burstnet.com ] C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Cookies\SN6MPVZB.txt [ /atdmt.com ] C:\USERS\RICHARD\Cookies\82SLT5E1.txt [ Cookie:richard@lucidmedia.com/ ] C:\USERS\RICHARD\Cookies\53ZFMPQC.txt [ Cookie:richard@burstnet.com/ ] C:\USERS\RICHARD\Cookies\2M40YUYQ.txt [ Cookie:richard@casalemedia.com/ ] C:\USERS\RICHARD\Cookies\MMFG7DGR.txt [ Cookie:richard@ru4.com/ ] C:\USERS\RICHARD\Cookies\OTXLBO72.txt [ Cookie:richard@www.burstnet.com/ ] C:\USERS\RICHARD\Cookies\SN6MPVZB.txt [ Cookie:richard@atdmt.com/ ] Trojan.Agent/Gen-Stranfom C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\AM.DLL C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\AR.DLL C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\BN.DLL C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\EN-GB.DLL C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\EN-US.DLL C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\ET.DLL C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\FA.DLL C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\FI.DLL C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\GU.DLL C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\HE.DLL C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\MS.DLL C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\JA.DLL C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\KO.DLL C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\LV.DLL C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\MR.DLL C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\NB.DLL C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\RU.DLL C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\SR.DLL C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\SV.DLL C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\TH.DLL C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\UK.DLL C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\VI.DLL C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\ZH-CN.DLL C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\ZH-TW.DLL C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\AM.DLL C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\AR.DLL C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\BN.DLL C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\EN-GB.DLL C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\EN-US.DLL C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\ET.DLL C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\FA.DLL C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\FI.DLL C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\GU.DLL C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\HE.DLL C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\MS.DLL C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\JA.DLL C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\KO.DLL C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\LV.DLL C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\MR.DLL C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\NB.DLL C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\RU.DLL C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\SR.DLL C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\SV.DLL C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\TH.DLL C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\UK.DLL C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\VI.DLL C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\ZH-CN.DLL C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\ZH-TW.DLL Scanner didnt give me a chance to remove or report as a FP. Auto deleted: Trojan.Agent/Gen-Stranfom.Process:C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\TEMP\SOURCE9956_16552\CHROME-BIN\29.0.1547.76\LOCALES\AM.DLL C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\TEMP\SOURCE9956_16552\CHROME-BIN\29.0.1547.76\LOCALES\AR.DLL C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\TEMP\SOURCE9956_16552\CHROME-BIN\29.0.1547.76\LOCALES\BN.DLL So since I cant send in a report, can I get some help here? Share this post Link to post Share on other sites
Onetimer Posted September 20, 2013 I also believe this is a false positive. I have run analysis on the files and cannot find anything malicious, here are some results of the analysis I performed: Analyzed the file with malwr cuckoo sandbox: https://malwr.com/analysis/NjNhYThmYjU3YzBmNGM2MjkyMTUzODk4ODc1M2FjZDc/ Analyzed the file with Anubis: http://anubis.iseclab.org/?action=result&task_id=17240977e61c6ae84654e7ba0c7b5be23&format=html Analyzed the file with Virus Total: https://www.virustotal.com/en/file/713f7adf8bb529f865b830ee8699afb771e4aba5e3b82798638a436edbce5067/analysis/1379652797/ Virus total shows 2 detections, one from Superantispyware and one from BKAV. Though sandbox analysis shows there is no malicious/suspicious activity or attempted contact with a command and control. Additionally, within the strings of the file, all looks good, signed by verisign/symantec and google. Share this post Link to post Share on other sites
nalthren Posted September 20, 2013 Alright what about the 3 files I mentioned at the bottom? Share this post Link to post Share on other sites
