BleepingComputer.com: trojan horse generic3_c.BSMA

I was running Malware Bites (zero infections detected by the way) and twice AVG found this virus: trojan horse generic3_c.BSMA

Google Search rendered nothing and the viruses were moved to AVG's vault but I was wondering if there was anything else I could do to find these viruses/get rid of them.

Did your anti-virus/anti-spyware scanner provide a log or a specific file(s) name associated with the malware threat(s) detected and if so, where are they located (full file path) at on your system?

Each security vendor uses their own naming conventions to identify various types of malware so it's difficult to determine exactly what has been detected or the nature of the threat without knowing more information about the actually file(s) involved. Names with Generic or Patched are a very broad category. See Understanding virus names.

Try doing an online scan to see if it finds anything else that the other scans may have missed.

Please perform a scan with Eset Online Anti-virus Scanner.

• If using Mozilla Firefox, you will be prompted to download and use the ESET Smart Installer. Just double-click on esetsmartinstaller_enu.exe to install.
  
• Vista/Windows 7 users need to run Internet Explorer/Firefox as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.[/color][/i]

• Click the green button.
  
• Read the End User License Agreement and check the box:
• Check .
  
• Click the button.
  
• Accept any security warnings from your browser and allow the download/installation of any require files.
  
• Under scan settings, check and make sure that the option Remove found threats is NOT checked.
  
• Click Advanced settings and select the following:
  • Scan potentially unwanted applications
    
  • Scan for potentially unsafe applications
    
  • Enable Anti-Stealth technology
  
  
• Click the Start button.
  
• ESET will install itself, download virus signature database updates, and begin scanning your computer.
  
• The scan will take a while so be patient and do NOT use the computer while the scan is running. Keep all other programs and windows closed.
  
• When the scan completes, push
  
• Push , and save the file to your desktop as ESETScan.txt.
  
• Push the button, then Finish.
  
• Copy and paste the contents of ESETScan.txt in your next reply. If no threats are found, there is no option to create a log.

quietman7, on 13 May 2011 - 07:24 AM, said:

Here's the locations of the "trojan horse generic3_c.BSMA" in AVG:
c:\Program files\Alice Greenfingers 2\AliceGreenfingers2.exe
c:\System Volume Information\_restore{D7BD54B8-C977-4903-8CE7-9415B851EC71}\RP313|A0052633.exe

And here are ESET's results:
C:\Documents and Settings\HP_Administrator\Desktop\Tech\Antivirus Stuff\Antivirus_Soft_Removal_Tool.zip -- Win32/Adware.AntimalwareDoctor.AG application
C:\Documents and Settings\HP_Administrator\My Documents\download\MichelleTheGoth\Magic Ball 2 New Worlds setup.exe -- Win32/TrojanDownloader.Agent.OGQ trojan
C:\Program Files\Turtle Odyssey 3-in-1\Ozzy Bubbles\OzzyBubbles.exe -- probably a variant of Win32/Agent.BWYHVUL trojan
C:\Program Files\Turtle Odyssey 3-in-1\Ozzy Bubbles\OzzyBubbles.exe.BAK -- probably a variant of Win32/Agent.BWYIPTK trojan

Now what do I do?

This post has been edited by NoirRaven: 14 May 2011 - 10:33 AM

So this is what AVG keeps detecting?

Quote

Is AVG not taking any action to move it into quarantine?

quietman7, on 14 May 2011 - 04:12 PM, said:

Yes

quietman7, on 14 May 2011 - 04:12 PM, said:

I've already answered that question.

NoirRaven, on 12 May 2011 - 07:05 PM, said:

My question now is, "Am I really safe?" and apparently, the answer's no. AVG only detected the viruses when Anti-Malware Byte's scanned the program but it's never detected these NEW viruses that ESET found. Would uninstalling these games get rid of the viruses?

Quote

What I was attempting to determine was AVG not taking action on subsequent scans to remove AliceGreenfingers2.exe. That file is not typical of one we see which might return as a result of being protected by other malware such as a rootkit.

Get a second opinion. Go to one of the following online services that analyzes suspicious files:

• Jotti's virusscan
  
• VirusTotal
  
• VirSCAN

In the "File to upload & scan" box, browse to the location of AliceGreenfingers2.exe and submit (upload) it for scanning/analysis. Do not run any other scans while doing that.
-- Post back with the results of the file analysis.

Don't worry about the A0052633.exe file for now. Its in the System Volume Information folder and not a factor unless you use System Restore. If AliceGreenfingers2.exe is confirmed as malware by Jotti, we can deal with that separately.

BTW, when an anti-virus or security program quarantines a file and moves it into a virus vault (chest) or a dedicated Quarantine folder, that file is safely held there and no longer a threat. The file is essentially disabled and prevented from causing any harm to your system through proprietary security routines which may copy, rename, encrypt and password protect the file as part of the moving process. Quarantine is just an added safety measure which allows you to view and investigate the files while keeping them from harming your computer. When the quarantined file is known to be malicious, you can delete it at any time by launching the program which removed it, going to the Quarantine tab, and choosing the option to delete.

Quote

No single product is 100% foolproof and can prevent, detect and remove all threats at any given time. Submit each of them to Jotti for a second opinion too.

If they are confirmed as malicious, rerun Eset Online Anti-virus Scanner again, but this time under scan settings, be sure to check the option to Remove found threats. Save the log as before and copy and paste the contents in your next reply.

quietman7, on 15 May 2011 - 06:49 AM, said:

Yeah well, now I have a problem. Because AVG moved the AliceGreenfingers2.exe in to the vault, all short cuts/file destinations are broken. I took it out of the virus vault and now Jotti is saying "no file uploaded", even though everything was restored and my AVG keeps going off, asking to put the game back in quarantine.
This keeps happening with the other virus scanners you linked as well.

Here's the results from the others.
Magic Ball 2 New Worlds setup.exe
Status: Scan finished. 4 out of 20 scanners reported malware.

Filename: OzzyBubbles.exe
Status: Scan finished. 3 out of 21 scanners reported malware.
Scan taken on: Sat 12 Dec 2009 20:53:48 (CET)

Filename: gjgdhjgfj (aka: OzzyBubbles.exe.BAK)
Status: Scan finished. 4 out of 19 scanners reported malware.
Scan taken on: Thu 21 Oct 2010 19:50:26 (CET)

I tried having it scan these two files again but Jotti's in the red and frankly, I'm convinced.

As for AliceGreenFingers... I'm going to run the uninstaller rather than let ESET take care of it. Mainly because I've had major computer problems trying it the other way around. I will scan with ESET after I'm done uninstalling these games and post the results asap.

This post has been edited by NoirRaven: 15 May 2011 - 01:01 PM

Ok.