Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help! Trojan.agent Found By Mbam


  • Please log in to reply
4 replies to this topic

#1 PapaPixels

PapaPixels

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:24 AM

Posted 29 August 2008 - 12:32 PM

Hello, today i ran a quick scan with MBAM as i do regularly. For some strange reason, it detected Trojan.Agent in C:\WINDOWS\PIF. I do not know how this infection arose, as I have ran scans yesterday with nothing detected. I have not done anything that i was not familiar with or downloaded anything new. Could this be a false positive? If it is not, what is this trojan? I will post the MBAM log here. It is currently in the quarantine. Should i delete it from quarantine? Thank you bleepingcomputer!

Malwarebytes' Anti-Malware 1.25
Database version: 1095
Windows 5.1.2600 Service Pack 3

12:10:38 PM 8/29/2008
mbam-log-08-29-2008 (12-10-38).txt

Scan type: Quick Scan
Objects scanned: 50773
Time elapsed: 4 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\WINDOWS\PIF (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
(No malicious items detected)

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,087 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:24 AM

Posted 29 August 2008 - 01:27 PM

Get a second opinion. Go to jotti's virusscan or virustotal.com. In the "File to upload & scan" box, browse to the location of the suspicious file(s) and submit (upload) it for scanning/analysis.
-- Post back with the results of the file analysis.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 PapaPixels

PapaPixels
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:24 AM

Posted 29 August 2008 - 02:33 PM

When i go to the location, the file is not there anymore. Could it be hidden? Can i scan it in the MBAM quarantine instead

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,087 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:24 AM

Posted 29 August 2008 - 02:40 PM

If its already in MBAM's quarantine, you should report the detection to Malwarebytes' Anti-Malware Support > False Positives.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 PapaPixels

PapaPixels
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:24 AM

Posted 29 August 2008 - 03:13 PM

Thanks for the FAST reply. Why should i submit it though? I'm not sure if it was a false positive. I will look at the link regardless. If i want to scan this, is there any way of doing so without undoing the quarantine




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users