ClamWin Free Antivirus Forum Index
ClamWin Free Antivirus
Support and Discussion Forums
Reply to topic
I also scanned a friend's computer not my own and found this
james159951


Joined: 07 Mar 2017
Posts: 5
Reply with quote
-------------------------------------------------------------------------------

/media/ubuntu/OS/Program Files (x86)/Common Files/Apple/Mobile Device Support/Mingler.exe: Win.Trojan.Agent-1365924 FOUND
/media/ubuntu/OS/Program Files (x86)/GUM8333.tmp/GoogleCrashHandler.exe: Win.Trojan.Agent-1372195 FOUND
/media/ubuntu/OS/Program Files (x86)/GUM8333.tmp/GoogleUpdateBroker.exe: Win.Worm.Chir-2439 FOUND
/media/ubuntu/OS/Program Files (x86)/GUM8333.tmp/GoogleUpdateOnDemand.exe: Win.Worm.Chir-2439 FOUND
/media/ubuntu/OS/Program Files (x86)/HDTotalS/HDTotalS-bg.exe: Win.Adware.Agent-1332373 FOUND
/media/ubuntu/OS/Program Files (x86)/HDTotalS/Uninstall.exe: Win.Trojan.Agent-1249990 FOUND
/media/ubuntu/OS/Program Files (x86)/Highlightly/IE/HighlightlyClientIE.dll: Win.Adware.Agent-1327657 FOUND
/media/ubuntu/OS/ProgramData/Temp/{3023EBDA-BF1B-4831-B347-E5018555F26E}/PostBuild.exe: Win.Worm.Runouce-879 FOUND
/media/ubuntu/OS/ProgramData/Temp/{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}/PostBuild.exe: Win.Worm.Runouce-879 FOUND
/media/ubuntu/OS/ProgramData/Temp/{DCCAD079-F92C-44DA-B258-624FC6517A5A}/PostBuild.exe: Win.Worm.Runouce-879 FOUND
/media/ubuntu/OS/ProgramData/Temp/{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}/PostBuild.exe: Win.Worm.Runouce-879 FOUND
/media/ubuntu/OS/ProgramData/MFAData/SelfUpd/avgmfapx.exe: Win.Worm.Chir-2036 FOUND
/media/ubuntu/OS/ProgramData/MFAData/SelfUpd/avgntdumpx.exe: Win.Worm.Chir-1858 FOUND
/media/ubuntu/OS/swsetup/APP/Multimedia/CyberLink/HPMediaSmartDVD/4.0.1.3902/HPMSDVD/hp/tmp/src/MediaSmart DVD.msi: Win.Worm.Runouce-879 FOUND
/media/ubuntu/OS/swsetup/APP/Multimedia/CyberLink/HPMSTSMusic/3.2.1.3910/HPMSTSMusic/hp/tmp/src/HP.msi: Win.Worm.Runouce-879 FOUND
/media/ubuntu/OS/swsetup/APP/Multimedia/CyberLink/MSTSDVDMenuPack/4.0.1.3715/HPMSTSDVDMenu/hp/tmp/src/HP.msi: Win.Worm.Runouce-879 FOUND
/media/ubuntu/OS/swsetup/APP/Multimedia/CyberLink/MSTSMovieThemes/4.0.1.3715/HPMSTSMovieTheme/hp/tmp/src/HP.msi: Win.Worm.Runouce-879 FOUND
/media/ubuntu/OS/swsetup/APP/Multimedia/CyberLink/Power2Go/6.1.3810/src/Power2Go.msi: Win.Worm.Palevo-39167 FOUND
/media/ubuntu/OS/Users/Brian/AppData/Local/19475/a11947.exe: Win.Adware.Agent-1116002 FOUND
/media/ubuntu/OS/Users/Brian/AppData/Local/IdleCrawler/IdleProfile.exe: Win.Trojan.Agent-1140576 FOUND
/media/ubuntu/OS/Users/Brian/AppData/Local/IdleCrawler/uninstall.exe: Win.Trojan.Agent-1140576 FOUND
/media/ubuntu/OS/Users/Brian/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/02BWYQ1X/Setup[1].exe: Win.Trojan.15493331-1 FOUND
/media/ubuntu/OS/Users/Brian/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/02BWYQ1X/ViewPlaySetup[1].exe: Win.Trojan.15493331-1 FOUND
/media/ubuntu/OS/Users/Brian/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/6K7GPKL7/Setup[1].exe: Win.Trojan.Agent-1140576 FOUND
/media/ubuntu/OS/Users/Brian/AppData/Local/Smartbar/Application/amfclgbdpgndipgoegfpkkgobahigbcl/GoogleChromeRemotePlugin.dll: Win.Adware.Agent-1302481 FOUND
/media/ubuntu/OS/Users/Brian/AppData/Local/Smartbar/Application/helperbar@helperbar.com/components/SmartbarFireFoxRemotePlugin_28.dll: Win.Adware.Linkury-3999 FOUND
/media/ubuntu/OS/Users/Brian/AppData/Local/Smartbar/Application/Interop.SHDocVw.dll: Win.Adware.Linkury-2970 FOUND
/media/ubuntu/OS/Users/Brian/AppData/Local/Temp/jki67B7.tmp: Win.Adware.Domaiq-316 FOUND
/media/ubuntu/OS/Users/Brian/AppData/Local/Temp/3069446241: Win.Trojan.Agent-1140576 FOUND
/media/ubuntu/OS/Users/Brian/AppData/Local/Temp/3551229692: Win.Trojan.15493331-1 FOUND
/media/ubuntu/OS/Users/Brian/AppData/Local/Temp/5bdb0f77-f307-4538-bce3-07c7d63e6c92/software/OptimizerPro.exe: Win.Trojan.Agent-1144374 FOUND
/media/ubuntu/OS/Users/Brian/AppData/Local/Google/Chrome/User Data/Default/File System/001/t/00/00000000: Win.Adware.Domaiq-1 FOUND
/media/ubuntu/OS/Users/Brian/AppData/Local/Google/Chrome/User Data/WidevineCDM/1.4.4.600/_platform_specific/win_x86/widevinecdm.dll: Win.Trojan.Nimnul-23 FOUND
/media/ubuntu/OS/Users/Brian/AppData/Roaming/Microsoft/Crypto/RSA/S-1-5-21-2266226277-38424506-3487242090-1001/4bd07e1ba952c6aa9bf83a8d98c08949_76330c93-3c53-49e3-b754-246979998df6: Win.Trojan.Agent-5497009-0 FOUND
/media/ubuntu/OS/Windows/assembly/GAC_MSIL/Interop.SHDocVw/1.1.0.0__84542ff99aed6a4d/Interop.SHDocVw.dll: Win.Adware.Linkury-2970 FOUND
/media/ubuntu/OS/Windows/Installer/202e9.msi: Win.Worm.Runouce-879 FOUND
/media/ubuntu/OS/Windows/Installer/20306.msi: Win.Worm.Palevo-39167 FOUND
/media/ubuntu/OS/Windows/Installer/20332.msi: Win.Worm.Runouce-879 FOUND
/media/ubuntu/OS/Windows/Installer/20353.msi: Win.Worm.Runouce-879 FOUND
/media/ubuntu/OS/Windows/Installer/20358.msi: Win.Worm.Runouce-879 FOUND

