1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

Conflicting virus reports

Discussion in 'Windows Security' started by P Ratcliff, Jul 16, 2009.

  1. P Ratcliff

    P Ratcliff Guest

    Hello All,

    My network is running TrendMicro plus I have downloaded and used
    Spyware Doctor, MalwareBytes & AdAware on a PC which Spyware Doctor
    shows as having a trojan. Specifically: trojan-download.agent.bnz &
    trojan-spy.zbot. However, only Spyware Doctor finds these - all the
    others do not. ??? What's with that? Is this a false positive? I've
    researched the trojans and searched for the files they are supposed to
    install and haven't found any of them but Spyware still says the
    trojan is present. I've tried cleaning the PC using the free tools and
    Trend but it's still there.

    Any thoughts?
    Thanks in advance ...

    P Ratcliff
     
    P Ratcliff, Jul 16, 2009
    #1
  3. Malke

    Malke Guest

    P Ratcliff wrote:
    <!--coloro:blue--><span style="color:blue <!--/coloro-->
    > Hello All,
    >
    > My network is running TrendMicro plus I have downloaded and used
    > Spyware Doctor, MalwareBytes & AdAware on a PC which Spyware Doctor
    > shows as having a trojan. Specifically: trojan-download.agent.bnz &
    > trojan-spy.zbot. However, only Spyware Doctor finds these - all the
    > others do not. ??? What's with that? Is this a false positive? I've
    > researched the trojans and searched for the files they are supposed to
    > install and haven't found any of them but Spyware still says the
    > trojan is present. I've tried cleaning the PC using the free tools and
    > Trend but it's still there.<!--colorc--><!--/colorc-->

    There are two ways of finding out whether this is a false positive or not:

    1. Contact Spyware Doctor's tech support. This is where I'd start.

    2. Send the file to Virus Total for identification.


    Malke
    --
    MS-MVP
    Elephant Boy Computers - Don't Panic!
     
    Malke, Jul 16, 2009
    #2
  4. P Ratcliff

    P Ratcliff Guest

    Malke - Thanks for the reply. One issue is that I'm not using the
    registered version of SpyWare Doctor - just the freebee scan. I'll go
    ahead and email them anyway. But here's something weird - if I scan
    under one user it looks clean but if I scan under a different user it
    finds this trojan. Again, none of the others find it. Seems odd that
    the scan would not look in all files/registry/etc. regardless of who
    is logged onto the PC but it appears not??

    Also, I can't find any of the files that apparently belong to these
    trojans but something is causing the PC to babble to the router when a
    browser is open.

    Any other thoughts??
    P Ratcliff

    On Jul 16, 9:56 am, Malke <ma...@invalid.invalid> wrote:<!--coloro:blue--><span style="color:blue <!--/coloro-->
    > P Ratcliff wrote:<!--coloro:green--><span style="color:green <!--/coloro-->
    > > Hello All,<!--colorc--><!--/colorc-->
    ><!--coloro:green--><span style="color:green <!--/coloro-->
    > > My network is running TrendMicro plus I have downloaded and used
    > > Spyware Doctor, MalwareBytes & AdAware on a PC which Spyware Doctor
    > > shows as having a trojan. Specifically: trojan-download.agent.bnz &
    > > trojan-spy.zbot. However, only Spyware Doctor finds these - all the
    > > others do not. ??? What's with that? Is this a false positive? I've
    > > researched the trojans and searched for the files they are supposed to
    > > install and haven't found any of them but Spyware still says the
    > > trojan is present. I've tried cleaning the PC using the free tools and
    > > Trend but it's still there.<!--colorc--><!--/colorc-->
    >
    > There are two ways of finding out whether this is a false positive or not:
    >
    > 1. Contact Spyware Doctor's tech support. This is where I'd start.
    >
    > 2. Send the file to Virus Total for identification.
    >
    > Malke
    > --
    > MS-MVP
    > Elephant Boy Computers - Don't Panic!    <!--colorc--><!--/colorc-->
     
