Results 1 to 9 of 9

Thread: Malwarebytes' Anti-Malware detects Trojan.Agent, but no other program does

Hybrid View

  1. #1
    yenooc Guest

    Default Malwarebytes' Anti-Malware detects Trojan.Agent, but no other program does

    My main firewall/anti-virus/anti-spyware program is Zone Alarm Internet Security Suite.
    I also have Malwarebytes' Anti-Malware 1.36, which I run periodically.

    It has been repeatedly finding a Trojan.Agent in a folder called A on our computer. It does not name a specific file in that folder that is infected. Here is the text of the most recent log file:

    Malwarebytes' Anti-Malware 1.36
    Database version: 2036
    Windows 5.1.2600 Service Pack 3

    4/24/2009 2:02:44 PM
    mbam-log-2009-04-24 (14-02-44).txt

    Scan type: Quick Scan
    Objects scanned: 81846
    Time elapsed: 2 minute(s), 17 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\A (Trojan.Agent) -> Delete on reboot.


    I have run SuperAntiSpyware and Zone Alarm Anti-Virus and Anti-Spyware, and none of those programs find this Trojan. Malwarebytes Anti-Virus does not find this Trojan when run in Safe Mode, only in regular mode. I have cleared all system restore points, I have disabled Zone Alarm so it will not run on reboot and I have run Malwarebytes' Anti-Malware and rebooted into regular mode when Malwarebytes' Anti-Malware finds this Trojan, but it is still there.
    (I re-enabled Zone Alarm after trying the above steps).

    It confuses me that Malwarebytes' Anti-Malware does not name a specific file in the folder as being infected with this Trojan. Is this normal? Is this a false positive? Any help anyone can give would be much appreciated.


    Operating System:Windows XP Home Edition
    Software Version:8.0
    Product Name:ZoneAlarm Internet Security Suite

  2. #2
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: Malwarebytes' Anti-Malware detects Trojan.Agent, but no other program does

    Best answer is here.
    I am no expert in the MBAM, but the people at that forum are the MBAM experts.

    Best regards.
    Oldsod.
    Best regards.
    oldsod

  3. #3
    yenooc Guest

    Default Re: Malwarebytes' Anti-Malware detects Trojan.Agent, but no other program does

    Thank you, Oldsod.
    I posted there, and one person has a suggestion so far (to run Chkdsk in case the problem is a corrupted file).
    I will try that suggestion, and see if any other suggestions show up there if that doesn't work.

  4. #4
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: Malwarebytes' Anti-Malware detects Trojan.Agent, but no other program does


    <blockquote><hr>yenooc wrote:
    Thank you, Oldsod.
    I posted there, and one person has a suggestion so far (to run Chkdsk in case the problem is a corrupted file).
    I will try that suggestion, and see if any other suggestions show up there if that doesn't work.

    <hr></blockquote>


    Seems like good advice...unless there is a hidden folder named A on the root of the drive.
    Oldsod.
    Best regards.
    oldsod

  5. #5
    naivemelody Guest

    Default Re: Malwarebytes' Anti-Malware - detections?

    yenooc, you know your Malwarebytes 'can collect the information' of any suspect scans/ detections
    and will be sent to Malwarebytes for further analysis.<hr>In Malwarebytes - Go to &gt;
    'More Tools' - if you still have the after scan results/ logs
    use &quot;Collect Information&quot; and send. Look at Malwarebyte's Support and Forum on how to do this properly.<hr>I can tell you as a user of the free version of Malwarebytes - that it does 'produce false positives' every now and then. For example I had McAfee Removal Tool, Microsoft Installer Clean-up Tool, and some other un-installers
    - saved to desktop, and Malwarebytes - detected it; but I was able to see the path description and I knew it was false.

  6. #6
    yenooc Guest

    Default Re: Malwarebytes' Anti-Malware - detections?

    Thank you, Oldsod and NaiveMelody.
    I have &quot;show hidden folders&quot; checked in folder options, and the only folder called &quot;A&quot; we have on the computer is a user-created folder.
    I scanned all files that were not in a subfolder in the &quot;A&quot; folder with Zone Alarm anti-virus, and no viruses were found.
    I have not yet tried collecting the information and sending it to Malwarebytes, that is also a good suggestion and I will try it.

    I am told chkdsk could take eight hours or more to run on our computer, so will try that when I have a block of time I can risk not having access to the computer.
    Also, thanks for the information that you have had false positives with the free version of Malwarebytes, NaiveMelody.
    I am thinking that's what this is, but I am going to try these other good suggestions just to put my mind at ease.
    Best regards,yenooc

  7. #7
    nkeklund Guest

    Default Re: Malwarebytes' Anti-Malware detects Trojan.Agent, but no other program does

    I've googled and googled and come across a few places that say it is a false positive, particuarly if the registry entry it creates is 6to4, it reads this in subkey. It has to do with IPv6 routing I found out. If your key isn't 6to4 in it, then discard this message.

  8. #8
    yenooc Guest

    Default Re: Malwarebytes' Anti-Malware detects Trojan.Agent, but no other program does

    Thank you for your research and your reply, nkeklund.
    I posted a HJT log
    in the Malwarebytes' forum a couple of days ago, but so far have gotten no responses from any of the groups authorized to help with HJT logs there.
    I don't know how to tell if the registry entry it creates is 6to4; I don't go into my registry as I don't feel like I am an advance enough user to poke around in there.
    Is there another way I could tell if the registry entry it creates is 6to4?

    Thank you and best regards,yenooc

  9. #9
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: Malwarebytes' Anti-Malware detects Trojan.Agent, but no other program does


    <blockquote><hr>yenooc wrote:
    Thank you for your research and your reply, nkeklund.
    I posted a HJT log
    in the Malwarebytes' forum a couple of days ago, but so far have gotten no responses from any of the groups authorized to help with HJT logs there.
    I don't know how to tell if the registry entry it creates is 6to4; I don't go into my registry as I don't feel like I am an advance enough user to poke around in there.
    Is there another way I could tell if the registry entry it creates is 6to4?

    Thank you and best regards,yenooc

    <hr></blockquote>
    Try this HJT forum

    http://www.bleepingcomputer.com/forums/topic34773.html

    Oldsod.
    Best regards.
    oldsod

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •