Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

trojan horse generic3_c.BSMA


  • Please log in to reply
7 replies to this topic

#1 NoirRaven

NoirRaven

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:52 AM

Posted 12 May 2011 - 07:05 PM

I was running Malware Bites (zero infections detected by the way) and twice AVG found this virus: trojan horse generic3_c.BSMA

Google Search rendered nothing and the viruses were moved to AVG's vault but I was wondering if there was anything else I could do to find these viruses/get rid of them.

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:52 AM

Posted 13 May 2011 - 07:24 AM

Did your anti-virus/anti-spyware scanner provide a log or a specific file(s) name associated with the malware threat(s) detected and if so, where are they located (full file path) at on your system?

Each security vendor uses their own naming conventions to identify various types of malware so it's difficult to determine exactly what has been detected or the nature of the threat without knowing more information about the actually file(s) involved. Names with Generic or Patched are a very broad category. See Understanding virus names.

Try doing an online scan to see if it finds anything else that the other scans may have missed.

Please perform a scan with Eset Online Anti-virus Scanner.
  • If using Mozilla Firefox, you will be prompted to download and use the ESET Smart Installer. Just double-click on esetsmartinstaller_enu.exe to install.
  • Vista/Windows 7 users need to run Internet Explorer/Firefox as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.[/color][/i]
  • Click the green Posted Image button.
  • Read the End User License Agreement and check the box:
  • Check Posted Image.
  • Click the Posted Image button.
  • Accept any security warnings from your browser and allow the download/installation of any require files.
  • Under scan settings, check Posted Image and make sure that the option Remove found threats is NOT checked.
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click the Start button.
  • ESET will install itself, download virus signature database updates, and begin scanning your computer.
  • The scan will take a while so be patient and do NOT use the computer while the scan is running. Keep all other programs and windows closed.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop as ESETScan.txt.
  • Push the Posted Image button, then Finish.
  • Copy and paste the contents of ESETScan.txt in your next reply. If no threats are found, there is no option to create a log.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 NoirRaven

NoirRaven
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:52 AM

Posted 14 May 2011 - 10:31 AM

Did your anti-virus/anti-spyware scanner provide a log or a specific file(s) name associated with the malware threat(s) detected and if so, where are they located (full file path) at on your system?

Here's the locations of the "trojan horse generic3_c.BSMA" in AVG:
c:\Program files\Alice Greenfingers 2\AliceGreenfingers2.exe
c:\System Volume Information\_restore{D7BD54B8-C977-4903-8CE7-9415B851EC71}\RP313|A0052633.exe


And here are ESET's results:
C:\Documents and Settings\HP_Administrator\Desktop\Tech\Antivirus Stuff\Antivirus_Soft_Removal_Tool.zip -- Win32/Adware.AntimalwareDoctor.AG application
C:\Documents and Settings\HP_Administrator\My Documents\download\MichelleTheGoth\Magic Ball 2 New Worlds setup.exe -- Win32/TrojanDownloader.Agent.OGQ trojan
C:\Program Files\Turtle Odyssey 3-in-1\Ozzy Bubbles\OzzyBubbles.exe -- probably a variant of Win32/Agent.BWYHVUL trojan
C:\Program Files\Turtle Odyssey 3-in-1\Ozzy Bubbles\OzzyBubbles.exe.BAK -- probably a variant of Win32/Agent.BWYIPTK trojan


Now what do I do?

Edited by NoirRaven, 14 May 2011 - 10:33 AM.


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:52 AM

Posted 14 May 2011 - 04:12 PM

So this is what AVG keeps detecting?

c:\Program files\Alice Greenfingers 2\AliceGreenfingers2.exe
c:\System Volume Information\_restore{D7BD54B8-C977-4903-8CE7-9415B851EC71}\RP313|A0052633.exe

Is AVG not taking any action to move it into quarantine?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 NoirRaven

NoirRaven
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:52 AM

Posted 15 May 2011 - 01:29 AM

So this is what AVG keeps detecting?

c:\Program files\Alice Greenfingers 2\AliceGreenfingers2.exe
c:\System Volume Information\_restore{D7BD54B8-C977-4903-8CE7-9415B851EC71}\RP313|A0052633.exe

Yes


Is AVG not taking any action to move it into quarantine?

I've already answered that question.

Google Search rendered nothing and the viruses were moved to AVG's vault but I was wondering if there was anything else I could do to find these viruses/get rid of them.


My question now is, "Am I really safe?" and apparently, the answer's no. AVG only detected the viruses when Anti-Malware Byte's scanned the program but it's never detected these NEW viruses that ESET found. Would uninstalling these games get rid of the viruses?

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:52 AM

Posted 15 May 2011 - 06:49 AM

Is AVG not taking any action to move it into quarantine?