----------- SCAN SUMMARY -----------
Known viruses: 5943094
Engine version: 0.99.2
Scanned directories: 39215
Scanned files: 210175
Infected files: 40
Total errors: 1
Data scanned: 54082.44 MB
Data read: 70006.63 MB (ratio 0.77:1)
Time: 10187.179 sec (169 m 47 s)
View user's profileSend private message
james159951


Joined: 07 Mar 2017
Posts: 5
Reply with quote
I think I might have a worm on my friend's computer after uploading a file to virustotal.com
This is what Kaspersky and Eset have found:

Kaspersky: not-a-virus:RiskTool.Win32.Agent.ihv
ESET-NOD32 : Win32/SpeedingUpMyPC.I

Avira, Bitdefender, and Sophos haven't detected the file as malware.

I know that worms can spread to removable media such as USB flash drives, so I would like to know if it's a worm or not, so that I can decide whether to copy his pictures and music files safely onto a USB thumb drive.

Your help is much appreciated.
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4266
Location: USA
Reply with quote
Judging by the name of the program it is probably a potentially unwanted program (PUP). Pups are not really malware, but they can be used by malware authors and are sometimes associated with malware. Here is a small list of PUPs: packers, remote administration tools (RAT), some scripts, torrent downloaders, some adware, and programs that let you use a commercial program without paying for it. Pups are sometimes placed on your computer without your knowledge--such as when you download a file over the web.

Some AVs let you automatically quarantine/delete PUPS or ignore them. My suggestion is to delete any PUPs that you find--unless you wanted the program and know when it was downloaded.

Regards,
View user's profileSend private message
james159951


Joined: 07 Mar 2017
Posts: 5
Reply with quote
OK, what about these three, though? Are these three files really trojan horses?

/media/ubuntu/OS/Users/Brian/AppData/Local/IdleCrawler/IdleProfile.exe

Avira: TR/Click.234152
Bitdefender: safe
ESET-NOD32: safe
Kaspersky: Trojan-Clicker.JS.Agent.pp
Sophos: Mal/Generic-L

/media/ubuntu/OS/Users/Brian/AppData/Local/IdleCrawler/uninstall.exe

Avira: TR/Click.Agent.obbbk
Bitdefender: safe
ESET-NOD32: safe
Kaspersky: Trojan-Clicker.Win32.Agent.cbim
Sophos: safe

/media/ubuntu/OS/Users/Brian/AppData/Local/Smartbar/Application/amfclgbdpgndipgoegfpkkgobahigbcl/GoogleChromeRemotePlugin.dll

Avira: safe
Bitdefender: Gen:Adware.Heur.ku9@g1zf5Rci
ESET-NOD32: Gen:Adware.Heur.ku9@g1zf5Rci
Kaspersky: Gen:Adware.Heur.ku9@g1zf5Rci
Sophos: safe

I'm more concerned about the first two. Are these really trojan horses?
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4266
Location: USA
Reply with quote
There's no way I can tell if the files are infected because I don't have a copy of them.


When I was preparing virus signatures for Clam AV from 2008-2013, I used a rule when I couldn't detect anything malicious about a file: Here is the rule: I needed at least 2 of these AVs to detect a file as infected before I believed it: Avira, Bitdefender, Eset, Kaspersky, and Sophos. Apply this rule to your files.

Another helpful rule: look at the source of the file to get an idea as to whether or not it is malicious. Did you get them from someone you trust or did you get them from somewhere on the wild and wooly web/internet (including email/download site)? If you didn't ask for the files, you probably don't want/need them.

Regards,
View user's profileSend private message
I also scanned a friend's computer not my own and found this
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 1  

  
  
 Reply to topic