Sign in to follow this  
pizzaman

a-squared free found 3 Trojans

Recommended Posts

Hi, I recently have discovered the wonderful product a-squared free.It has found 3 trojans------Gen.trojan!IK-----Trojan.w32patched!IK-----Trojan-Dropper.Agent!Ik

I have Avira antivirus and also used SuperAntiSpyware regularly. They did not find these trojans.

My question is, when I click on the names of the virus during the a-squared scan it links me to emisoft's website saying that if I download/purchase a-squared anti-malware it will delete this malware infection. Will it?

I tried to delete/quarantine the infection using a-squared free, but it will not work.I have read a lot of the posts on this forum about following the steps using combofix and all the other stuff and working with a professional on the forum but that seems very confusing for a newbie like me.

So, bottom line ---Will the a-squared anti-malware software fix my infection?

Thanks for taking the time to help, pizzaman.

Share this post


Link to post
Share on other sites

Hi pizzaman, welcome to the forum

Firstly Posting just the file name or the alleged infection name does not provide any information

The location of the files / precise names of files and/or Registry Entries ; processes, etc. are required. The same applies to the detections names. All that info should be in the saved report produced by a-squared.

You should let the Deep Scan to finish and save the report.

Then if you are not sure - submit the flagged items to EMSI developers for analysis

(whether from the detection list or from quarantine)

Please ask if you have questions about the submission procedure

Never run anything that you were reading as an advices in "Malware Removal" section. Every case is individual.

Please read comment by ShadowPuterDude at the end of any case.

Do not run ComboFix without supervision of the expert. You can damage your system beyound repair before getting any assistance

If you received the message from a-squared about inability to quarantine /delete:

=======

Read the following instructions

START HERE, if you don't we are just going to send you back to this thread <--click

Prepare and post (attach) the required log files into Malware Removal section of the forum

(create new thread there)

Wait for reply from ShadowPuterDude, Katana, or JeanInMontana

for assistance and further instructions.

=======

Translation Links for Forum Instructions

My regards

Share this post


Link to post
Share on other sites

Thanks Lynx for the quick response.

I thought I noticed that you posted that you had enough of this forum? I was a little upset to read this after seeing all the hard work you have put into this forum. But it seems that you are back and that is good news.

I originally posted this in the middle of a second deep a-squared free scan. The first scan I did found those viruses as well as the second scan.But, I assumed since a-squared free could not fix the problem the first time and I noticed they showed up the second time , that it was time for me to pursue the issue a little further and start this post. After the second deep scan finished , it seemed as if I was able to delete all of the malware found. :) I then did a quick scan( not the real fast one but the next one , don't remember what it was actually called) and nothing was found. I will do another deep scan tonight and see what happens.

in regards to using the a-squared anti-malware software, that came directly from the advice of clicking on the info of the trojan file found. I am not sure if you understood that or thought I was reading various posts on the matter and considering trying to remove the viruses based on that.

I will post my results , good or bad after my next deep scan.

Thanks again, glad you are still around. Talk to you soon,pizzaman _

Share this post


Link to post
Share on other sites

Hey again, I have completed 3 deep scans and was able to remove the 3 listed malwares. So, can I safely assume that the threats are gone? Also, why was I not able to remove them the first time but the second scan removed them with no problem?

I loaded a-squared free on a second computer and performed a deep scan and found a few malware items. I was not able to remove/quarantine them the first time, so I performed a second scan and that time I had no problem removing/quarantining them. I don't get it? This seems to be the pattern for the way that a-squared works.

Thanks for your help, pizzaman.

Share this post


Link to post
Share on other sites
...I performed a second scan and that time I had no problem removing/quarantining them. I don't get it? This seems to be the pattern for the way that a-squared works...

pizzaman,

That shouldn't be "the pattern".

It is impossible to tell anything since neither your initial request nor this post do not have any information about what was flagged and what are you quarantining/deleting.

There is no scan/or quarantine reports attached.

The second time there could be, for example, cookies flagged that are never representing threats. The 1st time you probably could try removing them when the browser session was active compare to the second time. But that is just one of the possible scenarios.

