Jump to content
nalthren

Trojan.Agent/Gen-Stranfom

By nalthren, in False Positives

Recommended Posts

nalthren   

nalthren
Posted

Yea this one made me do a doubletake, currently 48 items all in my APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.62 and 29.0.1547.66 locales folders.

 

Will post more when scan completes.


EDIT: 
These are Google Chromes: "Version Build" folders. Now I am pretty sure this is again a FP.

EDIT: 
Gave me one of those 'Has real time detected' windows pop ups. Never noticed that one before.... (A hour and 30 into the scan no less)

EDIT: Log

 

Generated 09/19/2013 at 11:33 PM
 
Application Version : 5.6.1032
 
Core Rules Database Version : 10778
Trace Rules Database Version: 8590
 
Scan type       : Complete Scan
Total Scan Time : 02:33:09
 
Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Limited User (Administrator User)
 
Memory items scanned      : 645
Memory threats detected   : 0
Registry items scanned    : 39304
Registry threats detected : 0
File items scanned        : 51898
File threats detected     : 63
 
Adware.Tracking Cookie
C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Cookies\82SLT5E1.txt [ /lucidmedia.com ]
C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Cookies\53ZFMPQC.txt [ /burstnet.com ]
C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Cookies\2M40YUYQ.txt [ /casalemedia.com ]
C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Cookies\MMFG7DGR.txt [ /ru4.com ]
C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Cookies\SDBO580M.txt [ /media6degrees.com ]
C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Cookies\AR7V4N8F.txt [ /ads.pubmatic.com ]
C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Cookies\5T6CU0I1.txt [ /invitemedia.com ]
C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Cookies\OTXLBO72.txt [ /www.burstnet.com ]
C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Cookies\SN6MPVZB.txt [ /atdmt.com ]
C:\USERS\RICHARD\Cookies\82SLT5E1.txt [ Cookie:richard@lucidmedia.com/ ]
C:\USERS\RICHARD\Cookies\53ZFMPQC.txt [ Cookie:richard@burstnet.com/ ]
C:\USERS\RICHARD\Cookies\2M40YUYQ.txt [ Cookie:richard@casalemedia.com/ ]
C:\USERS\RICHARD\Cookies\MMFG7DGR.txt [ Cookie:richard@ru4.com/ ]
C:\USERS\RICHARD\Cookies\OTXLBO72.txt [ Cookie:richard@www.burstnet.com/ ]
C:\USERS\RICHARD\Cookies\SN6MPVZB.txt [ Cookie:richard@atdmt.com/ ]
 
Trojan.Agent/Gen-Stranfom
C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\AM.DLL
C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\AR.DLL
C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\BN.DLL
C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\EN-GB.DLL
C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\EN-US.DLL
C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\ET.DLL
C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\FA.DLL
C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\FI.DLL
C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\GU.DLL
C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\HE.DLL
C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\MS.DLL
C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\JA.DLL
C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\KO.DLL
C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\LV.DLL
C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\MR.DLL
C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\NB.DLL
C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\RU.DLL
C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\SR.DLL
C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\SV.DLL
C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\TH.DLL
C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\UK.DLL
C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\VI.DLL
C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\ZH-CN.DLL
C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\ZH-TW.DLL
C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\AM.DLL
C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\AR.DLL
C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\BN.DLL
C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\EN-GB.DLL
C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\EN-US.DLL
C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\ET.DLL
C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\FA.DLL
C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\FI.DLL
C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\GU.DLL
C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\HE.DLL
C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\MS.DLL
C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\JA.DLL
C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\KO.DLL
C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\LV.DLL
C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\MR.DLL
C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\NB.DLL
C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\RU.DLL
C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\SR.DLL
C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\SV.DLL
C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\TH.DLL
C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\UK.DLL
C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\VI.DLL
C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\ZH-CN.DLL
C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\ZH-TW.DLL
 
Scanner didnt give me a chance to remove or report as a FP. Auto deleted:

Trojan.Agent/Gen-Stranfom.Process:
C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\TEMP\SOURCE9956_16552\CHROME-BIN\29.0.1547.76\LOCALES\AM.DLL
 
C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\TEMP\SOURCE9956_16552\CHROME-BIN\29.0.1547.76\LOCALES\AR.DLL
 
C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\TEMP\SOURCE9956_16552\CHROME-BIN\29.0.1547.76\LOCALES\BN.DLL
 
So since I cant send in a report, can I get some help here?