CoffeeLover Posted September 20, 2013 Thank you so much for posting this as I've been freaking out for over an hour! I hope this really is a False Positive. I don't know much about computers but this is my log that came up, both my computers had this: SUPERAntiSpyware Scan Loghttps://www.superantispyware.comGenerated 09/20/2013 at 01:36 AMApplication Version : 5.6.1032Core Rules Database Version : 10778Trace Rules Database Version: 8590Scan type : Complete ScanTotal Scan Time : 00:24:23Operating System InformationWindows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)UAC On - Limited UserMemory items scanned : 500Memory threats detected : 0Registry items scanned : 70647Registry threats detected : 0File items scanned : 44528File threats detected : 48Trojan.Agent/Gen-Stranfom C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\AM.DLL C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\AR.DLL C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\BN.DLL C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\EN-GB.DLL C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\EN-US.DLL C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\ET.DLL C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\FA.DLL C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\FI.DLL C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\GU.DLL C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\HE.DLL C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\MS.DLL C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\JA.DLL C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\KO.DLL C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\LV.DLL C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\MR.DLL C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\NB.DLL C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\RU.DLL C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\SR.DLL C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\SV.DLL C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\TH.DLL C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\UK.DLL C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\VI.DLL C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\ZH-CN.DLL C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\ZH-TW.DLL C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\AM.DLL C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\AR.DLL C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\BN.DLL C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\EN-GB.DLL C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\EN-US.DLL C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\ET.DLL C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\FA.DLL C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\FI.DLL C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\GU.DLL C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\HE.DLL C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\MS.DLL C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\JA.DLL C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\KO.DLL C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\LV.DLL C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\MR.DLL C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\NB.DLL C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\RU.DLL C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\SR.DLL C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\SV.DLL C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\TH.DLL C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\UK.DLL C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\VI.DLL C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\ZH-CN.DLL C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\ZH-TW.DLL And the crazy part is, I went to that file to see when those things showed up and it says 8/24/13, however I had just run a scan with SuperAntiSpyware on the 18 and that came up clean apart from a couple cookies. Also, I checked my Avast and I had just recently run a boot scan on 9/12 and a Full scan on 9/15, and I'd also run a Malware Bytes scan on 9/17 and all had come up clean. If it had been on the computer for over a month surely something would have picked it up before now? Hopefully someone can confirm this is false, because I am freaking out right now. Share this post Link to post Share on other sites
nalthren Posted September 20, 2013 Looks like we are in the same boat and it IS a FP. I am just waiting on official confirmation since the Report Button failed to show up on this. (Probably since it auto removed the mentioned 3 and didnt give me a chance to stop it) Share this post Link to post Share on other sites
CoffeeLover Posted September 20, 2013 Here is the scan from my second computer, and one is finishing up on the third that is also reporting this. SUPERAntiSpyware Scan Loghttps://www.superantispyware.comGenerated 09/20/2013 at 00:35 AMApplication Version : 5.6.1032Core Rules Database Version : 10778Trace Rules Database Version: 8590Scan type : Complete ScanTotal Scan Time : 00:28:01Operating System InformationWindows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)UAC On - Limited UserMemory items scanned : 794Memory threats detected : 0Registry items scanned : 70554Registry threats detected : 0File items scanned : 46050File threats detected : 64Trojan.Agent/Gen-Stranfom C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\AM.DLL C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\AR.DLL C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\BN.DLL C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\EN-GB.DLL C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\EN-US.DLL C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\ET.DLL C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\FA.DLL C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\FI.DLL C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\GU.DLL C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\HE.DLL C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\MS.DLL C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\JA.DLL C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\KO.DLL C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\LV.DLL C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\MR.DLL C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\NB.DLL C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\RU.DLL C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\SR.DLL C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\SV.DLL