Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojans in adwcleaner.exe and frst64.exe or Norton 360


  • Please log in to reply
14 replies to this topic

#1 eugen_pl

eugen_pl

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:15 AM

Posted 01 September 2014 - 03:34 PM

I downloaded from the website bleepingcomputer.com 2 files: adwcleaner 3.308.exe and frst64.exe. Trying to run these files do  Norton 360 alarm  that in the files is hidden trojan.The question is: files downloaded from bleepingcomputer contain trojans or Norton error?

 

Norton 360 Resolvet Security Risk report 

 

 

" Category: Resolved Security Risks

Date & Time,Risk,Activity,Status,Recommended Action,Path - Filename
31/08/2014 23:45:19,High,adwcleaner (1).exe (Trojan.Gen.SMH) detected by Auto-Protect,Blocked,Resolved - No Action Required,
31/08/2014 22:31:41,High,4adwcleaner_3.308.exe (Trojan.Gen.SMH) detected by Auto-Protect,Quarantined,Resolved - No Action Required,c:\users\eugeniusz\desktop\1\4adwcleaner_3.308.exe
31/08/2014 22:09:49,High,adwcleaner_3.308.exe (Trojan.Gen.SMH) detected by Auto-Protect,Quarantined,Resolved - No Action Required,c:\users\eugen_pl\desktop\adwcleaner_3.308.exe
31/08/2014 22:08:58,High,frst64.exe (SONAR.Dropper) detected by SONAR,Quarantined,Resolved - No Action Required,c:\users\eugeniusz\desktop\frst64.exe
31/08/2014 15:10:02,Medium,frst64.exe (WS.Reputation.1) detected by Download Insight,Quarantined,Resolved - No Action Required,c:\users\eugeniusz\desktop\frst64.exe
31/08/2014 15:02:09,High,frst.exe (Suspicious.Cloud.7.EP) detected by Download Insight,Quarantined,Resolved - No Action Required,c:\users\eugen_pl\downloads\frst.exe
31/08/2014 15:01:10,Medium,frst64.exe (WS.Reputation.1) detected by Download Insight,Quarantined,Resolved - No Action Required,c:\users\eugen_pl\downloads\frst64.exe


BC AdBot (Login to Remove)

 


#2 geraa48

geraa48

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:15 AM

Posted 01 September 2014 - 03:58 PM

yes, definitely something wrong, window froze and pc stopped responding.

 

will try the tool you posted.

 

thnx

 

geraa48

 

 



#3 geraa48

geraa48

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:15 AM

Posted 01 September 2014 - 04:00 PM

yes, definitely something wrong, window froze and pc stopped responding.

 

will try the tool you posted.

 

thnx

 

geraa48

 

 

CANT FIND THE TOOL ANYMORE, THERE WAS SOME SORT OF REMOVAL TOOL AT THE BOTTOM OF YOUR POST, AFTER I SIGNED IN IT WAS GONE

PLS ADVISE



#4 Bleky

Bleky

  • Members
  • 185 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Somewhere on internet
  • Local time:02:15 AM

Posted 01 September 2014 - 04:07 PM

Adwcleaner and FRST are clean,it's a false positive

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,766 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:15 PM

Posted 01 September 2014 - 05:59 PM

Certain embedded files that are part of legitimate programs or specialized fix tools, may at times be detected by some anti-virus and anti-malware scanners as suspicious, a Risk Tool, Hacking Tool, Potentially Unwanted Program, a possible threat or even Malware (virus/trojan) when that is not the case. This occurs for a variety of reasons to include the tool's compiler, the files it uses, whether files are compressed or packed, what behavior (routines, scripts, etc) it performs, any registry strings it may contain and the type of security engine that was used during the scan. Other legitimate files which may be obfuscated, encrypted or password protected in order to conceal itself so they do not allow access for scanning but often trigger alerts by anti-virus software.

