Jump to content
Sign in to follow this  
txtooker

Desktop Infected with Trojan.Agent Gen-Nullo [Short]

Recommended Posts

I was scanning our spare Windows XP computer this week since my husband said it was really slow over the weekend.  It is only used when the two better computers are being used by someone else in the house.  He was browsing Facebook and a few other websites but said it was asking "wierd" when he used IE but was better under Chrome.  Since I hadn't scanned it in a while, I went through my normal steps of updating SpywareBlaster, running Malwarebytes scan and running a SUPERAntiSpyware scan.  

 

Malwarebytes found and quarantied two PUPs as follows:

 

Files Detected: 2
C:\Documents and Settings\Zachary\Desktop\SFInstaller_SFFZ_filezilla_8992693_.exe (PUP.Optional.Spigot.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Zachary\My Documents\Downloads\SoftonicDownloader_for_java-development-kit.exe (PUP.Optional.Softonic) -> Quarantined and deleted successfully.
 
Since they were PUPs, I wasn't really worried about them but made sure the files were deleted successfully since they were under my son's account.
 
Then I ran SuperAntiSpyware yesterday.  It found a Trojan.Agent/Gen-Nullo[short] virus in a restore folder file.  Below is the scan log:
 
SUPERAntiSpyware Scan Log
 
Generated 01/22/2014 at 04:29 PM
 
Application Version : 5.7.1018
 
Core Rules Database Version : 10991
Trace Rules Database Version: 8803
 
Scan type       : Complete Scan
Total Scan Time : 01:31:14
 
Operating System Information
Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator
 
Memory items scanned      : 551
Memory threats detected   : 0
Registry items scanned    : 42728
Registry threats detected : 0
File items scanned        : 144808
File threats detected     : 122
 