C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\TH.DLL C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\UK.DLL C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\VI.DLL C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\ZH-CN.DLL C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\ZH-TW.DLL C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\AM.DLL C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\AR.DLL C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\BN.DLL C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\EN-GB.DLL C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\EN-US.DLL C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\ET.DLL C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\FA.DLL C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\FI.DLL C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\GU.DLL C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\HE.DLL C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\MS.DLL C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\JA.DLL C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\KO.DLL C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\LV.DLL C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\MR.DLL C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\NB.DLL C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\RU.DLL C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\SR.DLL C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\SV.DLL C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\TH.DLL C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\UK.DLL C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\VI.DLL C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\ZH-CN.DLL C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\ZH-TW.DLLAdware.Tracking Cookie accounts.google.com [ C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .ads.pointroll.com [ C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .pointroll.com [ C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .pointroll.com [ C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .ads.pointroll.com [ C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .ads.pointroll.com [ C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .ads.pointroll.com [ C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .ads.pointroll.com [ C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .ads.pointroll.com [ C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .ads.pointroll.com [ C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .insightexpressai.com [ C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .insightexpressai.com [ C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .doubleclick.net [ C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .doubleclick.net [ C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .ru4.com [ C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .ru4.com [ C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] Share this post Link to post Share on other sites
nalthren Posted September 20, 2013 It looks identical to mine.. given it a further chance its a FP. Share this post Link to post Share on other sites
CoffeeLover Posted September 20, 2013 It looks identical to mine.. given it a further chance its a FP. Yeah I'm going to see if the report as false positive button pops up on the 3rd computer. Incidentally on the 3rd computer it also says the files were created on 8/24/13. I'm thinking that must have been a day I told Google Chrome to update or something, and all of these files are just Google files from the update. Share this post Link to post Share on other sites
nalthren Posted September 20, 2013 Probably but did you have 3 files removed as well? Share this post Link to post Share on other sites
CoffeeLover Posted September 20, 2013 I don't believe so, it quarantined everything and then I deleted it because I panicked. I don't think it auto deleted anything, but it did pop up both times in the middle of the scan to tell me I was in trouble. Share this post Link to post Share on other sites
nalthren Posted September 20, 2013 Yea in these cases dont auto delete it if you can help it.. Deleted Steam the first time and lost alot of DLC from one of my games I was unable to recover, from that point on I made it a point to check here every time a 'trojan' hits. So far everything was a false positive. Share this post Link to post Share on other sites
Onetimer Posted September 20, 2013 I just submitted a few of the files as false positives, in the report I included a list of the files that were flagged so hopefully that will do it for them. Not sure if I should submit all 48. I also did not have any files removed. I just exited the scan as I knew these were false positives. Share this post Link to post Share on other sites
nalthren Posted September 20, 2013 Well as I said, I am waiting on official support on the 3 I mentioned at the bottom at my report that the scanner auto deleted before I can send a report on anything. So I have quarantine intact so I can restore the 3 and the other 40 something 'trojans'. Share this post Link to post Share on other sites
CoffeeLover Posted September 20, 2013 Thank you guys. Yeah I just freaked out because I use these comps for everything and I was just on my bank so I'm like OMG they have all my info I am totally screwed. Didn't even occur to me they might be false. I'll try to keep it together till the officials weigh in. Share this post Link to post Share on other sites
nalthren Posted September 20, 2013 No problem. we've all been at that stage before. Now heres hoping for official response of some sort by morning. Share this post Link to post Share on other sites
SAS Malware Research Posted September 20, 2013 The cause of the false positive has been found and removed. Please update to version 10781. Share this post Link to post Share on other sites