Share this post

Link to post
Share on other sites

Onetimer   

Onetimer
Posted

I also believe this is a false positive.  I have run analysis on the files and cannot find anything malicious, here are some results of the analysis I performed:
 

Analyzed the file with malwr cuckoo sandbox:

https://malwr.com/analysis/NjNhYThmYjU3YzBmNGM2MjkyMTUzODk4ODc1M2FjZDc/

 

Analyzed the file with Anubis:

http://anubis.iseclab.org/?action=result&task_id=17240977e61c6ae84654e7ba0c7b5be23&format=html

 

Analyzed the file with Virus Total:

https://www.virustotal.com/en/file/713f7adf8bb529f865b830ee8699afb771e4aba5e3b82798638a436edbce5067/analysis/1379652797/

 

Virus total shows 2 detections, one from Superantispyware and one from BKAV.  Though sandbox analysis shows there is no malicious/suspicious activity or attempted contact with a command and control.  Additionally, within the strings of the file, all looks good, signed by verisign/symantec and google.

Share this post

Link to post
Share on other sites

CoffeeLover   

CoffeeLover
Posted

Thank you so much for posting this as I've been freaking out for over an hour! I hope this really is a False Positive. I don't know much about computers but this is my log that came up, both my computers had this:

 

SUPERAntiSpyware Scan Log
https://www.superantispyware.com

Generated 09/20/2013 at 01:36 AM

Application Version : 5.6.1032

Core Rules Database Version : 10778
Trace Rules Database Version: 8590

Scan type       : Complete Scan
Total Scan Time : 00:24:23

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 500
Memory threats detected   : 0
Registry items scanned    : 70647
Registry threats detected : 0
File items scanned        : 44528
File threats detected     : 48

Trojan.Agent/Gen-Stranfom
    C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\AM.DLL
    C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\AR.DLL
    C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\BN.DLL
    C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\EN-GB.DLL
    C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\EN-US.DLL
    C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\ET.DLL
    C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\FA.DLL
    C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\FI.DLL
    C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\GU.DLL
    C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\HE.DLL
    C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\MS.DLL
    C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\JA.DLL
    C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\KO.DLL
    C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\LV.DLL
    C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\MR.DLL
    C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\NB.DLL
    C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\RU.DLL
    C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\SR.DLL
    C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\SV.DLL
    C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\TH.DLL
    C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\UK.DLL
    C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\VI.DLL
    C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\ZH-CN.DLL
    C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\ZH-TW.DLL
    C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\AM.DLL
    C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\AR.DLL
    C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\BN.DLL
    C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\EN-GB.DLL
    C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\EN-US.DLL
    C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\ET.DLL
    C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\FA.DLL
    C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\FI.DLL
    C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\GU.DLL
    C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\HE.DLL
    C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\MS.DLL
    C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\JA.DLL
    C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\KO.DLL
    C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\LV.DLL
    C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\MR.DLL
    C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\NB.DLL
    C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\RU.DLL
    C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\SR.DLL
    C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\SV.DLL
    C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\TH.DLL
    C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\UK.DLL
    C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\VI.DLL
    C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\ZH-CN.DLL
    C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\ZH-TW.DLL
 

 

And the crazy part is, I went to that file to see when those things showed up and it says 8/24/13, however I had just run a scan with SuperAntiSpyware on the 18 and that came up clean apart from a couple cookies. Also, I checked my Avast and I had just recently run a boot scan on 9/12 and a Full scan on 9/15, and I'd also run a Malware Bytes scan on 9/17 and all had come up clean. If it had been on the computer for over a month surely something would have picked it up before now?

 

Hopefully someone can confirm this is false, because I am freaking out right now.

Share this post

Link to post
Share on other sites

nalthren   

nalthren
Posted

Looks like we are in the same boat and it IS a FP. I am just waiting on official confirmation since the Report Button failed to show up on this. (Probably since it auto removed the mentioned 3 and didnt give me a chance to stop it)

Share this post

Link to post
Share on other sites

CoffeeLover   

CoffeeLover
Posted

Here is the scan from my second computer, and one is finishing up on the third that is also reporting this.

 

SUPERAntiSpyware Scan Log
https://www.superantispyware.com

Generated 09/20/2013 at 00:35 AM

Application Version : 5.6.1032

Core Rules Database Version : 10778
Trace Rules Database Version: 8590

Scan type       : Complete Scan
Total Scan Time : 00:28:01

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 794
Memory threats detected   : 0
Registry items scanned    : 70554
Registry threats detected : 0
File items scanned        : 46050
File threats detected     : 64

Trojan.Agent/Gen-Stranfom
    C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\AM.DLL
    C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\AR.DLL
    C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\BN.DLL
    C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\EN-GB.DLL
    C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\EN-US.DLL
    C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\ET.DLL
    C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\FA.DLL
    C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\FI.DLL
    C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\GU.DLL
    C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\HE.DLL
    C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\MS.DLL
    C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\JA.DLL
    C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\KO.DLL
    C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\LV.DLL
    C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\MR.DLL
    C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\NB.DLL
    C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\RU.DLL
    C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\SR.DLL
    C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\SV.DLL
    C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\TH.DLL
    C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\UK.DLL
    C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\VI.DLL
    C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\ZH-CN.DLL
    C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.62\LOCALES\ZH-TW.DLL
    C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\AM.DLL
    C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\AR.DLL
    C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\BN.DLL
    C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\EN-GB.DLL
    C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\EN-US.DLL
    C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\ET.DLL
    C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\FA.DLL
    C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\FI.DLL
    C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\GU.DLL
    C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\HE.DLL
    C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\MS.DLL
    C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\JA.DLL
    C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\KO.DLL
    C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\LV.DLL
    C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\MR.DLL
    C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\NB.DLL
    C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\RU.DLL
    C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\SR.DLL
    C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\SV.DLL
    C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\TH.DLL
    C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\UK.DLL
    C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\VI.DLL
    C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\ZH-CN.DLL
    C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\29.0.1547.66\LOCALES\ZH-TW.DLL

Adware.Tracking Cookie
    accounts.google.com [ C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ads.pointroll.com [ C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pointroll.com [ C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pointroll.com [ C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ads.pointroll.com [ C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ads.pointroll.com [ C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ads.pointroll.com [ C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ads.pointroll.com [ C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ads.pointroll.com [ C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ads.pointroll.com [ C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .insightexpressai.com [ C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .insightexpressai.com [ C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .doubleclick.net [ C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .doubleclick.net [ C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ru4.com [ C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ru4.com [ C:\USERS\FIZCORG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 

Share this post

Link to post
Share on other sites

CoffeeLover   

CoffeeLover
Posted

It looks identical to mine.. given it a further chance its a FP. 

Yeah I'm going to see if the report as false positive button pops up on the 3rd computer. Incidentally on the 3rd computer it also says the files were created on 8/24/13. I'm thinking that must have been a day I told Google Chrome to update or something, and all of these files are just Google files from the update.

Share this post

Link to post
Share on other sites

CoffeeLover   

CoffeeLover
Posted

I don't believe so, it quarantined everything and then I deleted it because I panicked. I don't think it auto deleted anything, but it did pop up both times in the middle of the scan to tell me I was in trouble.

Share this post

Link to post
Share on other sites

nalthren   

nalthren
Posted

Yea in these cases dont auto delete it if you can help it.. Deleted Steam the first time and lost alot of DLC from one of my games I was unable to recover, from that point on I made it a point to check here every time a 'trojan' hits. So far everything was a false positive.

Share this post

Link to post
Share on other sites

Onetimer   

Onetimer
Posted

I just submitted a few of the files as false positives, in the report I included a list of the files that were flagged so hopefully that will do it for them.  Not sure if I should submit all 48.  I also did not have any files removed.  I just exited the scan as I knew these were false positives.

Share this post

Link to post
Share on other sites

nalthren   

nalthren
Posted

Well as I said, I am waiting on official support on the 3 I mentioned at the bottom at my report that the scanner auto deleted before I can send a report on anything. 
So I have quarantine intact so I can restore the 3 and the other 40 something 'trojans'.

Share this post

Link to post
Share on other sites

CoffeeLover   

CoffeeLover
Posted

Thank you guys. Yeah I just freaked out because I use these comps for everything and I was just on my bank so I'm like OMG they have all my info I am totally screwed. Didn't even occur to me they might be false. I'll try to keep it together till the officials weigh in. :)

Share this post

Link to post
Share on other sites

Bonjovicrzy   

Bonjovicrzy
Posted

I had the same promblem amd location  I freaked out  I just finished running my daily scan and it said I was clean 15-20 minutes  later got a popup alert from SAS saying  blocked 48 files from Trojan.Agent/Gen-Stranfom from  Chrome I ran my  program again  twice to be sure it got all and then ran  my Anti Virus ( boot scan )  SAS quarantined the files ( still sitting there )  after I found it was coming from Chrome and it was a Adobe Flash Player  folder  uninstalled both  not putting Chrome or Flash Player .. on for a few days just to make me feel better &  to be safe ... but will download Flash Player later  I am a Youtube junkie  so I will be watching this thread and the Forum for a few days to be sure

 

 plus I will be sure to  have the updates for SAS in tacked

Share this post

Link to post
Share on other sites

aevic   

aevic
Posted

I'm updated to the latest version and tonight while scanning I found what seems to be another FP in google files.

