Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Agent/Gen-MSFake


  • Please log in to reply
7 replies to this topic

#1 fgeelo

fgeelo

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 08 October 2010 - 08:29 PM

I did a scan with Super Anti Spyware today and it came up with this item: Trojan.Agent/Gen-MSFake.Process. The file itself is called: "C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V.1.14322\NETFXUPDATE.EXE" Before I did this scan, when I booted up my computer last night, I did have some strange activity such as my minimised taskbar icons dissapearing and some programs not working, but this was fixed after a Log out and Shut down of my PC so I've no clue if it's related. I am unsure if this is a false positive or not. I keep a very clean computer and out of all the virus scans I regularly do , this is the first time I've seen this. I am using Windows 7 64-Bit and the latest version of SAS. No other virus/malware scanner is detecting this as a threat. Thanks for your help.

Edited by fgeelo, 09 October 2010 - 05:41 AM.


BC AdBot (Login to Remove)

 


#2 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:05:40 PM

Posted 09 October 2010 - 05:52 AM

Hi

Please visit the online Jotti Virus Scanner Posted Image<--link
  • Copy and paste the following filepath in the box:


    C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V.1.14322\NETFXUPDATE.EXE

  • Click on the Posted Image button.
    The scanner will check the file with various AV companies.
  • Copy and paste the results box into a reply to this thread.

Edited by DaChew, 09 October 2010 - 05:53 AM.

Chewy

No. Try not. Do... or do not. There is no try.

#3 fgeelo

fgeelo
  • Topic Starter

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 09 October 2010 - 07:58 AM

Thanks so much for your reply.

The results can be seen in this image here: http://img715.imageshack.us/img715/5204/jotc.jpg

Not quite sure what it means by "This file has been scanned before." Is it showing me results that other people have gotten? If so, couldn't this be a problem if, say the program I have is imitating the same name but is really a different file to what has been scanned before?

I'll take a guess and say that it's a false positive. That being said, is it normal for this kind of thing to happen straight after updating to a new version of SAS? I had just scanned the other day with no problems, and today I updated it and it found that file.

If you have any other comments, suggestions, I am open to anything. Thankyou again for your help. I would be absolutely lost without the help of you guys. :thumbsup:

Edited by fgeelo, 09 October 2010 - 08:06 AM.


#4 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:05:40 PM

Posted 09 October 2010 - 09:22 AM

That usually means the file has been detected by a lot of others recently and is a false positive, SAS's new def's have a mistake, you seem to be right on top of it.

Jotti takes a good look at/does an analysis of the file, not just the name.
Chewy

No. Try not. Do... or do not. There is no try.

#5 fgeelo

fgeelo
  • Topic Starter

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 09 October 2010 - 08:05 PM

Cool, thanks. Is it safe to remove the file, anyway? It seems like there's a bunch of versions of .NET just sitting there, and this one seems like one of the older ones.

Thanks for your help.

#6 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:05:40 PM

Posted 09 October 2010 - 08:15 PM

I wouldn't remove it, net versions are cumulative, newer ones do not replace older ones

Some older apps might need it?
Chewy

No. Try not. Do... or do not. There is no try.

#7 fgeelo

fgeelo
  • Topic Starter

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 09 October 2010 - 08:50 PM

If I was to remove it - just to be safe, I'm sure nothing would break? And if so, I'd imagine it would rectify itself? Or should I *really* not tamper with it?

Thanks for your help

#8 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:05:40 PM

Posted 09 October 2010 - 09:27 PM

http://en.wikipedia.org/wiki/.NET_Framework

I would leave it alone myself
Chewy

No. Try not. Do... or do not. There is no try.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users