Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Agent/Gen-Siggen and Agent/Gen-AgentSmall


  • Please log in to reply
3 replies to this topic

#1 Phantom65

Phantom65

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Kent, UK
  • Local time:05:01 AM

Posted 24 December 2012 - 04:26 AM

Samsung NC10 notebook running Windows XP, Avast (free), Zonealarm, Spywareblaster, Firefox & Opera are favoured browsers. It is my usual practice to run at least one of Avast/SuperAntiSpyware/Malwarebytes daily.
~~~~~~~~~~

A few days ago a full scan with SuperAntiSpyware found and removed two Trojans: Agent/Gen-Siggen and Agent/Gen-AgentSmall. A second scan immediately after restarting the computer was clear, as was a scan with Malwarebytes for a second opinion.

The problem since then is with Avast, it seems to have been disabled.

Posted Image

The 'Fix now' button does nothing and the 'Start program' link does nothing. It is the free version and the current registration is valid until 25 January 2013.

I tried System Restore for two dates well before the infection but they both failed.

I have tried to install AVG for some protection in the meantime but get a message saying that an administrator needs to perform the installation - I am the sole user of this computer which makes me think that some setting has been tampered with.

I have run either Malwarebytes or SAS (or both) daily since the Trojan removal and they have been clear every time.


So my main question, is it likely that I am still infected?

If not, how do I reinstate Avast?

Any advice appreciated, thanks in advance.

~~~~~~~~~

The scan log for the Trojans:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/21/2012 at 05:47 PM

Application Version : 5.6.1014

Core Rules Database Version : 9776
Trace Rules Database Version: 7588

Scan type : Complete Scan
Total Scan Time : 00:36:34

Operating System Information
Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 538
Memory threats detected : 1
Registry items scanned : 37106
Registry threats detected : 6
File items scanned : 26826
File threats detected : 22

Trojan.Agent/Gen-Siggen
HKLM\System\ControlSet001\Services\ASWFSBLK
C:\WINDOWS\SYSTEM32\DRIVERS\ASWFSBLK.SYS
HKLM\System\ControlSet001\Enum\Root\LEGACY_ASWFSBLK
HKLM\System\ControlSet003\Services\ASWFSBLK
HKLM\System\ControlSet003\Enum\Root\LEGACY_ASWFSBLK
HKLM\System\CurrentControlSet\Services\ASWFSBLK
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_ASWFSBLK
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\ASWIDLE.DLL
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\ASWIDLE.DLL
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\SETUP\INF\ASWFSBLK.SYS

Trojan.Agent/Gen-AgentSmall
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\ASWRUNDLL.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\DEFS\12122100\FWAUX.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{1DE5F714-3B3C-49C4-AC45-280E50B197FA}\RP927\A0164498.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{1DE5F714-3B3C-49C4-AC45-280E50B197FA}\RP927\A0164551.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{1DE5F714-3B3C-49C4-AC45-280E50B197FA}\RP928\A0164598.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{1DE5F714-3B3C-49C4-AC45-280E50B197FA}\RP928\A0164645.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{1DE5F714-3B3C-49C4-AC45-280E50B197FA}\RP929\A0164721.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{1DE5F714-3B3C-49C4-AC45-280E50B197FA}\RP930\A0164836.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{1DE5F714-3B3C-49C4-AC45-280E50B197FA}\RP930\A0164873.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{1DE5F714-3B3C-49C4-AC45-280E50B197FA}\RP930\A0164892.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{1DE5F714-3B3C-49C4-AC45-280E50B197FA}\RP931\A0164947.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{1DE5F714-3B3C-49C4-AC45-280E50B197FA}\RP931\A0165010.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{1DE5F714-3B3C-49C4-AC45-280E50B197FA}\RP932\A0165061.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{1DE5F714-3B3C-49C4-AC45-280E50B197FA}\RP932\A0165110.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{1DE5F714-3B3C-49C4-AC45-280E50B197FA}\RP933\A0165259.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{1DE5F714-3B3C-49C4-AC45-280E50B197FA}\RP933\A0165307.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{1DE5F714-3B3C-49C4-AC45-280E50B197FA}\RP933\A0165373.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{1DE5F714-3B3C-49C4-AC45-280E50B197FA}\RP935\A0165430.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{1DE5F714-3B3C-49C4-AC45-280E50B197FA}\RP935\A0165471.DLL
How can I be free/How can I get out
Am I really me/Am I Someone else

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:01 AM

Posted 24 December 2012 - 03:25 PM

Hello, these are new False Possitives and shoud not be Removed. This should be fixed in the next update.
Easiest way to fix this is to Uninstall Avast and Reinstall it.

Until the update uncheck these so they will not be removed
https://www.dropbox.com/s/jxeqimsbatm7y4f/SAS%20issue.png
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Phantom65

Phantom65
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Kent, UK
  • Local time:05:01 AM

Posted 24 December 2012 - 05:22 PM

Thanks for your response boopme, I'll do that.
How can I be free/How can I get out
Am I really me/Am I Someone else

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:01 AM

Posted 24 December 2012 - 05:32 PM

You're welcome !!! :santa:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users