nalthren Posted September 20, 2013 I believe it updated last night, so everything detected was a FP? Including the 3 that were auto deleted? Share this post Link to post Share on other sites
Mumio Posted September 21, 2013 I also had this problem. I didn't delete the files, just left them in quarantine. Should I restore them all? Share this post Link to post Share on other sites
Bonjovicrzy Posted September 21, 2013 I had the same promblem amd location I freaked out I just finished running my daily scan and it said I was clean 15-20 minutes later got a popup alert from SAS saying blocked 48 files from Trojan.Agent/Gen-Stranfom from Chrome I ran my program again twice to be sure it got all and then ran my Anti Virus ( boot scan ) SAS quarantined the files ( still sitting there ) after I found it was coming from Chrome and it was a Adobe Flash Player folder uninstalled both not putting Chrome or Flash Player .. on for a few days just to make me feel better & to be safe ... but will download Flash Player later I am a Youtube junkie so I will be watching this thread and the Forum for a few days to be sure plus I will be sure to have the updates for SAS in tacked Share this post Link to post Share on other sites
aevic Posted September 21, 2013 I'm updated to the latest version and tonight while scanning I found what seems to be another FP in google files. It comes up as Trojan.Agent/Gen-Kazy. In my Program Files x86. GEXPORTCOMMON.DLL. I had the issue someone had earlier with plenty of files and deleted them without a thought. :/ No damage done as far as I can tell as the files were most likely put back when I used Chrome again. I'd like a mod to confirm that I didn't do any lasting damage. I had the exact same thing as the first guy with those same files and deleted them. Am I okay? Share this post Link to post Share on other sites
Tonester59 Posted September 23, 2013 I also found Trojan.Agent/Gen-Stranform (48 items) in my Google Chrome Apps files. I had just downloaded the Chrome Desktop App launcher and 2 apps: WorkFlowy and exFM the day before (apprx 9/17). I became suspicious and started running scans because my A/V program, F-Secure, was turned off when I first booted up. Scans by F-Secure and MBAM (safe mode) did not detect it, only SAS. I deleted the files and uninstalled the apps. Since I had also downloaded the exact same Chrome apps onto my other computer I checked it, and F-Secure had been turned off and became disabled when I attempted to turn it on. This time the same procedure (nada with F-Secure and MBAM) came up with Trojan.Agent/Gen-Kazy (2 items). The name sounds familiar but I haven't checked it on Virus Total yet - 'was just about to. My point here is that I find it hard to believe that any code that attempts or succeeds in disabling your A/V program is a FP. It's usually the first thing malware tries to do. I just checked the forum on Kazy and most folks found it in their Google Earth files and it turned out to be a false positive. Does SAS have a problem with Google files? I was pretty surprised that neither F-Secure or Malwarebytes-Anti-Malware identified them. I guess I'd better see if my Google Earth still works. 'Still can't explain the problems with my a/v/ being turned off. though. I'm going to keep an open mind on this one. Share this post Link to post Share on other sites
Mumio Posted September 23, 2013 I also found Trojan.Agent/Gen-Stranform (48 items) in my Google Chrome Apps files. I had just downloaded the Chrome Desktop App launcher and 2 apps: WorkFlowy and exFM the day before (apprx 9/17). I became suspicious and started running scans because my A/V program, F-Secure, was turned off when I first booted up. Scans by F-Secure and MBAM (safe mode) did not detect it, only SAS. I deleted the files and uninstalled the apps. Since I had also downloaded the exact same Chrome apps onto my other computer I checked it, and F-Secure had been turned off and became disabled when I attempted to turn it on. This time the same procedure (nada with F-Secure and MBAM) came up with Trojan.Agent/Gen-Kazy (2 items). The name sounds familiar but I haven't checked it on Virus Total yet - 'was just about to. My point here is that I find it hard to believe that any code that attempts or succeeds in disabling your A/V program is a FP. It's usually the first thing malware tries to do. I just checked the forum on Kazy and most folks found it in their Google Earth files and it turned out to be a false positive. Does SAS have a problem with Google files? I was pretty surprised that neither F-Secure or Malwarebytes-Anti-Malware identified them. I guess I'd better see if my Google Earth still works. 'Still can't explain the problems with my a/v/ being turned off. though. I'm going to keep an open mind on this one. I have Malwarebytes Pro and it did not detect this file either. Out of 3 programs that run daily without fail, the only one that came up with this trojan is SAS Pro. I can't recall the last time I used Chrome so I'm not sure how anything could have even got on there. Hopefully someone will be along soon to let us know if those quarantined files need to be deleted or restored. Share this post Link to post Share on other sites
SAS Customer Service Posted September 25, 2013 You can restore the 3 files that were auto-quarantined as well, Nalthren. Share this post Link to post Share on other sites
Mumio Posted September 25, 2013 You can restore the 3 files that were auto-quarantined as well, Nalthren. Hi SAS Customer Service- So everything that is sitting in quarantine re Trojan.Agent/Gen-Stranfom is a false positive and it's okay to restore those files? Share this post Link to post Share on other sites
GuiltySpark Posted September 25, 2013 If they are the same files yes Share this post Link to post Share on other sites