Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

possible Trojan.Agent/Gen-Injector infection


  • Please log in to reply
1 reply to this topic

#1 superbob789

superbob789

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:54 AM

Posted 25 April 2012 - 10:55 AM

Hi, I am using Windows7 64-bit.
Yesterday,when I was running a SuperAntiSpyware scan, I discovered several Trojan.Agent/Gen-Injector infections on complete scan. My previous scan was two days previous, which did not detect anything other than tracking cookies. This computer is shared, but during this time, checking browsing history,it seems that use was minimal and only non-suspicious sites were accessed. After the scan, the infected files were quarantined by SuperAntiSpyware, where they remain. After this, I also did AVG and Malwarebytes full scans. Although AVG did not detect anything, Malwarebytes was stuck at around the hour mark in the scan (This had happened days previously before, but at the time, I didn't take much notice and the other scans did not pick anything up- I do not know if this is related to my central problem.)

After this,I uninstalled Malwarebytes and used mbam-clean.exe. I then reinstalled it, then restarted the computer on safe mode, after which I scanned the computer with AVG, SuperAntiSpyware and Malwarebytes. All scans completed successfully and did not pick anything up. After this, I restarted normally and then scanned a third time with all three scanners, which again, did not pick anything up.

Before, during and after these scans, including my SAS scan which picked up the "infected files", I did not notice anyhting wrong with my pc, and things have remained that way since after the scanning and quarantining.

Here are the files that SAS picked up:


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/25/2012 at 04:39 AM

Application Version : 5.0.1146

Core Rules Database Version : 8503
Trace Rules Database Version: 6315

Scan type : Complete Scan
Total Scan Time : 01:07:51

Operating System Information
Windows 7 Ultimate 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned : 602
Memory threats detected : 0
Registry items scanned : 66523
Registry threats detected : 0
File items scanned : 154592
File threats detected : 46

Trojan.Agent/Gen-Injector
E:\DOWNLOADS\ASUS - N4A87TD_USB3\ASUS_TURBOVEVOV_XPVISTAWIN7\TURBOVEVO\IO\ASIOINS.EXE
C:\PROGRAM FILES (X86)\SMARTSOUND SOFTWARE\QUICKTRACKS\UNICOWS.DLL
C:\PROGRAM FILES (X86)\ULEAD SYSTEMS\ULEAD VIDEOSTUDIO 9.0 SE\DDR21\INSTSYS.EXE
C:\WINDOWS\INSTALLER\{29D851C2-048C-4B5E-8D1F-25D473342BB5}\NEWSHORTCUT17_27BC537B086D42E19CB39D115FA043BF_1.PDF
C:\WINDOWS\INSTALLER\{29D851C2-048C-4B5E-8D1F-25D473342BB5}\NEWSHORTCUT19_27BC537B086D42E19CB39D115FA043BF_1.PDF
C:\WINDOWS\INSTALLER\{29D851C2-048C-4B5E-8D1F-25D473342BB5}\NEWSHORTCUT18_27BC537B086D42E19CB39D115FA043BF_1.PDF
C:\WINDOWS\INSTALLER\{29D851C2-048C-4B5E-8D1F-25D473342BB5}\NEWSHORTCUT12_27BC537B086D42E19CB39D115FA043BF_1.PDF
C:\WINDOWS\INSTALLER\{29D851C2-048C-4B5E-8D1F-25D473342BB5}\NEWSHORTCUT13_27BC537B086D42E19CB39D115FA043BF_1.PDF
C:\WINDOWS\INSTALLER\{29D851C2-048C-4B5E-8D1F-25D473342BB5}\NEWSHORTCUT14_27BC537B086D42E19CB39D115FA043BF.EXE
C:\WINDOWS\INSTALLER\{29D851C2-048C-4B5E-8D1F-25D473342BB5}\NEWSHORTCUT15_27BC537B086D42E19CB39D115FA043BF.EXE
C:\WINDOWS\INSTALLER\{29D851C2-048C-4B5E-8D1F-25D473342BB5}\NEWSHORTCUT16_27BC537B086D42E19CB39D115FA043BF_1.PDF
C:\WINDOWS\INSTALLER\{29D851C2-048C-4B5E-8D1F-25D473342BB5}\_05889BD9_A033_43B1_A004_42D207E6469E
C:\WINDOWS\INSTALLER\{29D851C2-048C-4B5E-8D1F-25D473342BB5}\_7D8B90FC_26C4_47BC_BD44_82AF4DCE0C22
C:\WINDOWS\INSTALLER\{29D851C2-048C-4B5E-8D1F-25D473342BB5}\_899BB9A8_C92B_4373_98C4_10E8AB297DCA_4
C:\WINDOWS\INSTALLER\{29D851C2-048C-4B5E-8D1F-25D473342BB5}\_899BB9A8_C92B_4373_98C4_10E8AB297DCA_5
C:\WINDOWS\INSTALLER\{29D851C2-048C-4B5E-8D1F-25D473342BB5}\_C052D721_7FE1_11D3_8015_00A0C98D3E7F_4
C:\WINDOWS\INSTALLER\{29D851C2-048C-4B5E-8D1F-25D473342BB5}\_C052D721_7FE1_11D3_8015_00A0C98D3E7F_5
C:\WINDOWS\INSTALLER\{5BDA2F58-1F21-4D10-9910-92B01EBCC958}\ARPPRODUCTICON.EXE
C:\WINDOWS\SYSWOW64\UNICOWS.DLL