 

It comes up as Trojan.Agent/Gen-Kazy. In my Program Files x86. GEXPORTCOMMON.DLL.

 

I had the issue someone had earlier with plenty of files and deleted them without a thought. :/ No damage done as far as I can tell as the files were most likely put back when I used Chrome again.

 

I'd like a mod to confirm that I didn't do any lasting damage. I had the exact same thing as the first guy with those same files and deleted them. Am I okay?

Share this post

Link to post
Share on other sites

Tonester59   

Tonester59
Posted

I also found Trojan.Agent/Gen-Stranform (48 items) in my Google Chrome Apps files. I had just downloaded the Chrome Desktop App launcher and 2 apps: WorkFlowy and exFM the day before (apprx 9/17). I became suspicious and started running scans because my A/V program, F-Secure, was turned off when I first booted up. Scans by F-Secure and MBAM (safe mode) did not detect it, only SAS. I deleted the files and uninstalled the apps. Since I had also downloaded the exact same Chrome apps onto my other computer I checked it, and F-Secure had been turned off and became disabled when I attempted to turn it on. This time the same procedure (nada with F-Secure and MBAM) came up with Trojan.Agent/Gen-Kazy (2 items).  The name sounds familiar but I haven't checked it on Virus Total yet - 'was just about to. My point here is that I find it hard to believe that any code that attempts or succeeds in disabling your A/V program is a FP. It's usually the first thing malware tries to do.

  I just checked the forum on Kazy and most folks found it in their Google Earth files and it turned out to be a false positive. Does SAS have a problem with Google files? I was pretty surprised that neither F-Secure or Malwarebytes-Anti-Malware identified them. I guess I'd better see if my Google Earth still works. 'Still can't explain the problems with my a/v/ being turned off. though. I'm going to keep an open mind on this one.

Share this post

Link to post
Share on other sites

Mumio   

Mumio
Posted

I also found Trojan.Agent/Gen-Stranform (48 items) in my Google Chrome Apps files. I had just downloaded the Chrome Desktop App launcher and 2 apps: WorkFlowy and exFM the day before (apprx 9/17). I became suspicious and started running scans because my A/V program, F-Secure, was turned off when I first booted up. Scans by F-Secure and MBAM (safe mode) did not detect it, only SAS. I deleted the files and uninstalled the apps. Since I had also downloaded the exact same Chrome apps onto my other computer I checked it, and F-Secure had been turned off and became disabled when I attempted to turn it on. This time the same procedure (nada with F-Secure and MBAM) came up with Trojan.Agent/Gen-Kazy (2 items).  The name sounds familiar but I haven't checked it on Virus Total yet - 'was just about to. My point here is that I find it hard to believe that any code that attempts or succeeds in disabling your A/V program is a FP. It's usually the first thing malware tries to do.

  I just checked the forum on Kazy and most folks found it in their Google Earth files and it turned out to be a false positive. Does SAS have a problem with Google files? I was pretty surprised that neither F-Secure or Malwarebytes-Anti-Malware identified them. I guess I'd better see if my Google Earth still works. 'Still can't explain the problems with my a/v/ being turned off. though. I'm going to keep an open mind on this one.

 

 

I have Malwarebytes Pro and it did not detect this file either. Out of 3 programs that run daily without fail, the only one that came up with this trojan is SAS Pro. I can't recall the last time I used Chrome so I'm not sure how anything could have even got on there. Hopefully someone will be along soon to let us know if those quarantined files need to be deleted or restored.

Share this post

Link to post
Share on other sites

Mumio   

Mumio
Posted

You can restore the 3 files that were auto-quarantined as well, Nalthren.

 

Hi SAS Customer Service-

 

So everything that is sitting in quarantine re Trojan.Agent/Gen-Stranfom is a false positive and it's okay to restore those files?

 

Share this post

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Go To Topic Listing False Positives
×