When flagged by an anti-virus or security scanner, it's because the program includes features, behavior or files that appear suspicious or which can potentially be used for malicious purposes. Compressed and packed files in particular are often flagged as suspicious by security software because they have difficulty reading what is inside them. These detections do not necessarily mean the file is malicious or a bad program. It means it has the potential for being misused by others or that it was simply detected as suspicious or a threat due to the security program's heuristic analysis engine which provides the ability to detect possible new variants of malware. Anti-virus scanners cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert you or even automatically remove them. In these cases the detection is a "false positive" and can be ignored.

Most of the well known specialized tools we use as malware fighters are written by known experts at various security forums like Bleeping Computer, TechSupport, GeeksToGo, SypwareInfo and other similar sites so they can be trusted...this includes any program hosted by BC for download. Unfortunately, many of these tools are repeatedly falsely detected by various anti-virus programs from time to time.

The problem is really with the anti-virus vendors who keep targeting these embedded files and NOT with the tools themselves. We can inform the developers but they have encountered this issue many times before and in most cases there isn't much they can do about it. Once the detection is reported to the anti-virus vendor, they are usually quick to fix it by releasing an updated definition database.

If you're attempting to download the file, either have your anti-virus ignore the detection or temporarily disable it until you download and run the tool.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 geraa48

geraa48

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:15 AM

Posted 03 September 2014 - 03:25 AM

hi quietman and bleky and eugen,

 

adwen DID give me two virusses, been scanning and removing all day yesterday, up all night with it, did system restore and may have solved it, different scans kept contradicting themselves, avg not finding anything but security essentials finden the same severe threat over and over again, wrote out the names but the notes have been deleted by restore, going nuts here.

 

haven't checked yet if I'm clean now, will report back.

 

:smash: :smash: :smash: :smash: :smash: :smash: :smash: :smash:



#7 geraa48

geraa48

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:15 AM

Posted 03 September 2014 - 03:28 AM

thnx for answering by the way :thumbup2:



#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,766 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:15 PM

Posted 03 September 2014 - 05:18 AM

You're welcome.

BTW, if you need individual assistance with malware infection, you can start a new topic in the Am I infected? What do I do? forum OR follow the instructions provided in the Malware Removal and Log Section Preparation Guide starting at Step 6.
  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 6 there are instructions for downloading and running DDS which will create two logs. (Note: Windows 8.1 Users will not be able run DDS and create a log)
When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 rp88

rp88

  • Members
  • 3,060 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:15 AM

Posted 03 September 2014 - 12:00 PM

I once had a file from here (security check) show up as a detection from norton, i contacted their "false positives" department and told them i strongly suspected it was safe so thye should check it out fully. A day or two later they came back and said the exe file was safe and it had been removed from their virus lists/definitions. I would advise you do the same for these two files, norton were quite helpful then with their false positives service and i would hope they are still. Getting them to check if it is a false positive (almost 100% certain) will confirm to you that it is safe and also mean future norton users who download those two files don't get the same scary message.


Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#10 Truman!

Truman!

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:15 PM

Posted 03 September 2014 - 03:43 PM

Norton Chat - Norton was deleting AdwCleaner on contact

 