Adware.Tracking Cookie
C:\DOCUMENTS AND SETTINGS\BEN\Cookies\XPAK9OP0.txt [ Cookie:ben@ads.pointroll.com/ ]
C:\DOCUMENTS AND SETTINGS\BEN\Cookies\VHKIH7FX.txt [ Cookie:ben@kontera.com/ ]
C:\DOCUMENTS AND SETTINGS\BEN\Cookies\174LKNPG.txt [ Cookie:ben@ad.yieldmanager.com/ ]
C:\DOCUMENTS AND SETTINGS\BEN\Cookies\CHYJ535J.txt [ Cookie:ben@pointroll.com/ ]
C:\DOCUMENTS AND SETTINGS\BEN\Cookies\VPYK0W5A.txt [ Cookie:ben@yieldmanager.net/ ]
C:\DOCUMENTS AND SETTINGS\BEN\Cookies\RYU05ZXG.txt [ Cookie:ben@ru4.com/ ]
C:\DOCUMENTS AND SETTINGS\BEN\Cookies\8TVE4TFM.txt [ Cookie:ben@wileypublishing.112.2o7.net/ ]
C:\DOCUMENTS AND SETTINGS\BEN\Cookies\MJ3P8JKO.txt [ Cookie:ben@sales.liveperson.net/ ]
C:\DOCUMENTS AND SETTINGS\BEN\Cookies\XCY3J5E2.txt [ Cookie:ben@adtechus.com/ ]
C:\DOCUMENTS AND SETTINGS\BEN\Cookies\E90XOBS0.txt [ Cookie:ben@tacoda.at.atwola.com/ ]
C:\DOCUMENTS AND SETTINGS\BEN\Cookies\99K4ZH7W.txt [ Cookie:ben@legolas-media.com/ ]
C:\DOCUMENTS AND SETTINGS\BEN\Cookies\MCUH5MH3.txt [ Cookie:ben@at.atwola.com/ ]
C:\DOCUMENTS AND SETTINGS\BEN\Cookies\6YCH8V00.txt [ Cookie:ben@interclick.com/ ]
C:\DOCUMENTS AND SETTINGS\BEN\Cookies\AQXJTA3G.txt [ Cookie:ben@www.googleadservices.com/pagead/conversion/945985263/ ]
C:\DOCUMENTS AND SETTINGS\BEN\Cookies\V38CAZD9.txt [ Cookie:ben@adinterax.com/ ]
C:\DOCUMENTS AND SETTINGS\BEN\Cookies\3MQ2SY9N.txt [ Cookie:ben@clkrev.com/adServe ]
C:\DOCUMENTS AND SETTINGS\BEN\Cookies\8PHQH15E.txt [ Cookie:ben@tribalfusion.com/ ]
C:\DOCUMENTS AND SETTINGS\BEN\Cookies\NEJVOV7Y.txt [ Cookie:ben@demandmedia.trc.taboola.com/demandmedia-ehow/ ]
C:\DOCUMENTS AND SETTINGS\BEN\Cookies\4ATKW1RE.txt [ Cookie:ben@liveperson.net/hc/37457093 ]
C:\DOCUMENTS AND SETTINGS\BEN\Cookies\WFLQK3Y7.txt [ Cookie:ben@eyeviewads.com/ ]
C:\DOCUMENTS AND SETTINGS\BEN\Cookies\7VQQJ4QW.txt [ Cookie:ben@tracking.websitealive.com/ ]
C:\DOCUMENTS AND SETTINGS\BEN\Cookies\O5TYGNNE.txt [ Cookie:ben@serving-sys.com/ ]
C:\DOCUMENTS AND SETTINGS\BEN\Cookies\AFKM70OQ.txt [ Cookie:ben@amazon-adsystem.com/ ]
C:\DOCUMENTS AND SETTINGS\BEN\Cookies\3Y7JJ3L8.txt [ Cookie:ben@dmtracker.com/ ]
C:\DOCUMENTS AND SETTINGS\BEN\Cookies\IUMRP6YS.txt [ Cookie:ben@media6degrees.com/ ]
C:\DOCUMENTS AND SETTINGS\BEN\Cookies\W7C5ZZ2E.txt [ Cookie:ben@tracking.mobileadpoint.com/ ]
C:\DOCUMENTS AND SETTINGS\BEN\Cookies\ZWZNR8XB.txt [ Cookie:ben@bs.serving-sys.com/ ]
C:\DOCUMENTS AND SETTINGS\BEN\Cookies\LN9C2SKK.txt [ Cookie:ben@lucidmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\BEN\Cookies\UXJDBMO2.txt [ Cookie:ben@www.googleadservices.com/pagead/conversion/995006923/ ]
C:\DOCUMENTS AND SETTINGS\BEN\Cookies\MXDF0LZI.txt [ Cookie:ben@a1.interclick.com/ ]
C:\DOCUMENTS AND SETTINGS\BEN\Cookies\2URI1H3X.txt [ Cookie:ben@track.adform.net/ ]
C:\DOCUMENTS AND SETTINGS\BEN\Cookies\T6PONK4L.txt [ Cookie:ben@stats.manticoretechnology.com/Data/383/13115/8369D534-054B-458E-939A-BB227230F9D0/ ]
C:\DOCUMENTS AND SETTINGS\BEN\Cookies\MSE9OB9P.txt [ Cookie:ben@yadro.ru/ ]
C:\DOCUMENTS AND SETTINGS\BEN\Cookies\LWU77GL0.txt [ Cookie:ben@exoclick.com/ ]
C:\DOCUMENTS AND SETTINGS\BEN\Cookies\A1I4930F.txt [ Cookie:ben@revsci.net/ ]
C:\DOCUMENTS AND SETTINGS\BEN\Cookies\K64O6U27.txt [ Cookie:ben@invitemedia.com/ ]
C:\DOCUMENTS AND SETTINGS\BEN\Cookies\BYT9A4G3.txt [ Cookie:ben@atwola.com/ ]
C:\DOCUMENTS AND SETTINGS\BEN\Cookies\J848SJSE.txt [ Cookie:ben@findthebest.com/ ]
C:\DOCUMENTS AND SETTINGS\BEN\Cookies\RAE0H3GN.txt [ Cookie:ben@specificclick.net/ ]
C:\DOCUMENTS AND SETTINGS\BEN\Cookies\EJOYRAHP.txt [ Cookie:ben@imrworldwide.com/ ]
C:\DOCUMENTS AND SETTINGS\BEN\Cookies\97W1XU3V.txt [ Cookie:ben@adlegend.com/ ]
C:\DOCUMENTS AND SETTINGS\BEN\Cookies\KIVWEQ15.txt [ Cookie:ben@insightexpressai.com/ ]
C:\DOCUMENTS AND SETTINGS\BEN\Cookies\YY2T2D9L.txt [ Cookie:ben@ad.mlnadvertising.com/ ]
C:\DOCUMENTS AND SETTINGS\BEN\Cookies\CMEASGNL.txt [ Cookie:ben@collective-media.net/ ]
C:\DOCUMENTS AND SETTINGS\BEN\Cookies\GLKQD3PS.txt [ Cookie:ben@in.getclicky.com/ ]
C:\DOCUMENTS AND SETTINGS\BEN\Cookies\OKLAGID2.txt [ Cookie:ben@clkrev.com/adServe/banners/ ]
C:\DOCUMENTS AND SETTINGS\BEN\Cookies\YDPEMFTP.txt [ Cookie:ben@saymedia.com/ ]
C:\DOCUMENTS AND SETTINGS\BEN\Cookies\2X1WFHN6.txt [ Cookie:ben@onclickads.net/ ]
C:\DOCUMENTS AND SETTINGS\BEN\Cookies\B8UUO7TA.txt [ Cookie:ben@2o7.net/ ]
content.oddcast.com [ C:\DOCUMENTS AND SETTINGS\BEN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\H5B7WXGU ]
core.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\BEN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\H5B7WXGU ]
secure-us.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\BEN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\H5B7WXGU ]
.intermundomedia.com [ C:\DOCUMENTS AND SETTINGS\BEN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\BEN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\BEN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\BEN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\BEN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\BEN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\BEN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\DOCUMENTS AND SETTINGS\BEN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\DOCUMENTS AND SETTINGS\WANDA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.mybanktracker.com [ C:\DOCUMENTS AND SETTINGS\WANDA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.mybanktracker.com [ C:\DOCUMENTS AND SETTINGS\WANDA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.mybanktracker.com [ C:\DOCUMENTS AND SETTINGS\WANDA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.mybanktracker.com [ C:\DOCUMENTS AND SETTINGS\WANDA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mybanktracker.com [ C:\DOCUMENTS AND SETTINGS\WANDA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\ZACHARY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\ZACHARY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediafire.com [ C:\DOCUMENTS AND SETTINGS\ZACHARY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediafire.com [ C:\DOCUMENTS AND SETTINGS\ZACHARY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediafire.com [ C:\DOCUMENTS AND SETTINGS\ZACHARY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\ZACHARY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.aim4media.com [ C:\DOCUMENTS AND SETTINGS\ZACHARY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.darchermedia.com [ C:\DOCUMENTS AND SETTINGS\ZACHARY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.darchermedia.com [ C:\DOCUMENTS AND SETTINGS\ZACHARY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.findyourarchitecturejob.com [ C:\DOCUMENTS AND SETTINGS\ZACHARY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.findyourarchitecturejob.com [ C:\DOCUMENTS AND SETTINGS\ZACHARY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.eyeviewads.com [ C:\DOCUMENTS AND SETTINGS\ZACHARY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c.darchermedia.com [ C:\DOCUMENTS AND SETTINGS\ZACHARY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c.darchermedia.com [ C:\DOCUMENTS AND SETTINGS\ZACHARY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c.darchermedia.com [ C:\DOCUMENTS AND SETTINGS\ZACHARY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.www2.findyourarchitecturejob.com [ C:\DOCUMENTS AND SETTINGS\ZACHARY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.www2.findyourarchitecturejob.com [ C:\DOCUMENTS AND SETTINGS\ZACHARY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.www2.findyourarchitecturejob.com [ C:\DOCUMENTS AND SETTINGS\ZACHARY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\DOCUMENTS AND SETTINGS\ZACHARY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.saymedia.com [ C:\DOCUMENTS AND SETTINGS\ZACHARY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.saymedia.com [ C:\DOCUMENTS AND SETTINGS\ZACHARY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.saymedia.com [ C:\DOCUMENTS AND SETTINGS\ZACHARY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
demandmedia.trc.taboola.com [ C:\DOCUMENTS AND SETTINGS\ZACHARY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
demandmedia.trc.taboola.com [ C:\DOCUMENTS AND SETTINGS\ZACHARY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
demandmedia.trc.taboola.com [ C:\DOCUMENTS AND SETTINGS\ZACHARY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