We cannot tell anything with certainty based on you descriptions due to lack of information

My regards

Share this post


Link to post
Share on other sites

pizzaman,

Please do not use in-line postings – attach the files as it's described in Forum Posting Rules

Please reattach reports if you want

Investigate the matter first if you are not sure

Read this Sticky

Submit files for to EMSI developers for analysis if you are not sure

Please read this forum or don't hesitate to ask if you have questions about the submission procedure

We should never rely on names only but:

mciwndx.ocx may be MS system file plug-in (ActiveX) belonging to Visual Studio (e.g VB 5.0). It should be signed by MS you could've checked that – so could be an FP

ewido anti-malware\oldewido.exe if you still have Ewido antispyware – could be an FP

the same may apply to

C:\Program Files\SBC Self Support Tool\SmartBridge\MotiveSB.exe detected: Trojan.Win32.Patched!IK

C:\Program Files\TurboTax\Deluxe 2006\32bit\TTXATBTI.EXE detected: Gen.Trojan!IK

C:\Program Files\TurboTax\Deluxe 2007\32bit\TTXCTBTI.EXE detected: Gen.Trojan!IK ....

MotiveSB.exe could be a legit software associated with DSL service providers

TurboTax... if not “cracked” (not implying anything) could be legit Software as well

=======

The detections in _restore{681.... could be just the leftovers of what was removed correctly or not

....C:\System Volume Information\_restore{681AD0F2-0D47-41B9-8237-A8C74BD32DF4}\RP1341\A0172351.EXE detected: Gen.Trojan!IK...

The detections in the System Restore Point are inactive and can be used only by the System Restore feature

Antiviruses cannot manipulate with data in that protected area. The only way to clean System Restore is to turn it Off ; Reboot and switch it back On.

My regards

Share this post


Link to post
Share on other sites

Hey Lynx, I apologize for the copy and paste job. You said "The only way to clean System Restore is to turn it Off ; Reboot and switch it back On." So, I assume I should clean system restore by following your procedures. How exactly do I turn it off? Then how do I turn it back on? I am not sure what you meant by Turbo Tax being "cracked". Do you mean it was compromised by malware or thinking it is not a legal copy of the software( it is )/

Thanks again for your help, what unbelievable service! pizzaman

Share this post


Link to post
Share on other sites

Thanks H_D, I cleaned up restore points using the link you provided.

I noticed in your posts that you use "open Dns" on pc1, and not on pc2. I have recently stumbled upon "open dns" by reading Gizmodo's website and was wondering if it is something I should do/install? Why do you only have it on pc1? Is it because it is something you do to your router, so you did not bother to list it for pc2?

Thanks again, pizzaman.

Share this post


Link to post
Share on other sites
... I am not sure what you meant by Turbo Tax being "cracked". Do you mean it was compromised by malware or thinking it is not a legal copy of the software( it is )...
Good morning, pizzaman

Basically, your question contains the answers.

If not FP, files can be compromised by 3rd party infection irrespectively and sometimes that's done deliberately for the particular Software when “cracks”/patches/serial number generators downloaded from sites with bad reputation & used in order to “make it legal”. Again stressing - that was said only because of the possibility of a scenario

TTXATBTI.EXE belonging to Intuit - you can find, e.g. “all greens & trusted”

(see the note there though) and that's not a secret that you can find questionable “offers” mentioned above.

I'll leave the question for H_D

Cheers !

Thanks H_D, I cleaned up restore points using the link you provided.

I noticed in your posts that you use "open Dns" on pc1, and not on pc2. I have recently stumbled upon "open dns" by reading Gizmodo's website and was wondering if it is something I should do/install? Why do you only have it on pc1? Is it because it is something you do to your router, so you did not bother to list it for pc2?

Thanks again, pizzaman.

Share this post


Link to post
Share on other sites

Hey, pizzaman

The answer is rather prosaic, I'm afraid: I rarely use my XP Pro PC. In fact the PC has only been on for about an hour in the last year... I keep it for redundancy. However, your question was helpful because I really should configure it to use OpenDNS.

It is a great thing - no system overheads, all filtering is achieved before the packets reach your machine, and it is free. It is also highly configurable.

An excellent free resource that is well worth using because it allows you determine the type of content you want to receive and to block that which you don't.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.