3:00 PM Truman Hiatt: The app (AdwCleaner.exe  [3.3.0.8]) has been deleted by Norton...
3:00 PM Marnel Aquino Mendoza: I see. Can you please try to download it and then we'll have it excluded on your Norton?
3:00 PM Truman Hiatt: Okay. [Download succeeded without Norton deleting it.]
3:02 PM Truman Hiatt: Perhaps definitions have been updated? Is the deletion history intact?
3:03 PM Marnel Aquino Mendoza: That is also the possible reason why. Norton is provides you automatic update that is why it suddenly removed your other file. Let us try excluding this one.
3:04 PM Truman Hiatt: This app is stand-alone... Doesn't install as a program.
3:04 PM Marnel Aquino Mendoza: I see.
3:05 PM Marnel Aquino Mendoza: But I believe that this must have a program that you can open when you need it or you have to download it first before opening?
3:06 PM Truman Hiatt: I usually use it on client's PC's from a flash-drive.
3:06 PM Truman Hiatt: Here it is in Downloads, at the moment.
3:07 PM Marnel Aquino Mendoza: I see.
3:07 PM Marnel Aquino Mendoza: Can you please try to run Norton and see if it will be removed from your computer?
3:08 PM Truman Hiatt: I suspect the issue may have been resolved via a Norton update. The file was instantly deleted when downloaded the last few days - But today, as you observed, the download was successful.
3:09 PM Truman Hiatt: So - we may be attempting to fix a problem that no longer exists.
3:10 PM Marnel Aquino Mendoza: Yes, that is right. The download was successful. The possible reason as well, the file that you may have been downloading then was from a third party website and seems not to be legit thatis why Norton have also deleted it.
3:11 PM Truman Hiatt: Really? Bleeping Computers is a well-established security resource with a very good reputation.
3:12 PM Marnel Aquino Mendoza: I see and I completely understand that. My only point is, you might be redirected to a website that is similar like this and when yo downloaded the file, Norton has removed it because are is something else on that program.
3:13 PM Truman Hiatt: Either way - It appears that the issue (for me) has been addressed and I can return to using this tool for myself and my clients again. Thank you for your assistance, Marnel.
3:13 PM Marnel Aquino Mendoza: You are most welcome, Truman.
3:15 PM Truman Hiatt: I understand... The experience yesterday, however, was that I inserted a flash drive containing the tool into a client's PC and saw it deleted immediately by Norton. This is a Tools drive I carry daily, and an application I have been using for months. In all fairness, the utility had just been updated, so I suspect it outgrew the exception intitally established for it by the Norton community.
3:17 PM Marnel Aquino Mendoza: I see. If that is the case, I would suggest to update first Norton before inserting the Flash Drive so in that case, Norton would be able to recognize that file. It is also good to update the other program as well.
3:17 PM Truman Hiatt: Thanks again for your time and assistance. Have a great one.
3:17 PM Marnel Aquino Mendoza: No problem, Truman. By any chance, would there be anything else that I may help you with?
3:17 PM Truman Hiatt: No thank you. Bye.

 



#11 Union_Thug

Union_Thug

    Bleeps with the fishes...


  • Members
  • 2,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:is everything
  • Local time:08:15 PM

Posted 03 September 2014 - 05:19 PM

Norton is about as useful as a screen door on a submerged submarine, IMHO. YMMV.



#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,766 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:15 PM

Posted 03 September 2014 - 05:51 PM

3:12 PM Marnel Aquino Mendoza: I see and I completely understand that. My only point is, you might be redirected to a website that is similar like this and when yo downloaded the file, Norton has removed it because are is something else on that program.

Changing the subject is one way to avoid addressing the original issue.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#13 Scoop8

Scoop8

  • Members
  • 326 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dallas TX
  • Local time:07:15 PM

Posted 04 September 2014 - 07:52 AM

Opinions and experiences vary with AV's.  For me, Norton's my 3rd home PC AV and has been the best one so far.

 

I installed it in December 2012, a couple of years after it was overhauled (previous reputations and experiences being resource-hog, etc).



#14 Union_Thug

Union_Thug

    Bleeps with the fishes...


  • Members
  • 2,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:is everything
  • Local time:08:15 PM

Posted 04 September 2014 - 08:50 AM

Opinions and experiences vary with AV's.  For me, Norton's my 3rd home PC AV and has been the best one so far.

 

I installed it in December 2012, a couple of years after it was overhauled (previous reputations and experiences being resource-hog, etc).

 

Acknowledged.  My only experience w/Norton is the "previous reputations" to which you refer, hence why I added YMMV



#15 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,766 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:15 PM

Posted 04 September 2014 - 05:01 PM


Although Norton (Symantec) is as good as any other well known anti-virus program, it requires numerous services and running processes that consume system resources and often results in complaints of high CPU usage. I have read from other users that Norton has made improvements in newer versions of their software so they are not as resource heavy as past versions...while others still say differently. However, Symantec products can be difficult to remove and remnants are often left behind which require the use of a special removal tool, otherwise you may encounter problems installing a replacement anti-virus. To be fair, other vendors are also using removal tools for the same reason. Those issues plus the cost factor are the primary reason many folks look for a free alternative. IMO, Norton is better utilized in an Enterprise system environment protecting many client computers.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users