Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Upgraded to Vista SP2, antivirus just flagged rpcnet.exe and NTAgent.exe as trojans?

  1. #1
    supazoom Guest

    Default Upgraded to Vista SP2, antivirus just flagged rpcnet.exe and NTAgent.exe as trojans?

    Is this a legitimate threat? Please advise!

    Decription Anti-virus attempted but failed to repair a virus or viruses
    Date / Time 2009-05-27 02:02:08-4:00
    Type On-Access scan
    Virus name Trojan-Downloader.Win32.Agent.caye
    Filename C:\Windows\SysWOW64\rpcnet.exe
    Action File repair failed
    Mode Auto
    E-mail

    Decription Anti-virus attempted but failed to repair a virus or viruses
    Date / Time 2009-05-27 02:02:24-4:00
    Type On-Access scan
    Virus name Trojan-Downloader.Win32.Agent.caye
    Filename C:\Windows\SysWOW64\NTAgent.exe
    Action File repair failed
    Mode Auto
    E-mail

    Operating System:Windows Vista 64 bit
    Software Version:8.0
    Product Name:ZoneAlarm Internet Security Suite

  2. #2
    mogoat Guest

    Default Re: Trojan Downloader

    Last night, a similar issue began on my laptop running XP Media.
    ZoneAlarm found a file called trojan_downloader.win32.agent.caye in C:\windows\system32\rpcnet.exe and was unable to quarantine it.
    I chose to delete the file on reboot and rebooted and continued working.
    This morning, after I booted up again, ZoneAlarm found the same file but now it is in TWO locations, the one mentioned previously and in C:\windows\system32\NTAgent.exe also.
    The ZoneAlarm window showed that this time it had quarantined both the files.
    Help!

  3. #3
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,288

    Default Re: Trojan Downloader

    Hi!you should check the files with www.virustotal.com , If confirmed its a false positive (only Kaspersky reporting it or known of the 40 scanners) then see below on how to report it:http://forum.zonelabs.org/zonelabs/b....id=3780#M3780Cheers,Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  4. #4
    mogoat Guest

    Default Re: Trojan Downloader

    Cannot locate a copy of the quarantined files on
    my laptop :-(
    Now the trojan file seems to be getting recreated every 15 minutes.
    About every 15 minutes ZoneAlarm detects it again and quarantines it again after finding it in the NTAgent.exe file mentioned in previous post.
    Here is the latest detection:

    Trojan-Downloader.Win32.Agent.caye was found in C:\WINDOWS\system32\NTAgent.exe on 5/27/2009 10:04:48

  5. #5
    mogoat Guest

    Default Re: Trojan Downloader

    The trojan has also been found in this file on my laptop:
    C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP624\A0108964.EXE

  6. #6
    taxi Guest

    Default Re: Trojan Downloader

    I have the same thing on my laptop.ZA renamed the file to rpcnet.exe.vzr.This file has to do with Lojack for laptops.I talked to Absolute Software about the problem and they told me to uninstall lojack an reinstall.I have the same problem as before.I have not had any problem in the 2 years I have had lojack.Could there be a problem with 1 of the latest updates from ZA?
    taxi
    PS I tried to send the file to www.virustotal.com
    as you suggested, but they said it was a 0 file?

  7. #7
    supazoom Guest

    Default Re: Trojan Downloader

    I have the LoJack for laptops too. I believe this is a false positive! I don't recall downloading anything weird lately... just the service pack!

    I was able to quarantine one file and renamed the other. The 'virus' does not seem to be spreading as normally one does. Its just one file now that is renamed that keeps flagging.

  8. #8
    mogoat Guest

    Default Re: Trojan Downloader

    Does yours keep recurring?
    Mine reoccurs EVERY 15 minutes like clockwork.
    I wonder if that is the time cycle for LoJack's communications...


  9. #9
    supazoom Guest

    Default Re: Trojan Downloader

    No not every 15 min, maybe every few hours. Its annoying, and Im pretty sure its a false positive. Have you reported it?

  10. #10
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,288

    Default Re: Trojan Downloader

    Hi!it is essential you report the false positive to Kaspersky as indicated in my previous message...Otherwise you will keep this problem forever Set ZA not to treat automatically the malware, then recovery the file from the ZA quarantineand then send it to Kaspersky Lab.Cheers,Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •