Undetected Trojan.Win32.Generic!BT and malware

Discussion in 'Prevx Releases' started by axlenut, Oct 24, 2009.

Thread Status:
Not open for further replies.
  1. axlenut

    axlenut Registered Member

    Joined:
    Dec 7, 2006
    Posts:
    4
    Using Prevx 3.0.1.65.

    This morning Sunbelt Vipre 3.1.2837 detected:
    Trojan.Win32.Generic!BT traces contained in:
    C:\Program Files\Unlocker\eBay_Shortcuts_1016.exe

    Vipre quarantined Trojan.Win32.Generic!BT and it was deleted.

    Problem is, Prevx lists the file "eBay_Shortcuts_1016.exe" as malware, yet did not detect it or clean it.

    After turning off Windows restore function, I uninstalled Unlocker and ran a script from Wilder Security to remove any lingering files.

    After checking I found "eBay_Shortcuts_1016.exe" and it's associated dll file still residing in the C:\Program Files\Unlocker\ directory. Files were protected so the were removed with DRDelete. After cleaning Windows restore was reactivated.

    Why didn't Prevx detect these clearly visible files? Do I have some preference set wrong?
     
  2. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Hello,
    I suspect the files were not actually harming your system. Idle files on disk which are not registered to load and don't load may not be detected by Prevx as they pose no risk to the user.

    If wanted, however, feel free to send the files to report@prevxresearch.com and we'll ensure that we fully detect and protect against them :)
     
  3. axlenut

    axlenut Registered Member

    Joined:
    Dec 7, 2006
    Posts:
    4
    This may be the case, as I had used Unlocker earlier during the day to remove a driver file, LEXBCES.EXE, left over from a Lexmark printer. Unlocker version 1.8.7 with UnlockerAssistant.exe is prone to act as a virus, while removing Lexmark LEXBCES.EXE also caused dependency problems with Print Spooler Service preventing it from running.

    Being blissfully ignorant about Unlocker, using it probably triggered the AV response after it loaded.

    Sorry but the files have been deleted, but everything is working again. These things are almost too subtly complex for a human mind. Shareware such as Unlocker can have drawbacks. Thank you for the assistance.
     
  4. DavidCo

    DavidCo Registered Member

    Joined:
    Jul 9, 2005
    Posts:
    503
    Location:
    UK
    What's New in version 1.8.7:

    * Improved behavior: Improved the way DLLs are unloaded.

    * Promotional feature: Added fully optional shortcuts to eBay during the installation. Simply untick "eBay shortcuts" in the choose components page during install if you do not wish to have those.
     
  5. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    11,180
    Location:
    Ontario, Canada
Thread Status:
Not open for further replies.