Results 1 to 6 of 6

Thread: Is Trojan.Win32.Agent.avcy. a False Positive?

  1. #1
    bcool Guest

    Default Is Trojan.Win32.Agent.avcy. a False Positive?

    HowzIt,

    Last night a scan found this Trojan.Win32.Agent.avcy. PATH C:\WINDOWS\system32\ZoneLabs\lib\ConfigWizard.zip. dll The Trojan was quarantined.

    Today the scan results window pop up all by it's self and found this Trojan.Win32.Agent.avcy. PATH C:\System Volume Imformation\_restore{D7BD54B8-C977-4903-8CE7-9415B851Ec71}\RP1184\A048... It to was quarantined.

    OK,what is going on here? Is this a False Positive or a True Threat...If It is a False Positive why is it showing up in two different places?...Also What should I do with the files that have been quarantined.

    Aloha,bcool

    Operating System:Windows XP Pro
    Product Name:ZoneAlarm Internet Security Suite

  2. #2
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,286

    Default Re: Is Trojan.Win32.Agent.avcy. a False Positive?

    Hi!first upload to www.virustotal.com to cross check for false positives (only KAV engine reporting it).... then see here:http://forum.zonelabs.org/zonelabs/b...essage.id=3780Cheers,Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  3. #3
    bcool Guest

    Default Re: Is Trojan.Win32.Agent.avcy. a False Positive?

    Howz It Guru fax,

    Thank you for your response... I tracked down Trojan.Win32.Agent.avcy. PATH C:\WINDOWS\system32\ZoneLabs\lib\ConfigWizard.zip. dll The ConfigWizard.zip.dll file was not in the lib folder,I assume because it is in quarantine...To tell you the truth I don't think ConfigWizard.zip.dll is a virus...Just the same,I've never done this before so should I restore the the so called virus and then track it down on virustotal.com and up load it from there?...The only reason I'm considering the hassle is Trojan.Win32.Agent.avcy showed up again in another place,PATH C:\System Volume Imformation\_restore{D7BD54B8-C977-4903-8CE7-9415B851Ec71}\RP1184\A048...

    Aloha,bcool

  4. #4
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,286

    Default Re: Is Trojan.Win32.Agent.avcy. a False Positive?

    Hi!yes, one is the file in the main zonelabs system directory and the other is the the same in a OSrestore point. Nothing abnormal...It seems clearly a false positive, just set your antivirus to ask you before treating the supposed malware and upload it to www.virustotal.com once confirmed report it asfalse positive (link already given to you).Cheers,Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  5. #5
    bcool Guest

    Default Re: Is Trojan.Win32.Agent.avcy. a False Positive?

    Guru fax,

    virustotal.com reports 0 bytes size received also I tried to e-mail but got a message saying some files are missing.I'm not sure what all that means...

    Aloha,bcool

  6. #6
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,286

    Default Re: Is Trojan.Win32.Agent.avcy. a False Positive?

    Hi!the file is 0 bytes because is either corrupted or in use.Shutdown ZA, wait 2 minutes and try to upload it. Copy (not move) the file somewhere else so you will see if the file is still locked.Cheers,Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •