Trojan Horse: Dropper.Agent.8.B

From software to hardware, breakthough to disaster, it all belongs here!

Moderator: CricketMX Forum Moderators

Post Reply
User avatar
moongirl
Moderator
Moderator
Posts: 19016
Joined: Mon Jan 12, 2004 8:07 am

I keep my AVG Free completely up to date and run it regularly, and found this it is in the Virus Vault:Trojan Horse: Dropper.Agent.8.B

These quotes are from the AVG Free Forum where there is considerable discussion regarding the virus this week,
August 10, 2005.

http://forum.grisoft.cz/freeforum/read. ... kpage=,sv=
I have read all the posts on this here before I posted. Monday I got this. Spybot found it first, so I don't understand how it can be a false positive because of AVG. I ran AVG in safe mode as well as non safe mode and thought I got rid of it. When I first got the virus alert, I also got an MS message saying original files had been replaced, so I inserted my XP disc and ran sfc/scannow. During this process I got an AVG virus message saying I had the infected cisvc.exe file. So, I healed it and sent it to the vault where I deleted it. Since then I have rerun AVG, (in both safe and non safe mode) and also Spybot, Spyware Doctor, Microsoft's beta program, Adaware and Symantecs online scan. All the scans are showing a clean system now. BUT....for the heck of it, I inserted my XP disk and reran sfc/scannow, and up pops the AVG virus alert again with the same file, so again I healed it and sent it to the vault and deleted it. This is the only time I am getting an alert as all the scans show I have a clean system now. Can someone explain this?
Thank you!
I am running XP Home Edition SP1, (will install SP2 as soon as I know my system is clean) AVG program version 7.0.338 Virus base 267.10.5/67
I have Spybot, Adaware and Microsoft's beta program on my system. AVG is the only one I have on automatic update and scans.

There are two possible causes here....

There is a malware that actually uses that filename and is that very trojan listed. If you had the file and Spybot found it... then its likely that you were really infected and the false positive that was a recent problem is just coincidental in your case. The normal file location for Microsofts program is in C:\Windows\System32 or on some systems its C:\WINNT\System32, if it was found in C:\Windows... its most likely the malware. The real file may also be found in a I386 directory which is in different locations depending on how Windows is installed, in the prefetch directory and I think there is at least one other common location that a copy is kept.

Now lets cover the other possible issue just in case your AVG is really still having the false positive problem even though you are updated. This will only happen if when updated later, your virus definitions got corrupted during the update process. Since I never got to see the problem so I couldn't find an easier work around for it... I only know of one way to correct this if it is happening on your system.

1. Download the latest AVG Free installation package from [free.grisoft.com]
2. Run the AVG Free install file
3. Choose the Uninstall option and follow the setup wizard, when you get to the part to remove user settings, select it.
4. Restart your computer then...
5. Now reinstall AVG using the setup file you got in step 1 and update it.

Note that it is very important to use the latest AVG install file to perform that with... it is also very important that you don't use Windows Add/Remove programs to uninstall but use the AVG install file which has that option.


There is a Sticky, Understanding AVG Virus Vault
And a Sticky, Cleaning An Infected Computer
Both found on page 1 of the Forum List.
Image
That's not the man in the moon...that's me ;)
Post Reply