Jump to content


  • Posts

  • Joined

  • Last visited


0 Neutral
  1. You are the one that says "I don't have such file. Despite we never rely on file names only" and now you are the one that says "never post suspected files" That's weird isn't it? I knew it and that was why i just gave filename and malware name in first post. I just wanted to find information on "Trojan.Win32.FakeAv!IK" Unfortunately it seems that this information will be hard to find. So I will use my backups. Thanks anyway.
  2. I'm sorry dear lynx. I just tought that we could reach the information by just mentioning "Trojan.Win32.FakeAv!IK". Here are the details: System Environment: Attached. Log file: Attached The suspected file: Attached The file was succesfully deleted. I sent you from backups. There are lots of modifications in registry (when installing that suspicious software) but unfortunately only file deletion was done with a-squared. I'm not sure that it's enough. So i decided to contact you. By this way, a lot more people could get benefit. Because this software was distributed to masses via giveawayoftheday.com/ just 4 days ago. And now it's marked as "Trojan.Win32.FakeAv!IK" A comprehensive trojan? or just a "one-file" exe threat My regards. *** attached file in question removed {Lynx}
  3. **Update: The strange thing is: the files in softpedia.com are marked to be clean (scanned by a-squared) The files from giveawayoftheday.com are same size but different content. They probably contain a fraud,trojan or rootkit. Kaspersky marks this as "Trojan.Win32.FraudPack.amds" A-squared: "Trojan.Win32.FakeAV" Any other Anti-virus software: "Clean" Results: http://www.virustotal.com/tr/analisis/2c7a4fd5bab1a09e19cec183e563b14ae209df8b20bdd06f24a775c00d36c32b-1266881383
  4. Hi dear friends. A few days ago, the internet site (giveawayoftheday.com) distibuted a software called "Windows anti-virus mate" It is marked as %100 clean (no virus, no spyware, no form of malware) by Softpedia.com. A few days ago, a-squared was confirming that those files were clean. But today, when we get the update for a-squared scanner, we face that "Trojan.Win32.FakeAv!IK" was found in winavm\avm.exe (windows anti-virus mate) So is this a false positive? If not, what is the detailed effect of this trojan? Or is this just a fake antivirus but NOT a trojan? If this is a trojan, do we have to just delete that file or we have to clean the registry? Thanks to Lynx, and all the other friends who will help us to know about this "Trojan.Win32.FakeAv!IK"
  5. "Only those who fail greatly can ever achieve greatly" - Robert F. Kennedy yes that sentence is truely good Okey dear ShadowPuterDude Thanks for assistance, Have a nice day.
  6. i think that only winlogon.exe was infected but it was not a high-effective malware. i restored winlogon with the original service pack 3 winlogon, then re-activated windows. i also restored regedit.exe, notepad.exe. but yesterday i saw that secondary logon service of microsoft windows was running, and i never needed secondary logon. according to wits tool set, if i am not seeing wrong, some sort of blank-user named session was created to connect to windows at an unknown time. session id: 00000000-0000f962 i don't have any guest accounts or anonymous accounts active. so what is this, you know anything about this dear brother ? wits can be obtained from here: http://sourceforge.net/projects/twapi/files/Current%20Releases/Windows%20Inspection%20Tool%20Set/WiTS%202.1.11/wits-2.1.11-setup.exe/download And thanks for all.
  7. My desktop just contains links and some txt files, no long-term storage. and thank you for advice. The delete script for combofix just moved that files to combofix quarantine called "Qoobox" The file regedit.exe is now false positive approved. just an update for a2scanner fixed that false positive by re-scanning a2scanner's own quarantine. And Lmhost file is zero bytes long and it's content is empty. But combofix thought that it is infected. i think it was a false positive too. Because of global upload quota, i had to zip the log files you requested. Regards
  8. those files which are in "d:\windows\logs2.zip, d:\program files\Common Files\BOONTY Shared.zip, and folders d:\temp\1 d:\temp\2" were all created by me. most of them were created before i contacted online staff of emsi software. the folders d:\temp\1, and d:\temp\2 were backups of logs and cleaned malware (quarantine copy) for sending you. combofix is not infected. BOONTY Shared.zip and logs2.zip were my other various backups too. they are not infected but i will delete them all. boonty shared.zip: some parts of removed software, and remaining junk files which were laterly manually deleted. BOONTY Shared.zip was the backup before manual deletition. logs2.zip: some logs files backup before ccleaner's operations. i had taken those backups. they are just log extensioned files. the files will be deleted with combofix. i will post fresh logs for them soon: * ComboFix (C:\combofix.txt) * a-squared Free * ISeeYouXP and thanks for all.
  9. only windows update gives error. error code is 0x80240025 now i restored winlogon.exe with original sp3 winlogon.exe still the same 0x80240025 error. but now the system looks almost clean. note: my windows xp is %100 legal and i have it's invoice. i have the original serial number sticker and original xp cd.
  10. extra information: windows and all the programs are running without any errors, before and after combofix.
  11. done. files are: (combofix could not provide any prompts to download and install the Microsoft Windows Recovery Console) i think combofix detected some type of infection in winlogon.exe and regedit.exe. combofix tried to recover that files.
  12. Here are the required files. A-squared Free log, ISeeYouXP.txt , HiJackFree HJT Compatible Log. And i could not attach the suspicious or false-alarmed files because of the system's 500K global upload quota. They can be reached from: {link for downloading suspected files was removed} Lynx Regards
  13. thank you for response dear Lynx. required files will be ready almost in an hour. i will post as soon as possible. thanks.
  14. Hi all friends. My a2scanner detected a weird virus called Virus.Win32.Virut!IK in just a couple of files. The weird situation is that, the files are found to be completely clean in virustotal.com. Specific malware detector for Win32.Virut is unable to find anything. But the mentioned virus is almost impossible to be detected because it gets updates frequently and changes itself. I'm not sure if this is a true or false alarm. Here are the "normal scan log file" , "heuristics scan log file" , and the suspicious files Virus total result: http://www.virustotal.com/tr/analisis/bf0285ad8dcf7369d9660b59fe05f3f6b7abbf10a222ef350aa8c29c7cfb6b72-1255432057 {ZIP file with executables inside was removed} edided by Lynx My regards.
  • Create New...