What I was attempting to determine was AVG not taking action on subsequent scans to remove AliceGreenfingers2.exe. That file is not typical of one we see which might return as a result of being protected by other malware such as a rootkit.

Get a second opinion. Go to one of the following online services that analyzes suspicious files:In the "File to upload & scan" box, browse to the location of AliceGreenfingers2.exe and submit (upload) it for scanning/analysis. Do not run any other scans while doing that.
-- Post back with the results of the file analysis.

Don't worry about the A0052633.exe file for now. Its in the System Volume Information folder and not a factor unless you use System Restore. If AliceGreenfingers2.exe is confirmed as malware by Jotti, we can deal with that separately.

BTW, when an anti-virus or security program quarantines a file and moves it into a virus vault (chest) or a dedicated Quarantine folder, that file is safely held there and no longer a threat. The file is essentially disabled and prevented from causing any harm to your system through proprietary security routines which may copy, rename, encrypt and password protect the file as part of the moving process. Quarantine is just an added safety measure which allows you to view and investigate the files while keeping them from harming your computer. When the quarantined file is known to be malicious, you can delete it at any time by launching the program which removed it, going to the Quarantine tab, and choosing the option to delete.

AVG...never detected these NEW viruses that ESET found. Would uninstalling these games get rid of the viruses?

No single product is 100% foolproof and can prevent, detect and remove all threats at any given time. Submit each of them to Jotti for a second opinion too.

If they are confirmed as malicious, rerun Eset Online Anti-virus Scanner again, but this time under scan settings, be sure to check the option to Remove found threats. Save the log as before and copy and paste the contents in your next reply.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 NoirRaven

NoirRaven
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:52 AM

Posted 15 May 2011 - 01:00 PM

Is AVG not taking any action to move it into quarantine?

What I was attempting to determine was AVG not taking action on subsequent scans to remove AliceGreenfingers2.exe. That file is not typical of one we see which might return as a result of being protected by other malware such as a rootkit.

Get a second opinion. Go to one of the following online services that analyzes suspicious files:In the "File to upload & scan" box, browse to the location of AliceGreenfingers2.exe and submit (upload) it for scanning/analysis. Do not run any other scans while doing that.
-- Post back with the results of the file analysis.

Don't worry about the A0052633.exe file for now. Its in the System Volume Information folder and not a factor unless you use System Restore. If AliceGreenfingers2.exe is confirmed as malware by Jotti, we can deal with that separately.

BTW, when an anti-virus or security program quarantines a file and moves it into a virus vault (chest) or a dedicated Quarantine folder, that file is safely held there and no longer a threat. The file is essentially disabled and prevented from causing any harm to your system through proprietary security routines which may copy, rename, encrypt and password protect the file as part of the moving process. Quarantine is just an added safety measure which allows you to view and investigate the files while keeping them from harming your computer. When the quarantined file is known to be malicious, you can delete it at any time by launching the program which removed it, going to the Quarantine tab, and choosing the option to delete.

AVG...never detected these NEW viruses that ESET found. Would uninstalling these games get rid of the viruses?

No single product is 100% foolproof and can prevent, detect and remove all threats at any given time. Submit each of them to Jotti for a second opinion too.

If they are confirmed as malicious, rerun Eset Online Anti-virus Scanner again, but this time under scan settings, be sure to check the option to Remove found threats. Save the log as before and copy and paste the contents in your next reply.

Yeah well, now I have a problem. Because AVG moved the AliceGreenfingers2.exe in to the vault, all short cuts/file destinations are broken. I took it out of the virus vault and now Jotti is saying "no file uploaded", even though everything was restored and my AVG keeps going off, asking to put the game back in quarantine.
This keeps happening with the other virus scanners you linked as well.

Here's the results from the others.
Magic Ball 2 New Worlds setup.exe
Status: Scan finished. 4 out of 20 scanners reported malware.

Filename: OzzyBubbles.exe
Status: Scan finished. 3 out of 21 scanners reported malware.
Scan taken on: Sat 12 Dec 2009 20:53:48 (CET)

Filename: gjgdhjgfj (aka: OzzyBubbles.exe.BAK)
Status: Scan finished. 4 out of 19 scanners reported malware.
Scan taken on: Thu 21 Oct 2010 19:50:26 (CET)

I tried having it scan these two files again but Jotti's in the red and frankly, I'm convinced.

As for AliceGreenFingers... I'm going to run the uninstaller rather than let ESET take care of it. Mainly because I've had major computer problems trying it the other way around. I will scan with ESET after I'm done uninstalling these games and post the results asap.

Edited by NoirRaven, 15 May 2011 - 01:01 PM.


#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:52 AM

Posted 15 May 2011 - 03:28 PM

Ok.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users