Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Horse Agent.aaby And Agent.aacl


  • Please log in to reply
7 replies to this topic

#1 HealthyKitchenware

HealthyKitchenware

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:51 PM

Posted 24 August 2008 - 02:08 PM

Hello,

I am new to the forum and just learning my way around. What a great resource! Thanks.

I am running AVG, and it informs me (threat detected!) that I have some trojan horses:
tojan horse agent.AABY and trojan horse agent.AACL

I have tried to heal the files to no avail. I have tried deleting the files and nothing.

I downloaded and ran Malwarebytes Anti-Malware and it found 6 affected files which I deleted, and I am still getting the message from AVG...

I appreciate your help!

-Cynthia

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,281 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:51 PM

Posted 24 August 2008 - 05:04 PM

Did AVG provide a specific file name associated with this malware threat and if so, where is it located (full file path) at on your system?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 HealthyKitchenware

HealthyKitchenware
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:51 PM

Posted 25 August 2008 - 09:14 AM

The files it mentions is

c:\Documents and Settings\HP_Administrator\ApplicationData|MBSMacOSXPlugin1635.dll

It sounds like this thread:

http://www.bleepingcomputer.com/forums/t/164663/mbsmacosxplugin1635dll/

Edited by HealthyKitchenware, 25 August 2008 - 09:17 AM.


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,281 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:51 PM

Posted 25 August 2008 - 09:30 AM

And as I wrote in that thread:

Across all ThreatExpert reports, the file "mbsmacosxplugin1635.dll" has never been identified as a threat.

http://www.threatexpert.com/files/mbsmacos...in1635.dll.html

If you suspect a file to be a false positive. Test the file at [virusscan.jotti.org] and if it is a false positive, archive (zip, arc, tar etc) the file using a password and email a copy to virus@grisoft.com with a brief description as well as the password you used to archive it with.

If it is a false positive, turn off heuristic scanning for the time being. When Grisoft adjusts the virus definitions you can turn it back on. If turning off Heuristics still doesn't allow access to the file while testing and emailing... disable the resident shield temporarily.

AVG forum.grisoft: instructions for suspected FP's

Go to jotti's virusscan as instructed. In the "File to upload & scan" box, browse to the location of the suspicious file(s) and submit (upload) it for scanning/analysis. Then follow AVG's instructions for sending the file to them.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 HealthyKitchenware

HealthyKitchenware
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:51 PM

Posted 25 August 2008 - 09:53 AM

I can't actually find the file!

The path stops at HP_administrator. I can't find ApplicationData...

c:\Documents and Settings\HP_Administrator\ApplicationData\MBSMacOSXPlugin1635.dll

#6 normzone

normzone

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:51 PM

Posted 27 August 2008 - 10:42 PM

I'm in a similar situation - AVG keeps telling me that:

MBSMacOSXPlugin1635.dll
Trojan horse Agent AABY

MBSEncryptPlugin1636.dll
Trojan horse Agent AACA

are detected at open.

Then I get popups asking if I want to neutralize or ignore the threat

I click neutralize (or whatever the verb is they use) and the message tells me they can't do anything about it. Googling the .dll file only finds assurances that it's not a threat.

What the hell is going on ? Is the AVG software ineffective, or out of date (latest version downloaded), or is it recognizing some lame microsoft interface as an invader?

Is this thing on? :-)

#7 Northern Witch

Northern Witch

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:51 PM

Posted 03 September 2008 - 08:44 PM

I have exactly the same problem. Has anyone found a direct solution? Topic 164663 is confusing.

Please help,
the Northern Witch

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,281 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:51 PM

Posted 04 September 2008 - 07:56 AM

Welcome to BC

If you have an issue or problem you would like to discuss, please start your own topic. Doing that will help to avoid the confusion that often occurs when trying to help two or more members at the same time in the same thread. Even if your problem is similar to the original poster's problem, the solution could be different based on the kind of hardware, software, system requirements, etc. you are using and the presence of other malware. Further, posting for assistance in someone else's topic is not considered proper forum etiquette.

Thanks for your cooperation.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users