Trojans found
I scan my computer with MBAM regularly, today after updating my MBAM and then scanning I found Trojan in my computer.
Here is screen view of found Trojan
Trojan.Agent according to MBAM
I have recent OS history of infected folder with this one but at that time the scans with MBAM may not be able to detect this.
Can you try to repair your installation?
Go to Control Panel > Add/Remove programs > avast! antivirus > Remove. Then choose Repair function in the popup window (Repair).
If this does not help, can you uninstall / boot / install / boot again?
Downloaded the latest version 4.8.1356 of avast home
I have repaired the installation of avast home
The file is now available in system32 folder (edit) and new file is not infected scanned with MBAM(Database Version 2887). It was False Positive earlier shown by MBAM in previous scan scanned with database version 2880.
Trojan found while scanning all files with SuperAntispyware. I scan with SAS with MBAM protection turned on and detected this. MBAM give message that something Malicious detected in HijackThis.log. I quarantined and restored the file for VirusTotal analysis but after restore SAS and MBAM detected nothing in this file. I don’t know where the Malicious thing gone away.
Based on the fact it is detecting a .log file alone, which is an inert text file format, I would say it was a false positive by MBAM (which is supported by the VT results). Now that FP has been corrected hence why it is no longer detected.
Trojan.Downloader found again while scanning all files with SuperAntispyware.
I scan with SAS with MBAM protection and avast resident all shields turned on and detected this (with three scanners at same time).
Earlier it was not detected by scanning all files with avast and MBAM protection turned on.(Not detected by using two scanners at same time)
View the images of detection.
I have quarantined this and what to do next about this.
Well you have to start doing the analysis of what is going on on ‘your’ system as only you know how it might have got their:
So, do you have Hijackthis installed ?
Is the C:\logs the folder you choose to store your hijackthis logs and called it hijackthis.log ?
If the are true then there should be no problem.
If any of them aren’t true then you should delete the file and be done with it. This is especially true if this file is regenerated after previously having been removed in the MBAM scan and you haven’t run Hijackthis since that scan ?
However, I’m still highly suspicious of the detection as a .log file is a text file and as such not a process attempting to start (as the first image states).
All of the above however, is a moot point as this really should be reported on the MBAM forums as we can’t do anything about possible false positive detections. So if the false positive isn’t corrected then you will continually get this detection.
Yes, I have HijackThis installed
Yes, C:\logs the folder I choose to store HijackThis logs and called it hijackthis.log
The file HijackThis.log was present in this folder before Quarantine and it was uploaded to avast forum.
edit:
Previously Trojan.Downloader found log file was restored in a folder of C:\Program Files\Trend Micro\HijackThis in which HijackThis is installed and deleted afterwards. This is a new log file in which Trojan.Downloader is found C:\logs, this file was not detected earlier with three scanners running at same time.
Then you need to report this as a probable false positive on the MBAM forums, so they can correct the detection.
What is strange is that this only seems to effect the residen version (paid or trial) of MBAM as I retain a number of my HJT log files and they aren’t detected when I do on-demand scans with the free version of MBAM (no resident).
I don’t know if the detection happens when you actually run HJT and then save the log, as there is little information in your post as to exactly when this detection/alert happens.
That may be the default location for HJT but it isn’t for the .log which you can place anywhere. The problem is not that simple as MBAM seems to think that the .log file is attempting to start and has blocked all execution attempts from this process, which is plainly rubbish as a .log file is a text file and can’t start/execute anything, expand the first image in Reply #31 above.
Check again and you will see nothing is stored in the root folder but the C:\Logs\ folder.
MBAM I fear has got it wrong in this case and they need to investigate it.
I don't know if the detection happens when you actually run HJT and then save the log, as there is little information in your post as to exactly when this detection/alert happens.
This detection not happens when I actually run HJT and then save the log.
This detection by MBAM only happened on previously saved logs of the last three months (Detected only when running three scanners SAS-scanning all files, MBAM Protection and avast shields turned on at this time this alert happens). It was not detected by scanning with avast and MBAM Protection turned on (not detected using two scanners at same time).
First time it was detected in the HijackThis Folder in Programfiles, the log was saved a month ago. Then I restored and posted result shown by VirusTotal which was clean and then deleted that log file.
Second time it was detected in the C:\logs folder, the log was saved a three months ago. This file was not detected as infected at First Time scan using three scanners at same time.(scanning with SAS, MBAM Protection and avast at same time)
Both files were from the same HijackThis Software installed four months ago.
Another detection of Trojan.Downloader was found on my office computer (Detected only when running three scanners (SAS-scanning all files with MBAM Protection and avast shields turned on). I take files from Home Computer to Office Computer regularly. I think it is transferred from my home computer to Office computer while file transfer. This time it was detected in the DOS version of FOXPRO which I never used. The detected file was something like 12345678.tmp. the extension of file was .tmp (a temporary file of DOS version of FOXPRO) on Windows xp sp2. I use this computer only for work and it has no internet connection and screen capture software like my home computer.