Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TR/Patched.Ren.Gen2 detected, but multiple scans turn up nothing.


  • Please log in to reply
3 replies to this topic

#1 TooLazy

TooLazy

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 07 January 2014 - 10:04 PM

Recently while browsing the web Avira alerted me to a file attempting access it wasn't allowed to and clicked the "remove file" button thinking it was taken care of (Naieve of me, I know). Continued browsing with no other alerts. However, today, it appeared again with the same file name TR/Patched.Ren.Gen2 (as stated in the thread title). Now, note that I primarily browse using sandboxie since a popup annoyance a few weeks ago, and both times this alert was triggered was while sandboxie was open. After the first time I purged sandboxie and did not get the alert again for five days. I purged sandboxie again after today's scare. However, I'm still worried. Since then I have ran multiple scans and they have all turned up little to nothing. Scans including TDSSkiller, HijackThis (I need to check the log again but I recognized most of the file paths and program associations), MBAR, MBAM, Avira, and HitmanPro. I have checked my processes and found nothing really suspicious. Another thing to note is that the alert indicated that the file in question was located in the temporary file folders and I purged those as well with CCleaner as well as doing a registry cleanup. Another thing to note is that my computer has been acting normally since the popup issue was cleared and after the first detection of this file.

 

I hate to ask after doing all that but paranoia begs me to inquire further as to whether I need to delve further or if the problem has been resolved. I apologize for the wall of text and am grateful for anyone that takes the time to read over this and/or reply. For all I know it could be a false positive from another scheduled scan running, but I want to err on the side of caution.

 

Edit: I forgot to mention I am running Windows 8.1.

 

Edit 1/8/2014: After a bit of thinking and a little searching. I think this might have been a false positive generated by scheduled scans with Ad-Aware. I had it installed as a second opinion of sorts to my usual anti-virus program Avira. Since if memory serves both detections were after a scheduled scan started. I will look more into this and see if that's the issue, If so, lock this thread and sorry for wasting anyone's time.

 

1/8/2014 edit 2: I did some testing and recreated the event, it WAS a false positive generated by a conflict between ad-aware and avira. it triggered every other scan during a quick scan. So ad-aware has been uninstalled. I don't know how to delete a thread, so if an admin could lock this please.


Edited by TooLazy, 08 January 2014 - 08:15 PM.


BC AdBot (Login to Remove)

 


#2 DASOS

DASOS

    Malware hunter


  • Security Colleague
  • 1,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greece loutraki 6 km from korinth canal
  • Local time:01:31 PM

Posted 10 January 2014 - 12:58 PM

Hi TooLazy

 

Glad to see that there is no problem with your comp. To be on the safe side you can always have an online scan

 

You will however need to disable your current installed Anti-Virus, how to do so can be read here.

 

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

 

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


Edited by DASOS, 10 January 2014 - 01:00 PM.


#3 TooLazy

TooLazy
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 10 January 2014 - 02:02 PM

Hey DASOS, thanks for the reply. I ran a scan like you suggested and here's what it found:

 

C:\Program Files (x86)\Avira\AntiVir Desktop\apnic.dll    a variant of Win32/Bundled.Toolbar.Ask application    cleaned by deleting - quarantined
C:\Program Files (x86)\Avira\AntiVir Desktop\apntoolbarinstaller.exe    a variant of Win32/Bundled.Toolbar.Ask application    cleaned by deleting - quarantined
C:\Program Files (x86)\Avira\AntiVir Desktop\Offercast_AVIRAV7_.exe    a variant of Win32/Bundled.Toolbar.Ask.D application    cleaned by deleting - quarantined
 

Which is just some remnants of the toolbar that comes with Avira that I thought I got rid of. Anyway, thanks for the advice and sorry for having you put up with my panic attack.



#4 DASOS

DASOS

    Malware hunter


  • Security Colleague
  • 1,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greece loutraki 6 km from korinth canal
  • Local time:01:31 PM

Posted 10 January 2014 - 02:36 PM

Hi!!

 

You welcome!

 

No problem, any time,  take care!

 

Stelios






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users