Sign in to follow this  
Jonza121

Trojan Patched aA in explorer.exe

Recommended Posts

Hello.

Yesterday I countered this trojan. Im just curious if its false positive cause SAS, malwarebyte´s anti malware and Avira´s Luke filewalker didnt caught it. Only a-squared, after huge update, found it and i quaranted it succesfully. Im now at the work and im not sure if there still is malware in the system. What should i do if i wanted to be sure that there is no another malware in my system? I ALWAYS run my browser in sandoxie when i download, for example, skins to my games from fpsbanana, or if i go to sites which might have malicious content. :mellow:

PC works just fine. It starts fast, shuts down fast, loads browser etc like always, and it doesnt redirect me to strange sites. Im just curious if this trojan (W32 Trojan Patched.aA or something) is false positive or not. How i could check it? :huh:

Thank you

PS: please dont lock this topic, cause i need quick answers. Please :unsure:

Edited by Jonza121
  • Upvote 1

Share this post


Link to post
Share on other sites

Hi Jonza121, and welcome to the forum

... Yesterday I countered this trojan. Im just curious if its false positive...PC works just fine.

If your system is behaving normally then in order to find out whether the flaggings are False Positives - submit items from the detection list to EMSI developers for analysis

Please ask if you have questions regarding the procedure

Otherwise

=======

Read the following instructions

START HERE, if you don't we are just going to send you back to this thread <--click

Prepare and post (attach) the required log files into Malware Removal section of the forum

(create new thread there)

Wait for reply from ShadowPuterDude, Katana, or JeanInMontana

for assistance and further instructions.

=======

Translation Links for Forum Instructions

My regards

P.S.

... Im just curious if this trojan (W32 Trojan Patched.aA or something)...

Posting just the file name or the alleged infection name does not provide any information

The location of the files / precise names of files and/or Registry Entries ; processes, etc. are required. The same applies to the detections names. All that info should be in the saved report produced by a-squared. That will be one of the steps in the instruction

Share this post


Link to post
Share on other sites

Jonza121,

From one of the the deleted posts:

READ THIS: MY ACTUAL POST

I made random update for a squared and suddenly it putted my trojan back to the system. It said that new signatures showed THAT trojan i had was just a false positive and should be put it back to the system. Well i did what i was told to. Now im unsure if i actually releasen actual malware back to the wild. Was it really a false positive??!

phew...

Firstly, please don't use all capitals - that is considered as shouting and even swearing according to commonly accepted ethic of the forums on Internet

Then, we always reading carefully and trying to help

in order to find out whether the flaggings are False Positives - submit items from the detection list to EMSI developers for analysis

Please ask if you have questions regarding the procedure

In my reply in “Malware Removal help” section from the post deleted by Fabian Wosar :

... Update a-squared before performing Deep Scan and save/attach fresh report

In addition submit Explorer.exe from the Quarantine

The files here is in C:\WINDOWS\$hf_mig$\KB938828\SP2QFE

or C:\WINDOWS\$NtServicePackUninstall$ folders and none is flagged

If you had questions about those replies and would've asked, as it's written, you would be advised further (see references below)

It is impossible to tell whether the detection is False Positive (FP) until the code (which resides on you computer) is sent and being analyzed by developers.

That can be FP indeed, or it should be taken into account that any file/program can be compromised by 3rd party infection that is present (again) on your PC only.

In some circumstances the FP (especially when the item is one of the system files) can be picked up by developers and fixed quickly. In many cases that depends on submissions from the users and that is important and was stressed in both replies.

There is auto-rescanning of quarantine feature after updates and that what most likely happened according to your description.

Here are few links to read in order to be more familiar with investigating the matter:

1) [sticky]

2) In the reply from Thursday, 25 December under “submitting and or auto-rescanning” there are helpful references about different ways to do that.

I hope you will learn how to investigate, submit detected items, setting Re-Scan option, etc., e.g.: How should I treat the malware I found?

My regards

P.S. see another reply in OffTopic

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.