TROJ AGENT.BF (false positives by Trend Micro?)

Hi I’m new here, but I’ve been using Avast antivirus for almost half a year already…

I always use Trend Micro’s Housecall in addition to Avast to check for virus on my pc. Recently (over the past two weeks) the Housecall found that there are two virus infected files on my computer, but when I used Avast and Norton (online) Security Check, they found nothing… I’m wondering if those two files reported by Trend Micro are false positives… Here are the details of the two files:

Virus: TROJ AGENT.BF
File Location(s):
C:\Program Files\WindUpdates\Comm.dll
C:\Program Files\WindUpdates\WinUpdt.exe

My PC system info:
Microsoft Windows XP Home Edition SP1
AMD Athlon XP 1500+
256MB RAM
Avast! 4.1 Home Edition
Zone Alarm 5.1
SpywareBlaster 3.2
SpywareGuard 2.2
Ad-aware SE Personal 1.03

Do you want me to send you the files? Where should I send it to?

Thanks a lot…

C:\Program Files\WindUpdates\Comm.dll

http://www.ntcompatible.com/thread28098-1.html

C:\Program Files\WindUpdates\WinUpdt.exe

http://computercops.biz/postt65984.html

Judging by the path and filenames these seem to be genuine nasties. Please submit them to Avast! mailto:virus@avast.com

Please read the full thread at computer cops, some bad advice was given but the OP seems to have solved his problem.

You can also scan them at www.virusscan.jotti.dhs.org if any other scanners here detect them it is less likely to be a false positive.

Delta.

Hi CWWW,

Yes I would do exactly what Delta says. If Jotti’s scan does not report anything then as well as sending the file to Avast you can also send it to newvirus@kaspersky.com (Kaspersky labs) where they will analyse it quickly and give you a reply if its false positive or real.

Let us know what Jotti’s scanner says? http://virusscan.jotti.dhs.org/

Cheers

Jlo

Sorry I forgot to mention. You can also send the files to trend AV at http://subwiz.trendmicro.com/subwiz/default.asp

although in my experence they are not that quick unless you are a premium support customer (Corporate side)

Cheers

Jlo

Winupdates is known malware, so it is good they are detected.
Keep however in mind, that although more and more AV software is detecting adware, spyware and such as well, they still primarly are develloped for detecting viruses.

Keep also in mind that there is no applications, and there likely will never be, that can detect ALL malware.

More info about winupdates can be read at many websites that deal with spy-/adware removal.

hmm… both files are detected as malware…

Here’s the stats:
File: Comm.dll
Status: INFECTED/MALWARE
Packers detected: None

AntiVir No viruses found (4.81 seconds taken)
Avast No viruses found (15.75 seconds taken)
BitDefender No viruses found (12.62 seconds taken)
ClamAV No viruses found (23.80 seconds taken)
F-Prot Antivirus W32/Agent.BC (0.96 seconds taken)
F-Secure Anti-Virus TrojanDownloader.Win32.Agent.bf (9.66 seconds taken)
Kaspersky Anti-Virus TrojanDownloader.Win32.Agent.bf (4.29 seconds taken)
mks_vir No viruses found (3.62 seconds taken)
Norman Virus Control No viruses found (1.25 seconds taken)


File: WinUpdt.exe
Status: INFECTED/MALWARE
Packers detected: None

AntiVir No viruses found (4.58 seconds taken)
Avast No viruses found (13.75 seconds taken)
BitDefender No viruses found (6.89 seconds taken)
ClamAV Trojan.Downloader.Agent.BF (12.89 seconds taken)
F-Prot Antivirus W32/Agent.BC (0.67 seconds taken)
F-Secure Anti-Virus TrojanDownloader.Win32.Agent.bf (9.50 seconds taken)
Kaspersky Anti-Virus TrojanDownloader.Win32.Agent.bf (8.35 seconds taken)
mks_vir No viruses found (5.49 seconds taken)
Norman Virus Control No viruses found (73.55 seconds taken)


How come it took so long for avast compared to other av, ah nevermind, norman is even worse… I’ll email the files to Avast shorly…

THanks everybody…

Hi,

Well in fairness I have seen a couple of viruses where only Avast detected them!

At the end of the day you cannot rely on just one antivirus software. The on line scan is useful as it uses multi scan engines.

With out a doubt the best scan engine is kaspersky which detects the most malware and backdoors
BUT
Avast has never let me down with viruses sent to me in the wild!! With big outbreaks they are normally one of the first to add detection (Not always but mostly) and they offer a free home edition! and a very freindly forum.

If I did receive or download a file then I would alway double check it on Jotti scanner.

Please do send that malware to avast as they are pretty quick on updating so then we can all be protected:)

Cheers

Jlo

Already sent the files to avast! :slight_smile:

Now I’m trying to get rid the files… hope that the instructions given by the posters from the other forum would work… I won’t mind if there’s any additional advice for how to get rid of the files… :slight_smile:

One thing which I was not very happy is that all my anti-spyware programs (SpywareBlaster, SpywareGuard and Ad-Aware) did not stop the files from getting into my pc… anyway, this pc is shared by several users, perhaps one of them let them in… >:(

anyway, is malware different from spyware?

Malware is a generic term for any MALicicious program ie one that is created to cause trouble; it includes viruses, trojans, spyware etc.

Have you submitted these files to Lavasoft and the other anti ad/spyware companies?

Delta.

Just checked Jotti page and found a beagle varient that Avast :wink: bitdefender, MKS and Kasperky caught and the others missed!! including F-secure. Just to highlight my post 2 threads ago no AV is 100% reliable.

Last piece of malware found was Win32 in beagle.zip, detected by:

Scanner Malware name Time taken
AntiVir X 1.25 seconds
Avast Win32:Beagle-FSG 4.59 seconds
BitDefender Win32.Bagle.10.Gen@mm 3.19 seconds
ClamAV X 6.11 seconds
F-Prot Antivirus X 0.43 seconds
F-Secure Anti-Virus X 3.66 seconds
Kaspersky Anti-Virus I-Worm.Bagle.z 4.68 seconds
mks_vir Win32 4.53 seconds
Norman Virus Control X 7.23 seconds

Well done Avast

Jlo