    P Ratcliff, Jul 16, 2009
    #3
  5. Malke

    Malke Guest

    P Ratcliff wrote:
    <!--coloro:blue--><span style="color:blue <!--/coloro-->
    > Malke - Thanks for the reply. One issue is that I'm not using the
    > registered version of SpyWare Doctor - just the freebee scan. I'll go
    > ahead and email them anyway. But here's something weird - if I scan
    > under one user it looks clean but if I scan under a different user it
    > finds this trojan. Again, none of the others find it. Seems odd that
    > the scan would not look in all files/registry/etc. regardless of who
    > is logged onto the PC but it appears not??
    >
    > Also, I can't find any of the files that apparently belong to these
    > trojans but something is causing the PC to babble to the router when a
    > browser is open.<!--colorc--><!--/colorc-->

    Honestly, I don't think much of Spyware Doctor or Ad-Aware. I do recommend
    and use MBAM. Here are my usual malware cleaning steps:



    If you weren't that thorough, especially with the prep work, I'd do more
    work.

    Malke
    --
    MS-MVP
    Elephant Boy Computers - Don't Panic!
     
    Malke, Jul 16, 2009
    #4
  6. P Ratcliff

    P Ratcliff Guest

    Again, thanks for the info. I'll go over this and see if we've missed
    any steps. Right now we're working with Trend to figure out why they
    aren't picking up on this thing. I've managed to remove everything
    except this one stubborn trojan-download.agent.bnz

    If I find anything worth reporting - like how to get rid of this thing
    - I'll post it tomorrow.
    Cheers
    PR

    On Jul 16, 11:33 am, Malke <ma...@invalid.invalid> wrote:<!--coloro:blue--><span style="color:blue <!--/coloro-->
    > P Ratcliff wrote:<!--coloro:green--><span style="color:green <!--/coloro-->
    > > Malke - Thanks for the reply. One issue is that I'm not using the
    > > registered version of SpyWare Doctor - just the freebee scan. I'll go
    > > ahead and email them anyway. But here's something weird - if I scan
    > > under one user it looks clean but if I scan under a different user it
    > > finds this trojan. Again, none of the others find it. Seems odd that
    > > the scan would not look in all files/registry/etc. regardless of who
    > > is logged onto the PC but it appears not??<!--colorc--><!--/colorc-->
    ><!--coloro:green--><span style="color:green <!--/coloro-->
    > > Also, I can't find any of the files that apparently belong to these
    > > trojans but something is causing the PC to babble to the router when a
    > > browser is open.<!--colorc--><!--/colorc-->
    >
    > Honestly, I don't think much of Spyware Doctor or Ad-Aware. I do recommend
    > and use MBAM. Here are my usual malware cleaning steps:
    >
    >
    >
    > If you weren't that thorough, especially with the prep work, I'd do more
    > work.
    >
    > Malke
    > --
    > MS-MVP
    > Elephant Boy Computers - Don't Panic!    <!--colorc--><!--/colorc-->
     
    P Ratcliff, Jul 16, 2009
    #5
  7. The Real Truth MVP

    The Real Truth MVP Guest

    Use my Remove-it software, it will remove that malware from your system.
    Choose yes for all options when prompted. Download it here




    --
    The Real Truth
    *WARNING* Do NOT follow any advice given by the people listed below.
    They do NOT have the expertise or knowledge to fix your issue. Do not waste
    your time.
    David H Lipman, Malke, PA Bear, Beauregard T. Shagnasty, Leythos.




    "P Ratcliff" <pratclif@co.alameda.ca.us> wrote in message
    news:b090c814-91dd-4418-97d5-233324171f90@x6g2000prc.googlegroups.com...
    Again, thanks for the info. I'll go over this and see if we've missed
    any steps. Right now we're working with Trend to figure out why they
    aren't picking up on this thing. I've managed to remove everything
    except this one stubborn trojan-download.agent.bnz

    If I find anything worth reporting - like how to get rid of this thing
    - I'll post it tomorrow.
    Cheers
    PR

