Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Avira Antivir flags "TR/2ndThought.AA.2 [trojan]"


  • Please log in to reply
2 replies to this topic

#1 allbread

allbread

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:22 PM

Posted 10 May 2010 - 10:31 PM

Virus or unwanted program 'TR/2ndThought.AA.2 [trojan]'
detected in file 'C:\WINDOWS\Temp\CB228.tmp.

This happens a couple times a day - usually there are three subsequent detections and then nothing for a couple hours.I use this box essentially as a media server and it has some DVR recording hardware/software installed as well (BeyondTV, DaemonTools, Slysoft AnyDVD etc).

What worries me most is that the file generated always has a different hex-based name and on occasion has been a .exe (in C:\WINDOWS\Temp\CB228.exe for example)...

I have run hijackthis and have captured the following logfile:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:13:17 PM, on 5/10/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\PROGRA~1\MRAID\ArcHTTP\ARCHTT~1.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Vidalia Bundle\Tor\tor.exe
C:\Program Files\Vidalia Bundle\Polipo\polipo.exe
C:\Program Files\MRAID\ArcHTTP\ArcHttpSrvGUI.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\SnapStream Media\Beyond TV\BTVAgent2.exe
C:\Program Files\SnapStream Media\Beyond TV\BTVSettingsService.exe
C:\Program Files\SnapStream Media\Beyond TV\BTVTaskManagerService.exe
C:\Program Files\SnapStream Media\Beyond TV\BTVNetworkService.exe
C:\Program Files\SnapStream Media\Beyond TV\BTVSchedulerService.exe
C:\Program Files\SnapStream Media\Beyond TV\BTVRecordingEngine.exe
C:\Program Files\SnapStream Media\Beyond TV\BTVRecordingEngine.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\SnapStream Media\Beyond TV\BTVRecordingEngine.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

EDITED HJT log~~boopme
Any advice would be much appreciated.

Thanks!

Edited by boopme, 10 May 2010 - 10:55 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,566 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:22 PM

Posted 10 May 2010 - 10:54 PM

Hello are you are running Comodo Firewall and antivirus and Avira antivirus. I am suspecting a conflict and False Positives. I suggest you uninstall the Comodo A/v portion,retaining the firewall.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 allbread

allbread
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:22 PM

Posted 11 May 2010 - 02:24 PM

I do have Comodo installed - I will remove the A/V and see if this remedies the issue.

Thanks!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users