 |
 | nero - Win.Trojan.Agent-222512 FOUND |  |
|
garyslavin
|
|
Hi all,
couple of questions - firstly, is this the coreect forum to be posting the output reports of Clamwin, secondly, can anyone help in interpreting the following output, I'm mostly concerned wrt the 'Win.Trojan.Agent-222512 FOUND' Scan Started Thu Apr 18 11:56:50 2013 ------------------------------------------------------------------------------- WARNING: Can't open file C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\106e46353cf357a966a8ed534cc46e11_bd866383-c094-447e-b331-8910478ac2b8: Permission denied WARNING: Can't open file C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\1961ac717d9f6ada481be34dd60f3340_bd866383-c094-447e-b331-8910478ac2b8: Permission denied WARNING: Can't open file C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\28065d97aa735068aa6918b1d45710c2_bd866383-c094-447e-b331-8910478ac2b8: Permission denied WARNING: Can't open file C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\3dd37e06891b81c917fd5331c19d96df_bd866383-c094-447e-b331-8910478ac2b8: Permission denied WARNING: Can't open file C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\67a0a8309e7302a9a35c41b97ac0eb84_bd866383-c094-447e-b331-8910478ac2b8: Permission denied WARNING: Can't open file C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\771d0848e723ebc8b1b5201a91e541bc_bd866383-c094-447e-b331-8910478ac2b8: Permission denied WARNING: Can't open file C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\7e9cbb3c0c978356e0fff3ec8860ad74_bd866383-c094-447e-b331-8910478ac2b8: Permission denied WARNING: Can't open file C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\8bf9a10faa24e15558370a40ce0ead37_bd866383-c094-447e-b331-8910478ac2b8: Permission denied WARNING: Can't open file C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\b468ded8469fb0cdbeb3031b37063a04_bd866383-c094-447e-b331-8910478ac2b8: Permission denied WARNING: Can't open file C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\be66072b3ba3459952d234fabaee036d_bd866383-c094-447e-b331-8910478ac2b8: Permission denied WARNING: Can't open file C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\cdba3dfd653afbab09b90434f92160e8_bd866383-c094-447e-b331-8910478ac2b8: Permission denied WARNING: Can't open file C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\106e46353cf357a966a8ed534cc46e11_bd866383-c094-447e-b331-8910478ac2b8: Permission denied WARNING: Can't open file C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1961ac717d9f6ada481be34dd60f3340_bd866383-c094-447e-b331-8910478ac2b8: Permission denied WARNING: Can't open file C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1d7229389be5f61df445815af247ca49_bd866383-c094-447e-b331-8910478ac2b8: Permission denied WARNING: Can't open file C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\28065d97aa735068aa6918b1d45710c2_bd866383-c094-447e-b331-8910478ac2b8: Permission denied WARNING: Can't open file C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3dd37e06891b81c917fd5331c19d96df_bd866383-c094-447e-b331-8910478ac2b8: Permission denied WARNING: Can't open file C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\67a0a8309e7302a9a35c41b97ac0eb84_bd866383-c094-447e-b331-8910478ac2b8: Permission denied WARNING: Can't open file C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\771d0848e723ebc8b1b5201a91e541bc_bd866383-c094-447e-b331-8910478ac2b8: Permission denied WARNING: Can't open file C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7e9cbb3c0c978356e0fff3ec8860ad74_bd866383-c094-447e-b331-8910478ac2b8: Permission denied WARNING: Can't open file C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8bf9a10faa24e15558370a40ce0ead37_bd866383-c094-447e-b331-8910478ac2b8: Permission denied WARNING: Can't open file C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b468ded8469fb0cdbeb3031b37063a04_bd866383-c094-447e-b331-8910478ac2b8: Permission denied WARNING: Can't open file C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\be66072b3ba3459952d234fabaee036d_bd866383-c094-447e-b331-8910478ac2b8: Permission denied WARNING: Can't open file C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cdba3dfd653afbab09b90434f92160e8_bd866383-c094-447e-b331-8910478ac2b8: Permission denied WARNING: Can't open file C:\Documents and Settings\to01467_2\Local Settings\Temp\tmp9.tmp: Permission denied WARNING: Can't open file C:\Documents and Settings\to01467_2\Local Settings\Temp\tmp9_log.LDF: Permission denied WARNING: Can't open file C:\hiberfil.sys: Permission denied WARNING: Can't open file C:\pagefile.sys: Permission denied WARNING: Can't open file C:\Program Files\Microsoft SQL Server\MSSQL$WINCCFLEXIBLE\Data\master.mdf: Permission denied WARNING: Can't open file C:\Program Files\Microsoft SQL Server\MSSQL$WINCCFLEXIBLE\Data\mastlog.ldf: Permission denied WARNING: Can't open file C:\Program Files\Microsoft SQL Server\MSSQL$WINCCFLEXIBLE\Data\model.mdf: Permission denied WARNING: Can't open file C:\Program Files\Microsoft SQL Server\MSSQL$WINCCFLEXIBLE\Data\modellog.ldf: Permission denied WARNING: Can't open file C:\Program Files\Microsoft SQL Server\MSSQL$WINCCFLEXIBLE\Data\msdbdata.mdf: Permission denied WARNING: Can't open file C:\Program Files\Microsoft SQL Server\MSSQL$WINCCFLEXIBLE\Data\msdblog.ldf: Permission denied WARNING: Can't open file C:\Program Files\Microsoft