PDA

View Full Version : Trojan?



sarel
05-03-2009, 04:13 PM
Trojan or False Positive? I had family stay over, using the PC and when they went, found Backdoor.backdoor.64024.A, sitting in Wextract.exe, on my PC (Picked up by Spyware Terminator). Nod32 showed nothing, so I d/l'ed Avira and TrojanRemover - both negative. Restore is not enabled. Spyware Terminator can't remove it. Trojan Remover just came back negative. Same with Avira

Should I worry?

sarel

GameJunkie
05-03-2009, 05:14 PM
can you report false/positives in Spyware Terminator?

Blam
05-03-2009, 05:14 PM
Probably a false positive, as a google search shows nothing.

And wextract.exe is a legit system files anyways,(altho it could be infected)

sarel
05-03-2009, 06:03 PM
I think so - I'll report it and see. Will do another exhaustive scan tomorrow, just to be sure

sarel

Speedy Gonzales
05-03-2009, 06:22 PM
Upload it here (http://www.virustotal.com/)

See what it says

sarel
05-03-2009, 06:37 PM
Found the following:

Antivirus Version Last Update Result

Authentium 5.1.0.4 2009.03.04 W32/Backdoor2.NYH
F-Prot 4.4.4.56 2009.03.04 W32/Backdoor2.NYH
K7AntiVirus 7.10.657 2009.03.04 Trojan.Win32.Malware.1

All the other negative

sarel
06-03-2009, 08:24 AM
This morning I did a few more scans with on-line scanners - negative. Everything else reports it as negative on my PC. If I remove/delete the file, it reappears after about 10 secs (Windows doing it)?

Any advice - ignore? Or should I see whether I can get any remover for Trojan.Win32.Malware.1 (as reported by one of the multiscans)?

sarel

Speedy Gonzales
06-03-2009, 08:51 AM
Disable system restore, reboot then delete it. Then see if it comes back

Then select all options under utilities in trojan remover

sarel
06-03-2009, 09:26 AM
Speedy, Restore has not been enabled for the last 6 months. Will do the rest.

sarel

sarel
06-03-2009, 09:39 AM
Came back after 10 secs.

TR negative again - with all options

sarel

Speedy Gonzales
06-03-2009, 09:42 AM
Well if spyware terminator thinks its a trojan, send whoever made it an email.

And ask if you can email the file. So they can check it out

Or send an email to Avast or one of the better AV places

sarel
06-03-2009, 10:11 AM
Did that - waiting for reply - from SpywTerm and Nod32

sarel

sarel
08-03-2009, 08:57 PM
Still waiting on a reply from SpywTerm, but I d/l'ed the latest version of ST today and lo and behold - no trojan identified.

sarel

Speedy Gonzales
08-03-2009, 09:40 PM
Must have been a definition in it then. That picked it up as a trojan

sarel
10-03-2009, 08:12 AM
and today ST sent me an email thanking me for the email and analysis that I sent through. No mention of why/how, etc.

Sarel

sarel
11-03-2009, 12:25 PM
Got an email from ST today saying :

Answer: Thanks for your information, this problem was fixed in Spyware Terminator database version 3.003.011.000

Sarel

Speedy Gonzales
11-03-2009, 12:26 PM
Cool, must have been a false + then