Adware.Tracking Cookie
C:\USERS\DY\AppData\Roaming\Microsoft\Windows\Cookies\Low\FBIW3WPA.txt [ Cookie:dy@yieldmanager.net/ ]
C:\USERS\DY\AppData\Roaming\Microsoft\Windows\Cookies\Low\TO8TDGIC.txt [ Cookie:dy@zedo.com/ ]
C:\USERS\DY\AppData\Roaming\Microsoft\Windows\Cookies\Low\PW4GUZD9.txt [ Cookie:dy@invitemedia.com/ ]
C:\USERS\DY\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZGOD6GOF.txt [ Cookie:dy@serving-sys.com/ ]
C:\USERS\DY\AppData\Roaming\Microsoft\Windows\Cookies\Low\ICYG539M.txt [ Cookie:dy@ad.yieldmanager.com/ ]
C:\USERS\DY\AppData\Roaming\Microsoft\Windows\Cookies\Low\UYTCH9HS.txt [ Cookie:dy@tribalfusion.com/ ]
C:\USERS\DY\AppData\Roaming\Microsoft\Windows\Cookies\Low\I4MZU9LK.txt [ Cookie:dy@fastclick.net/ ]
C:\USERS\DY\AppData\Roaming\Microsoft\Windows\Cookies\Low\EES9BLWA.txt [ Cookie:dy@imrworldwide.com/cgi-bin ]
C:\USERS\DY\AppData\Roaming\Microsoft\Windows\Cookies\Low\2R79SLWC.txt [ Cookie:dy@apmebf.com/ ]
C:\USERS\DY\AppData\Roaming\Microsoft\Windows\Cookies\Low\TRX5S66H.txt [ Cookie:dy@advertising.com/ ]
C:\USERS\DY\AppData\Roaming\Microsoft\Windows\Cookies\Low\6YQ6KBJ8.txt [ Cookie:dy@collective-media.net/ ]
C:\USERS\DY\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z471Z8MT.txt [ Cookie:dy@specificclick.net/ ]
C:\USERS\DY\AppData\Roaming\Microsoft\Windows\Cookies\Low\M4JIK73W.txt [ Cookie:dy@casalemedia.com/ ]
C:\USERS\DY\AppData\Roaming\Microsoft\Windows\Cookies\Low\UDJS58DX.txt [ Cookie:dy@doubleclick.net/ ]
C:\USERS\DY\AppData\Roaming\Microsoft\Windows\Cookies\Low\1FY5R063.txt [ Cookie:dy@legolas-media.com/ ]
C:\USERS\DY\AppData\Roaming\Microsoft\Windows\Cookies\Low\6FQCUXVW.txt [ Cookie:dy@bs.serving-sys.com/ ]
C:\USERS\DY\AppData\Roaming\Microsoft\Windows\Cookies\Low\GUSS35F8.txt [ Cookie:dy@ads.pointroll.com/ ]
C:\USERS\DY\AppData\Roaming\Microsoft\Windows\Cookies\Low\547PR2ES.txt [ Cookie:dy@revsci.net/ ]
C:\USERS\DY\AppData\Roaming\Microsoft\Windows\Cookies\Low\OL4ZCVBT.txt [ Cookie:dy@at.atwola.com/ ]
C:\USERS\DY\AppData\Roaming\Microsoft\Windows\Cookies\Low\23DXEG0O.txt [ Cookie:dy@solvemedia.com/ ]
C:\USERS\DY\AppData\Roaming\Microsoft\Windows\Cookies\Low\QWMJ5E6I.txt [ Cookie:dy@tacoda.at.atwola.com/ ]
C:\USERS\DY\AppData\Roaming\Microsoft\Windows\Cookies\Low\EMCSGC14.txt [ Cookie:dy@accounts.google.com/ ]
C:\USERS\DY\AppData\Roaming\Microsoft\Windows\Cookies\Low\PCYOKE6S.txt [ Cookie:dy@2o7.net/ ]
.accounts.google.com [ C:\USERS\DY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.accounts.google.com [ C:\USERS\DY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\USERS\DY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ia.media-imdb.com [ C:\USERS\DY\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NS5TJY7R ]

although I am seemingly safe now, I am asking for help on making sure that my computer is not infected, as well as help on these viruses
Thanks


BC AdBot (Login to Remove)

 


#2 Trevrev

Trevrev

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:02:54 PM

Posted 25 April 2012 - 11:01 AM

I had the very same thing happen to me yesterday.
Same Trojan.
SAS picked it up, but it bypassed my Sophos anti virus!
PC seems clean now though.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users