    On Jul 16, 11:33 am, Malke <ma...@invalid.invalid> wrote:<!--coloro:blue--><span style="color:blue <!--/coloro-->
    > P Ratcliff wrote:<!--coloro:green--><span style="color:green <!--/coloro-->
    > > Malke - Thanks for the reply. One issue is that I'm not using the
    > > registered version of SpyWare Doctor - just the freebee scan. I'll go
    > > ahead and email them anyway. But here's something weird - if I scan
    > > under one user it looks clean but if I scan under a different user it
    > > finds this trojan. Again, none of the others find it. Seems odd that
    > > the scan would not look in all files/registry/etc. regardless of who
    > > is logged onto the PC but it appears not??<!--colorc--><!--/colorc-->
    ><!--coloro:green--><span style="color:green <!--/coloro-->
    > > Also, I can't find any of the files that apparently belong to these
    > > trojans but something is causing the PC to babble to the router when a
    > > browser is open.<!--colorc--><!--/colorc-->
    >
    > Honestly, I don't think much of Spyware Doctor or Ad-Aware. I do recommend
    > and use MBAM. Here are my usual malware cleaning steps:
    >
    >
    >
    > If you weren't that thorough, especially with the prep work, I'd do more
    > work.
    >
    > Malke
    > --
    > MS-MVP
    > Elephant Boy Computers - Don't
    > Panic!    <!--colorc--><!--/colorc-->
     
    The Real Truth MVP, Jul 16, 2009
    #6
  8. 1PW

    1PW Guest

    The unTruth wrote:

    Snip, snip...


    Only a fool would run your stolen software - THIEF.

    Repent!

    Pete
    --
    1PW @?6A62?FEH9:DE=6o2@=]4@> [r4o7t]
     
    1PW, Jul 16, 2009
    #7
  9. Leythos

    Leythos Guest

    Re: Conflicting virus reports - Butts still can't explain obatssrsghde.exe

    In article <jeudnW-BUOYqJ8LXnZ2dnUVZ_hidnZ2d@giganews.com>, trt@void.com
    says...<!--coloro:blue--><span style="color:blue <!--/coloro-->
    >
    > Use my Remove-it software, it will remove that malware from your system.
    > Choose yes for all options when prompted. Download it here
    > <!--colorc--><!--/colorc-->

    How come you can't explain what "obatssrsghde.exe" is or why it's
    removed in your batch file? You claim you wrote it, but you can't tell
    the group what it is or what is represents.

    Anyone using your pirated code should be aware that you can't explain
    how it works or what it removes.

    --
    You can't trust your best friends, your five senses, only the little
    voice inside you that most civilians don't even hear -- Listen to that.
    Trust yourself.
    spam999free@rrohio.com (remove 999 for proper email address)
     
    Leythos, Jul 17, 2009
    #8
  10. Mees de Roo

    Mees de Roo Guest

    "P Ratcliff" <pratclif@co.alameda.ca.us> wrote in message
    news:ae3e2c91-8752-4dd7-acb6-b4d0ed35b378@q40g2000prh.googlegroups.com...

    Also, I can't find any of the files that apparently belong to these
    trojans but something is causing the PC to babble to the router when a
    browser is open.

    Any other thoughts??

    Sounds like the typical behaviour one should expect to see when a rootkit was
    is action.
    Give GMER ( ) a try?

    Mees de Roo
     
    Mees de Roo, Jul 18, 2009
    #9
  11. David H. Lipman

    David H. Lipman Guest

    From: "Mees de Roo" <mees.deroo.laatditweg@enditook.ziggo.nederland>


    | "P Ratcliff" <pratclif@co.alameda.ca.us> wrote in message
    | news:ae3e2c91-8752-4dd7-acb6-b4d0ed35b378@q40g2000prh.googlegroups.com...

    | Also, I can't find any of the files that apparently belong to these
    | trojans but something is causing the PC to babble to the router when a
    | browser is open.

    | Any other thoughts??

    | Sounds like the typical behaviour one should expect to see when a rootkit was
    | is action.
    | Give GMER ( ) a try?

    | Mees de Roo



    Certainly. Go for it!

    --
    Dave

    Multi-AV -
     
    David H. Lipman, Jul 18, 2009
    #10

Share This Page