demandmedia.trc.taboola.com [ C:\DOCUMENTS AND SETTINGS\ZACHARY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediafire.com [ C:\DOCUMENTS AND SETTINGS\ZACHARY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediafire.com [ C:\DOCUMENTS AND SETTINGS\ZACHARY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\ZACHARY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\ZACHARY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\ZACHARY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.click.fastdld.com [ C:\DOCUMENTS AND SETTINGS\ZACHARY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.click.fastdld.com [ C:\DOCUMENTS AND SETTINGS\ZACHARY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pro-market.net [ C:\DOCUMENTS AND SETTINGS\ZACHARY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.saymedia.com [ C:\DOCUMENTS AND SETTINGS\ZACHARY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.saymedia.com [ C:\DOCUMENTS AND SETTINGS\ZACHARY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
dc.tremormedia.com [ C:\DOCUMENTS AND SETTINGS\ZACHARY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\ZACHARY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\ZACHARY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\DOCUMENTS AND SETTINGS\ZACHARY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.amazon-adsystem.com [ C:\DOCUMENTS AND SETTINGS\ZACHARY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.amazon-adsystem.com [ C:\DOCUMENTS AND SETTINGS\ZACHARY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
sv.liveclicker.net [ C:\DOCUMENTS AND SETTINGS\ZACHARY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adform.net [ C:\DOCUMENTS AND SETTINGS\ZACHARY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lucidmedia.com [ C:\DOCUMENTS AND SETTINGS\ZACHARY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\DOCUMENTS AND SETTINGS\ZACHARY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\DOCUMENTS AND SETTINGS\ZACHARY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.traveladvertising.com [ C:\DOCUMENTS AND SETTINGS\ZACHARY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.traveladvertising.com [ C:\DOCUMENTS AND SETTINGS\ZACHARY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clickfuse.com [ C:\DOCUMENTS AND SETTINGS\ZACHARY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clickfuse.com [ C:\DOCUMENTS AND SETTINGS\ZACHARY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lfstmedia.com [ C:\DOCUMENTS AND SETTINGS\ZACHARY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lfstmedia.com [ C:\DOCUMENTS AND SETTINGS\ZACHARY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
account.minecraft.net [ C:\DOCUMENTS AND SETTINGS\ZACHARY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
account.minecraft.net [ C:\DOCUMENTS AND SETTINGS\ZACHARY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 
Trojan.Agent/Gen-Nullo[short]
C:\SYSTEM VOLUME INFORMATION\_RESTORE{0104525F-2A09-429F-BCEE-D366B2F80311}\RP24\A0008417.EXE
 
 
Should I be concerned that the trojan was found in a system volume restore directory and not in an active directory?  I verified the file was deleted.
 
Thank you for your time and assistance,
Wanda

 

Share this post


Link to post
Share on other sites

Hi Wanda,

 

Why did you leave it so long if you were worried?

 

Also does it still show up at all with the latest definitions?

 

The reason I ask is because that file path when things like this get in it can create issues with restoring a system to a certain date. it could've been a FP but as it 's XP and you also found some PUP's on the system it's likely to be a legit threat.

 

If it however no longer shows up after scanning with the latest definitions then you may well be relieved as it would appear to have been removed successfully.

 

p.s.

 

You should know that XP's life is coming to an end shortly April 14th so help for such a OS will start to drop rapidly some AV's will carry on working with on them untill a certain date (they all differ) but as for Anti-Spyware programs I don't know when they will officially vacate support. Just an FYI ;)

Share this post


Link to post
Share on other sites

Windows moves certain files into the "System Volume Information". So, a copy of the infection is likely there and you should allow SUPERAntiSpyware to remove it. It is not being run from that location but could return if you do a system restore at a later point.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×