SQL Server\MSSQL$WINCCFLEXIBLE\Data\tempdb.mdf: Permission denied WARNING: Can't open file C:\Program Files\Microsoft SQL Server\MSSQL$WINCCFLEXIBLE\Data\templog.ldf: Permission denied WARNING: Can't open file C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\master.mdf: Permission denied WARNING: Can't open file C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\mastlog.ldf: Permission denied WARNING: Can't open file C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\model.mdf: Permission denied WARNING: Can't open file C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\modellog.ldf: Permission denied WARNING: Can't open file C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdbdata.mdf: Permission denied WARNING: Can't open file C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdblog.ldf: Permission denied WARNING: Can't open file C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\tempdb.mdf: Permission denied WARNING: Can't open file C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\templog.ldf: Permission denied WARNING: Can't open file C:\RECYCLER\S-1-5-21-1330094603-3518261340-4270543271-1005\Dc2\MachineKeys\ac9f797d4e33f4cc66e81f329ef2e35d_bd866383-c094-447e-b331-8910478ac2b8: Permission denied WARNING: Can't open file C:\RECYCLER\S-1-5-21-1330094603-3518261340-4270543271-1005\Dc3\MachineKeys\1d7229389be5f61df445815af247ca49_bd866383-c094-447e-b331-8910478ac2b8: Permission denied WARNING: Can't open file C:\RECYCLER\S-1-5-21-1330094603-3518261340-4270543271-1005\Dc4: Permission denied WARNING: Can't open file C:\RECYCLER\S-1-5-21-1330094603-3518261340-4270543271-1005\Dc5: Permission denied WARNING: Can't open file C:\RECYCLER\S-1-5-21-1330094603-3518261340-4270543271-1005\Dc6: Permission denied WARNING: Can't open file C:\RECYCLER\S-1-5-21-1330094603-3518261340-4270543271-1005\Dc7: Permission denied WARNING: Can't open file C:\RECYCLER\S-1-5-21-1330094603-3518261340-4270543271-1005\Dc8: Permission denied WARNING: Can't open file C:\WINDOWS\system32\CatRoot2\tmp.edb: Permission denied WARNING: Can't open file C:\WINDOWS\system32\CatRoot2\127D0A1D-4EF2-11D1-8608-00C04FC295EE\catdb: Permission denied WARNING: Can't open file C:\WINDOWS\system32\CatRoot2\F750E6C3-38EE-11D1-85E5-00C04FC295EE\catdb: Permission denied WARNING: Can't open file C:\WINDOWS\system32\config\DEFAULT: Permission denied WARNING: Can't open file C:\WINDOWS\system32\config\SAM: Permission denied WARNING: Can't open file C:\WINDOWS\system32\config\SECURITY: Permission denied WARNING: Can't open file C:\WINDOWS\system32\config\SOFTWARE: Permission denied WARNING: Can't open file C:\WINDOWS\system32\config\SYSTEM: Permission denied C:\NERO\Installation\Cab\28E70B86.cab: Win.Trojan.Agent-222512 FOUND C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe: Win.Trojan.Agent-222512 FOUND ----------- SCAN SUMMARY ----------- Known viruses: 2131341 Engine version: 0.97.6 Scanned directories: 11490 Scanned files: 128268 Infected files: 2 Data scanned: 15106.27 MB Data read: 24386.67 MB (ratio 0.62:1) Time: 3858.438 sec (64 m 18 s) The following files are Digitally Signed by Microsoft Corporation and may have been incorrectly detected as viruses: C:\WINDOWS\ServicePackFiles\i386\mspaint.exe: [Win.Trojan.Agent-279653] FALSE POSITIVE FOUND C:\WINDOWS\ServicePackFiles\i386\ping.exe: [Win.Trojan.Agent-287000] FALSE POSITIVE FOUND C:\WINDOWS\system32\mspaint.exe: [Win.Trojan.Agent-279653] FALSE POSITIVE FOUND C:\WINDOWS\system32\ping.exe: [Win.Trojan.Agent-287000] FALSE POSITIVE FOUND Please do not be alarmed and help us by submitting the files identified above as FALSE POSITIVE at https://www.clamav.net/sendvirus/ -------------------------------------- Completed -------------------------------------- Best regards, Gary |
|||||||||||
|
|||||||||||||
 |
| |
|
xqrzd
|
|
Hi,
These all look like false positives. Do you have the latest database? ClamAV recently fixed a lot of false positives (although it's possible they just added more). If you are worried about NBService.exe, you can upload it to virustotal.com. Otherwise, you can submit the detected files as false positives https://www.clamav.net/lang/en/sendvirus/submit-fp |
|||||||||||
|
|||||||||||||
|
| |
|
GuitarBob
|
|
Let me add that it is a bit unusual to have a permission denied on Recycler files. And that Nero detection looks like the real deal to me--viruses like to hide in files like that. I would set ClamWin to quarantine suspicious files and rescan. Verify anything quarantined with Jotti or Virus Total--you can always restore from quarantine with the ClamWin Quarantine Browser program (access via Start, All Programs, ClamWin, Quarantine Browser). ClamWin has protection against false detections of Microsoft/Windows files that have a valid digital signature--it will tell you about the false detection and suggest that you upload the file to Clam AV so they can fix their signature.
That Recycler stuff worries me--try to scan with another AV (Malwarebyes) or get into Windows Safe Mode (hit F8 repeatedly upon booting up until you get the Safe Mode menu and select Safe Mode With Networking so you can update ClamWin) and then scan everything--it will take longer than a regular scan. Regards, |
|||||||||||
|
|||||||||||||
|
 | nero - Win.Trojan.Agent-222512 FOUND | |
|
||
|
|
|
Powered by phpBB © phpBB Group
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.