ElPiedra
October 7th, 2006, 02:53 PM
I found reports in several Supporftforums on a False Positive associated to the detection of Downloader.Agent.awf
It seems to be detecting the malware in files from:
HP, MS Money, and McAfee.
http://forums.spywareinfo.com/index.php?showtopic=86758
{QUOTE-> C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\program files\McAfee.com\Agent\mcagent.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\program files\McAfee.com\Agent\mcupdate.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\program files\McAfee.com\Personal Firewall\MPFTray.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\program files\McAfee.com\VSO\mcmnhdlr.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\program files\McAfee.com\VSO\mcvsshld.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\program files\McAfee.com\VSO\oasclnt.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\program files\Microsoft Money\System\Activation.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\program files\Microsoft Works\WksSb.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\program files\Microsoft Works\wkfud.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\program files\QuickTime\qttask.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined). <-QUOTE}
Real, QuickTime, PC-cillin, Virtual PDF Printer
http://www.forospyware.com/t31836.html
{QUOTE-> C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\Archivos de programa\DAP\DAP.EXE -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\Archivos de programa\Java\jre1.5.0_06\bin\muyefeqxpta -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\Archivos de programa\QuickTime\qttask.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\Archivos de programa\Trend Micro\PC-cillin 9\PCCClient.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\Archivos de programa\Trend Micro\PC-cillin 9\Pop3trap.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\Archivos de programa\Trend Micro\PC-cillin 9\pccguide.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\Archivos de programa\Virtual PDF Printer\VirtualPDFPrinter.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\Archivos de programa\uTorrent\bak\utorrent.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\Archivos de programa\uTorrent\utorrent.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined). <-QUOTE}
Easy CD, HP, MS Works, iTouch, NAV, SpyBot S&D
http://www.bleepingcomputer.com/forums/topic66728.html
{QUOTE-> C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe -> Downloader.Agent.awf : No action taken.
C:\Program Files\Creative\SBLive\Program\AHQInit.exe -> Downloader.Agent.awf : No action taken.
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe -> Downloader.Agent.awf : No action taken.
C:\Program Files\Logitech\iTouch\iTouch.exe -> Downloader.Agent.awf : No action taken.
C:\Program Files\Microsoft Hardware\Mouse\point32.exe -> Downloader.Agent.awf : No action taken.
C:\Program Files\Microsoft Works\WksSb.exe -> Downloader.Agent.awf : No action taken.
C:\Program Files\Microsoft Works\wkfud.exe -> Downloader.Agent.awf : No action taken.
C:\Program Files\Norton AntiVirus\navapw32.exe -> Downloader.Agent.awf : No action taken.
C:\Program Files\Norton Personal Firewall\IAMAPP.EXE -> Downloader.Agent.awf : No action taken.
C:\Program Files\QuickTime\qttask.exe -> Downloader.Agent.awf : No action taken.
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe -> Downloader.Agent.awf : No action taken. <-QUOTE}
It seems to be detecting the malware in files from:
HP, MS Money, and McAfee.
http://forums.spywareinfo.com/index.php?showtopic=86758
{QUOTE-> C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\program files\McAfee.com\Agent\mcagent.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\program files\McAfee.com\Agent\mcupdate.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\program files\McAfee.com\Personal Firewall\MPFTray.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\program files\McAfee.com\VSO\mcmnhdlr.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\program files\McAfee.com\VSO\mcvsshld.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\program files\McAfee.com\VSO\oasclnt.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\program files\Microsoft Money\System\Activation.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\program files\Microsoft Works\WksSb.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\program files\Microsoft Works\wkfud.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\program files\QuickTime\qttask.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined). <-QUOTE}
Real, QuickTime, PC-cillin, Virtual PDF Printer
http://www.forospyware.com/t31836.html
{QUOTE-> C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\Archivos de programa\DAP\DAP.EXE -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\Archivos de programa\Java\jre1.5.0_06\bin\muyefeqxpta -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\Archivos de programa\QuickTime\qttask.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\Archivos de programa\Trend Micro\PC-cillin 9\PCCClient.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\Archivos de programa\Trend Micro\PC-cillin 9\Pop3trap.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\Archivos de programa\Trend Micro\PC-cillin 9\pccguide.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\Archivos de programa\Virtual PDF Printer\VirtualPDFPrinter.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\Archivos de programa\uTorrent\bak\utorrent.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\Archivos de programa\uTorrent\utorrent.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined). <-QUOTE}
Easy CD, HP, MS Works, iTouch, NAV, SpyBot S&D
http://www.bleepingcomputer.com/forums/topic66728.html
{QUOTE-> C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe -> Downloader.Agent.awf : No action taken.
C:\Program Files\Creative\SBLive\Program\AHQInit.exe -> Downloader.Agent.awf : No action taken.
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe -> Downloader.Agent.awf : No action taken.
C:\Program Files\Logitech\iTouch\iTouch.exe -> Downloader.Agent.awf : No action taken.
C:\Program Files\Microsoft Hardware\Mouse\point32.exe -> Downloader.Agent.awf : No action taken.
C:\Program Files\Microsoft Works\WksSb.exe -> Downloader.Agent.awf : No action taken.
C:\Program Files\Microsoft Works\wkfud.exe -> Downloader.Agent.awf : No action taken.
C:\Program Files\Norton AntiVirus\navapw32.exe -> Downloader.Agent.awf : No action taken.
C:\Program Files\Norton Personal Firewall\IAMAPP.EXE -> Downloader.Agent.awf : No action taken.
C:\Program Files\QuickTime\qttask.exe -> Downloader.Agent.awf : No action taken.
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe -> Downloader.Agent.awf : No action taken. <-QUOTE}