Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan win32:agent-arrp


  • Please log in to reply
8 replies to this topic

#1 ertfyd

ertfyd

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:22 PM

Posted 16 September 2013 - 05:26 PM

Hello,
I run windows 8 with avast and malwarebytes. Yesterday I updated the avast client and upon restart, it detected a Trojan in FlashPlayerUpdateService.exe. When I checked the chest, it detected it again. Every 20 seconds it would detect it in the same directory. I looked up the virus and one person claimed to havye had it and says it is a new malware that opens up a backdoor in your system. I restarted the computer in safe mode and am now scanning with mbam. What I want to know is what to do from here and see if it a false positive.

BC AdBot (Login to Remove)

 


#2 goof munch

goof munch

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:22 AM

Posted 16 September 2013 - 06:04 PM

Would seem that i have the same one



#3 ertfyd

ertfyd
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:22 PM

Posted 16 September 2013 - 07:22 PM

Notice any difference in your computer? I think it's a false positive, but I want to know for sure.
Just did a mbam scan and nothing was found.

Edited by ertfyd, 16 September 2013 - 07:37 PM.


#4 goof munch

goof munch

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:22 AM

Posted 16 September 2013 - 07:46 PM

not really sure, when i started getting the constant warnings from avast, I did some scans. Found several infected files and sent them to the virus chest. All i can say now is that, i dont get the constant warnings now

 

They started occuring after i restarted my laptop though, but after the above, it seems ok

 

Ill do a boot-time scan overnight, to see if its still there

 

EDIT: done another quick scan and it discovers the infected files again, but when i try to move them to the virus chest it gives me an error sayin: Error: The system cannot find the specified file (2)


Edited by goof munch, 16 September 2013 - 07:49 PM.


#5 ertfyd

ertfyd
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:22 PM

Posted 16 September 2013 - 07:57 PM

It may have something to do with the update, I find it weird that this started happening after the update.

#6 goof munch

goof munch

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:22 AM

Posted 16 September 2013 - 08:05 PM

you may be right there, but i had a look on the avast forums and there doesnt seem to be anything about this on there, so i've no idea.

 

im hoping its not much to worry about



#7 ertfyd

ertfyd
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:22 PM

Posted 16 September 2013 - 08:19 PM

What I did right now is terminate the exe to get rid of the messages, locate the infected file in c/windows/syswow64, and scan it. It located the Trojan with a severity level of high. I sent it to the chest and scanned it again to see if it persisted, nothing was there. Still performing a quick scan.

#8 goof munch

goof munch

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:22 AM

Posted 16 September 2013 - 08:31 PM

just scanned the file, no threat detected, so im assuming a previous scan got rid of it. I think ill still do a boot-time scan overnight anyway, just to see if theres anything else. Its probably about time i did one of those lol


Edited by goof munch, 16 September 2013 - 08:32 PM.


#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:22 PM

Posted 17 September 2013 - 11:46 AM

This is a newer Trojan virus. It names itself "FlashPlayerUpdateService.exe, usually located in C:\windows\system32.

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
.
..
.
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator
.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
  • >>>
  • Last run ESET.
    • Hold down Control and click on this link to open ESET OnlineScan in a new window.
    • Click the esetonlinebtn.png button.
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png icon on your desktop.
    • Check "YES, I accept the Terms of Use."
    • Click the Start button.
    • Accept any security warnings from your browser.
    • Under scan settings, check "Scan Archives" and "Remove found threats"
    • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click List Threats
    • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • Click the Back button.
    • Click the Finish button.
    • NOTE:Sometimes if ESET finds no infections it will not create a log.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users