Prevx detected Trojan... FP?

Discussion in 'Prevx Releases' started by overangry, May 27, 2009.

Thread Status:
Not open for further replies.
  1. overangry
    Offline

    overangry Registered Member

    Hi all, I have a problem deciding if this is a FP detected by Prevx.

    C:\windows\mota113.exe

    Could someone please confirm this as being a threat or false positive?

    I have done the usual google search, and their seems to be no concise answer.
    Half saying it is malicious the other half saying it is a FP.
  2. innerpeace
    Offline

    innerpeace Registered Member

  3. G1111
    Offline

    G1111 Registered Member

    Do a single file scan of this file with Prevx, save the log file and send it to Joe (PrevxHelp) via PM. I found this so it could be malware http://spywarefiles.prevx.com/RRHJEF9220657/MOTA113.EXE.html If the results of the online scan(s) indicate it is malware there are several sites that will look at your HijackThis log. You can download the program here http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis. This site can help you http://www.bleepingcomputer.com/forums/
    Last edited: May 27, 2009
  4. overangry
    Offline

    overangry Registered Member

    I have done that, some engines report it as a trojan (7.5%)
  5. G1111
    Offline

    G1111 Registered Member

    see my above post.
  6. overangry
    Offline

    overangry Registered Member

  7. G1111
    Offline

    G1111 Registered Member

    If you are using the paid version of Prevx they will assist you with removal.
  8. overangry
    Offline

    overangry Registered Member

    I have the paid version, but at the moment PM are unavailable.
    I'll try again in a few hours
    Thanks
  9. G1111
    Offline

    G1111 Registered Member

    Okay, Good luck. Let us know what happens.
  10. overangry
    Offline

    overangry Registered Member

    Again thanks for your advice. Yes the file was bad:oops: but was sucsesfully removed...:thumb: :thumb: :thumb:
  11. G1111
    Offline

    G1111 Registered Member

    Good news. Any ideas how you got the bug. Was Prevx running at the time. Just curious because I also use Prevx 3.0.
  12. overangry
    Offline

    overangry Registered Member

    It may have been resident for some time, I,m sure it wasn't prevx that let it through.
    The file didn't execute but it slipped through some howo_O
    I assume geswall didn't allow it to do any harm.
    Over the past month or so I have been testing many AV's and malware apps, before I setteled on my current configuration.
    Fact is, Prevx was the only application that detected the threat:thumb:
    Their support was top notch...
  13. G1111
    Offline

    G1111 Registered Member

    Glad to hear it. I have been using Prevx for maybe 2 months now. Good protection.
  14. overangry
    Offline

    overangry Registered Member

    I agree, I've only been using prevx for about 1 week. I had tried earlier versions, but found them to be to buggy.
    With this release they seem to have hit the nail on the head.
    Purchased prevx after 2 days, so far it seems to be a good investment:D
  15. Saraceno
    Offline

    Saraceno Registered Member

    Prevx = top notch :thumb:

    Just out of interest, do you remember which other AVs detected the file?
  16. overangry
    Offline

    overangry Registered Member

    But Comodo AV, A-Squared, Super-Antispyware, Avira and Kasparsky failed to detect the threat during a scan of my PC.
  17. Saraceno
    Offline

    Saraceno Registered Member

    All depends what the threat was doing. Causing slowdowns, problems?

    Or it might have just been sitting there doing nothing. Either way, as long as you have no problems, you'll be happy. :)
  18. egghead
    Offline

    egghead Registered Member

    I agree with your agreeing.

    Trialed some earlier versions but had mixed feelings. With this version Prevx is heading in the good direction. Like it very much. It is doing a good job in protection (double checked with Dr.Web & Counterspy). Good support also. :thumb:

    I have had it with hour long scans. I use Prevx now as my main protection, but keep the good Dr.Web & Counterspy installed (have disabled real time protection of both).

    I'm using Prevx for 8 days now and have purchased it.
  19. G1111
    Offline

    G1111 Registered Member

    Same here. Used it a few years ago and it really slowed down my system. The new version Edge (now 3.0) is fast and works well with my other security. Hope they don't change things too much with future editions. It is great right now.
  20. Steven Avery
    Offline

    Steven Avery Registered Member

    finding the original source of the malware

    Hi Folks,

    This is an area where I think a certain type of security-utility software might be helpful. One that reads the dates and time of a file install and matches that up to other files on the system .. was it part of a team .. or an orphan ? Was it a day ago, or a month ago ? Has it been accessed since the install ? (If your looking at the file itself changes the access date .. not sure if it does, think not .. then this might be checked on a recent backup copy. If one exists.)

    Possibly this could also integrate with browser download logs that x-refs file names and sites and files downloaded and date and time. (Conceptually such logs should be kept for a long time, in reality, probably very little.)

    I did the first section of this by hand on a recent false positive and found the solid source of a file that emsi flagged. (They were totally disinterested in that type of process and finding since it did not fit into their bureaucracy.) It took a bit of effort, but was well worthwhile, the file had come in as a .dll on a task manager program and was all fine. (The false positive basically had it coming from Venus, going back to the fact that an earlier iteration of the .dll was used in a parental control keylogger program a decade ago. The experience made me quite wary of such flags.)

    Is there a security product that assists or automates this type of process ? It all seemed very logical to me, yet seems to be rarely considered. Where did this file come from, let's see if I can figger it out on my system post-facto.

    Sidenote: One reason this type of thing is necessary is that so many programs throw .dll's into other stuff in Windows system folders. The loosey-goosey OS.

    Shalom,
    Steven Avery
    Last edited: Jun 6, 2009
  21. catnotspam
    Offline

    catnotspam Registered Member

    i think that shadow-defender may be rouge antimalware
  22. PrevxHelp
    Offline

    PrevxHelp Prevx Moderator

    Shadow Defender is a legitimate program, as long as you have received it from the legitimate sources. Could you PM me the link which you think is malicious and I'll check it out :)
Thread Status:
Not open for further replies.