Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spyware Terminator Detected My File C:\orant\bin\onrsd80.exe Infected With Trojan.generic.394789?


  • Please log in to reply
3 replies to this topic

#1 KenZYI

KenZYI

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:41 AM

Posted 25 August 2008 - 01:34 AM

Hi,

Please kindly assist me.
Few days ago, my Spyware Terminator suddenly alerted me that my file C:\orant\BIN\ONRSD80.EXE has been detected with Trojan.Generic.394789 during its daily routine scan.
However, my Symantec AntiVirus with the latest definition file did not pick up anything at all despite repeat scans.
I tried to uninstall completely Spyware Terminator, and re-downloaded the version, upon reinstallation, it still detected my C:\orant\BIN\ONRSD80.EXE been infected with the same Trojan.Generic.394789
Out of desperate, I chose to install both Malwarebytes' AntiMalware and Trojan Remover, however none of them pick up any positive result same as Spyware Terminator.
I do not know which one is the reliable result.
Can someone please kindly advise?
Thank you very much.
I also have HijackThis in my PC.
FYI, my PC is running on Win XPSP2, IE6, have Oracle 8 installed. Nothing has been done lately nor new installation before the detection.
Thank you,
Ken

BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,577 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:41 AM

Posted 25 August 2008 - 01:42 AM

Upload the file at Jotti for analysis.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 Galadriel

Galadriel

    Bleepin Elf


  • Malware Response Team
  • 2,753 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Missouri, USA
  • Local time:10:41 AM

Posted 25 August 2008 - 03:03 AM

Chances are it's a false positive.

http://www.systemlookup.com/O23/2285-ONRSD80_EXE.html

It's part of Oracle.


Few days ago, my Spyware Terminator suddenly alerted me that my file C:\orant\BIN\ONRSD80.EXE has been detected with Trojan.Generic.394789 during its daily routine scan.


The "generic" part of the name indicates it is a heuristics-based detection. In other words, by behaviour or signature. Heuristic definitions are often done to identify new types/variants of malware. In this case, it's likely a false positive. Using heuristics has its down side. This is it. Always double check the results when using heuristics. Jotti is good for that as Budapest pointed out. But with a basic search of the folder, all results come up as Oracle.
I cemna prestar aen. Han mathon ne nen. Han mathon ne chae. A han noston ne 'wilith. - Galadriel
'The avatar is changed; I can feel it in the water, I can feel it in the earth, I can smell it in the air.'

Phear teh ceiling cat, for he is roofkittehd! - Basement Cat

I'm a Bleeping Folder, are you? - Join BC in the fight against diseases - Click here
Become a BleepingComputer fan: Facebook

#4 KenZYI

KenZYI
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:41 AM

Posted 25 August 2008 - 04:08 AM

Thank you very much for the advise and help, Budapest and Galadriel.

I have uploaded the file to Jotti for analysis, and the result shows only Ikarus found Trojan.Generic whereas the rest found nothing.
How safe can I say for my PC now?
What may cause the Spyware Terminator suddenly found the Trojan in my file C:\orant\BIN\ONRSD80.EXE, there has been no changes made on neither my PC nor Spyware Terminator?
It suddenly scared me up because of this unexpected event.
I don't even dare to connect to any online activities like online transactions for this time now.

Ken




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users