Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan horse Generic32.AGEI -AVG Detection cannot be removed


  • Please log in to reply
12 replies to this topic

#1 aussieisland

aussieisland

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:16 AM

Posted 01 April 2013 - 04:53 PM

We got this message on our computer this morning.
 
Trojan horse Generic32.AGEI
\\Server\print$\W32x86\3\BRSP107A.DLL
 
AVG detected it. It gives a result-Cannot be removed. Access is Denied. We have Windows XP. We use FireFox. What can we do to remove this? All help is appreciated. Thank you.

Edit: Moved topic from XP to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:16 AM

Posted 01 April 2013 - 05:49 PM

Welcome aboard p22002758.gif

 

AVG is known for false positives so upload file in question (BRSP107A.DLL) here: https://www.virustotal.com/en/ for security check.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 NCHP

NCHP

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Coffs Harbour - Australia
  • Local time:12:16 AM

Posted 01 April 2013 - 07:25 PM

Hi Guys,


We got this at two of our sites, it seems to generate a warning when someone attempts to print from a workstation.
(one workstation running XP the other Win 7 - both severs are Win 7)

I feel that it may well be a False Positive, but I have followed  http://forums.avg.com/ww-en/avg-forums?sec=thread&act=show&id=395 - just in case.

 


I've scanned the file with:
https://www.virustotal.com/en/
http://virusscan.jotti.org/en/

...and zipped and emailed it  to virus@avg.com

I will post back here when I hear back from AVG



#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:16 AM

Posted 01 April 2013 - 07:51 PM

Thanks :)


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 bragaul

bragaul

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:16 PM

Posted 01 April 2013 - 08:54 PM

AVG detected trojan horse generic32.agei on my Brother printer drivers as well on my laptop. It also flagged werfault.ext in system32 folder. I scanned my desktops at home and both times AVG flagged the Brother printer drivers. I thought for sure this was a false positive.

 

However, remote assistance had been turned on all three computers (which I didn't do) and I received a remote connection request from an unknown website. I wish I screenshotted it. I just closed it quickly.

 

UPDATE: VirusTotal revealed that a file I released from AVG quarantined was not flagged by AVG. AVG's most current update no longer reports the brother drivers as trojans. I'm still concerned about my remote assistance issue though. They must be unconnected but what a fluke.


Edited by bragaul, 01 April 2013 - 09:15 PM.


#6 aussieisland

aussieisland
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:16 AM

Posted 02 April 2013 - 02:39 PM

We ran it through VirusTotal and this it what it found "TROJ_GEN.RC9H1D1". What should we do?



#7 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:16 AM

Posted 02 April 2013 - 03:29 PM

it found "TROJ_GEN.RC9H1D1

By which AV engine. Just one positive results out of 40?


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#8 aussieisland

aussieisland
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:16 AM

Posted 02 April 2013 - 04:31 PM

Yeah just one

 

it found "TROJ_GEN.RC9H1D1

By which AV engine. Just one positive results out of 40?

 

 

Yeah just one



#9 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:16 AM

Posted 02 April 2013 - 05:37 PM

I'll definitely call it false positive.

I suggest you report the issue at AVG forum.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#10 NCHP

NCHP

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Coffs Harbour - Australia
  • Local time:12:16 AM

Posted 03 April 2013 - 06:43 PM

Here's the response from AVG in regards to the file that I submitted (BRSP107A.DLL).

 

 


Dear Sir/Madam,

Thank you for your email.

We would like to inform you that we were unable to induce the detection with the latest virus definitions. It is possible that it was a false alarm which is fixed now.

If the issue still persists, please send us the fresh exact file which AVG detected as virus and screenshot.

Thank you for your cooperation. It is appreciated.

Best regards,

Mark Joseph Capicio
AVG Customer Services
http://www.avg.com



#11 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:16 AM

Posted 03 April 2013 - 08:22 PM

You should be good to go then :)


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#12 aussieisland

aussieisland
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:16 AM

Posted 04 April 2013 - 11:28 AM

Thank you so much guys. Really great how everyone pulls together.



#13 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:16 AM

Posted 04 April 2013 - 03:43 PM

thumbsup-thumbs-up-approve-ok-smiley-emo


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users