Prevx detected Trojan... FP?

Discussion in 'Prevx Releases' started by overangry, May 27, 2009.

Thread Status:
Not open for further replies.
  1. overangry

    overangry Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    309
    Hi all, I have a problem deciding if this is a FP detected by Prevx.

    C:\windows\mota113.exe

    Could someone please confirm this as being a threat or false positive?

    I have done the usual google search, and their seems to be no concise answer.
    Half saying it is malicious the other half saying it is a FP.
     
  2. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,087
    Location:
    Mountaineer Country
  3. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,035
    Location:
    USA
    Do a single file scan of this file with Prevx, save the log file and send it to Joe (PrevxHelp) via PM. I found this so it could be malware http://spywarefiles.prevx.com/RRHJEF9220657/MOTA113.EXE.html If the results of the online scan(s) indicate it is malware there are several sites that will look at your HijackThis log. You can download the program here http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis. This site can help you http://www.bleepingcomputer.com/forums/
     
    Last edited: May 27, 2009
  4. overangry

    overangry Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    309
    I have done that, some engines report it as a trojan (7.5%)
     
  5. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,035
    Location:
    USA
    see my above post.
     
  6. overangry

    overangry Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    309
  7. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,035
    Location:
    USA
    If you are using the paid version of Prevx they will assist you with removal.
     
  8. overangry

    overangry Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    309
    I have the paid version, but at the moment PM are unavailable.
    I'll try again in a few hours
    Thanks
     
  9. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,035
    Location:
    USA
    Okay, Good luck. Let us know what happens.
     
  10. overangry

    overangry Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    309
    Again thanks for your advice. Yes the file was bad:oops: but was sucsesfully removed...:thumb: :thumb: :thumb:
     
  11. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,035
    Location:
    USA
    Good news. Any ideas how you got the bug. Was Prevx running at the time. Just curious because I also use Prevx 3.0.
     
  12. overangry

    overangry Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    309
    It may have been resident for some time, I,m sure it wasn't prevx that let it through.
    The file didn't execute but it slipped through some howo_O
    I assume geswall didn't allow it to do any harm.
    Over the past month or so I have been testing many AV's and malware apps, before I setteled on my current configuration.
    Fact is, Prevx was the only application that detected the threat:thumb:
    Their support was top notch...
     
  13. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,035
    Location:
    USA
    Glad to hear it. I have been using Prevx for maybe 2 months now. Good protection.
     
  14. overangry

    overangry Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    309
    I agree, I've only been using prevx for about 1 week. I had tried earlier versions, but found them to be to buggy.
    With this release they seem to have hit the nail on the head.
    Purchased prevx after 2 days, so far it seems to be a good investment:D
     
  15. Saraceno

    Saraceno Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    2,404
    Prevx = top notch :thumb:

    Just out of interest, do you remember which other AVs detected the file?
     
  16. overangry

    overangry Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    309
    But Comodo AV, A-Squared, Super-Antispyware, Avira and Kasparsky failed to detect the threat during a scan of my PC.
     
  17. Saraceno

    Saraceno Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    2,404
    All depends what the threat was doing. Causing slowdowns, problems?

    Or it might have just been sitting there doing nothing. Either way, as long as you have no problems, you'll be happy. :)
     
  18. egghead

    egghead Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    443
    Location:
    The Netherlands
    I agree with your agreeing.

    Trialed some earlier versions but had mixed feelings. With this version Prevx is heading in the good direction. Like it very much. It is doing a good job in protection (double checked with Dr.Web & Counterspy). Good support also. :thumb:

    I have had it with hour long scans. I use Prevx now as my main protection, but keep the good Dr.Web & Counterspy installed (have disabled real time protection of both).

    I'm using Prevx for 8 days now and have purchased it.
     
  19. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,035
    Location:
    USA
    Same here. Used it a few years ago and it really slowed down my system. The new version Edge (now 3.0) is fast and works well with my other security. Hope they don't change things too much with future editions. It is great right now.
     
  20. Steven Avery

    Steven Avery Registered Member

    Joined:
    Nov 13, 2007
    Posts:
    110
    finding the original source of the malware

    Hi Folks,

    This is an area where I think a certain type of security-utility software might be helpful. One that reads the dates and time of a file install and matches that up to other files on the system .. was it part of a team .. or an orphan ? Was it a day ago, or a month ago ? Has it been accessed since the install ? (If your looking at the file itself changes the access date .. not sure if it does, think not .. then this might be checked on a recent backup copy. If one exists.)

    Possibly this could also integrate with browser download logs that x-refs file names and sites and files downloaded and date and time. (Conceptually such logs should be kept for a long time, in reality, probably very little.)

    I did the first section of this by hand on a recent false positive and found the solid source of a file that emsi flagged. (They were totally disinterested in that type of process and finding since it did not fit into their bureaucracy.) It took a bit of effort, but was well worthwhile, the file had come in as a .dll on a task manager program and was all fine. (The false positive basically had it coming from Venus, going back to the fact that an earlier iteration of the .dll was used in a parental control keylogger program a decade ago. The experience made me quite wary of such flags.)

    Is there a security product that assists or automates this type of process ? It all seemed very logical to me, yet seems to be rarely considered. Where did this file come from, let's see if I can figger it out on my system post-facto.

    Sidenote: One reason this type of thing is necessary is that so many programs throw .dll's into other stuff in Windows system folders. The loosey-goosey OS.

    Shalom,
    Steven Avery
     
    Last edited: Jun 6, 2009
  21. catnotspam

    catnotspam Registered Member

    Joined:
    May 1, 2009
    Posts:
    42
    Location:
    haifa
    i think that shadow-defender may be rouge antimalware
     
  22. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Shadow Defender is a legitimate program, as long as you have received it from the legitimate sources. Could you PM me the link which you think is malicious and I'll check it out :)
     
Thread Status:
Not open for further replies.