Hello, can you please check possible problem.
I used SUPERAntiSpyware today and it detected:
Trojan/Malware - HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN#20131121
Is it real, or some false alarm?
Can you please check it?
Hello, can you please check possible problem.
I used SUPERAntiSpyware today and it detected:
Trojan/Malware - HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN#20131121
Is it real, or some false alarm?
Can you please check it?
if you have a file, upload and test at www.virustotal.com / www.metascan-online.com / www.jotti.org
log experts are notified, it may take some time before they are online
Thank you for reply.
Actually i dont have any file. I did quick system scan and it just detected this one register as malware/trojan.
Hello.
Please download Farbar Recovery Scan Tool (
http://www.mcshield.net/personal/magna86/Images/FRST_canned.png
) by Farbar and save it to your desktop.
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.
[*]Double-click to run it. When the tool opens click Yes to disclaimer.
[*]Under Optional Scan ensure “Driver MD5” are ticked.
[*]Press Scan button.
[*]It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
[*]The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Hello,
here are logs.
I see no present or active malware.
Please download DelFix by “Xplode” to your Desktop.
Run the tool and check the following boxes below;
[] Remove disinfection tools
[] Create registry backup
[*] Purge System Restore
Now click on “Run” button. Wait for the programme completes his work.
All the tools we used should be gone.
Tool will create and open an log report (DelFix.txt)
Note: The report will also be stored on C:\DelFix.txt
I don’t need DelFix log report.
edit.
Or is it some rest in the registry, malware (if it was present) not active.
Ok, thank you.
Can you please explain what is Delfix for and what it actually does? i mean if there is no threat, i am curious especially about options - remove desinfection tools and purge system restore.
DelFix, nicely explained
Removed system restore and create a new point, also deleted the tools that we use.
ok, i did even this, but SUPERAntiSpyware system scan still targeting register (i cant even find it in regedit)
Trojan.Agent/Gen - (x86) HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN#20131121
so you are sure there is no malware and this is only false alarm?
Edit: I did find it. - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 and there is “20131121”=hex:02,00,00,00,00,00,00,00,00,00,00,00
Could be a Bitcoinminer detection remainder, use safe mode to not get the alert.
Maybe a temp file cleaner will get rid of this remainder.
polonus
Thanks for reply,
i found that it is in “HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run” too.
There is register record “20131121”=“C:\Program Files\AVAST Software\Avast\setup\emupdate\737f022d-1098-4dad-9fbb-f3244e2767fc.exe /check”.
So can it be actually from Avast?
I’m getting the same detection from SAS and believe it’s a false positive.
ok, good to know, thank you
You’re welcome, netmars. Let’s see what the experts say, though.
Same detection here while running SAS!
I found another topic on this: http://forum.avast.com/index.php?topic=140730.0
Still coming up as Trojan/Gen after SAS Full scans on both XP and Win 8.1.
Is definitely an Avast EmUpdate File showing up
Had this too today after windows explorer crashing:
Trojan.Agent/Gen
(x86) HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN#20131121
Detectec by superantyspyware
wonder who is the culprit?..anydvd latest version, windvd pro update package or avast 8… >:(
If avast is the culprit i swear by the mother of God not to use Avast never again, none of its versions.
IS THIS FROM AVAST 8?
Thanks for replies all! Looks like fixed now, no more alert.