Antivir found TR/Clicker.CP

I was actually running a SuperAntispyware scan and not an Antivir scan when soon after SA began scanning the Windows System 32 folder Antivir Guard popped up with a warning of a TR/Clicker.CP in pcmgrnet exe. It did this again when scanning with Ewido as well. I now have it quarantined after googling it, but all I could find on the pcmgrnet exe was that it could be a possible spyware since it was residing in my Windows system32 folder. Although I also read this exe wasn't a core component of Windows XP, I was still concerned if it was needed or not. Thanks for any explanation about this, and if it would be okay to eventually delete the Windows/system32/pcmgrnet exe. file in my quarantine. I will send it to Antivir, after I figure out how. Take care everyone.

 

If you would like to send the file to samples AT superantispyware.com I will be happy to take a look at the file for you.

Nick Skrepetos
SUPERAntiSpyware.com
http://www.superantispyware.com

 

duke, use this form to submitt that file to Avira.

 

Thanks for the quick responses. I don't believe this is a problem with SA, as the same thing happened when scanning with Ewido. I will however try to send it off as soon as I can. I am currently babysitting my 11 month old Grandson, and although I love him I must say he can be more of a handful than any Trojan. LOLOL. Take care and thanks again. P.S I will use the form to also send to Antivir. There was no info on this Clicker in there definitions.

 

Send it to Avira first. It seems like a FP from their side. Or it could be a real threat.

 

It doesn't sound like an FP. Remember it was detected by signature not
heuristics. When Superantispyware started the scan, as AntiVir guard was
also active, it was scanning everyfile before handing it over to the other
scanner i.e. Superantispyware.

Although sending it to both parties is a good idea.

 

I will send to Avira first, and thanks for the form pykko. I also however, want to thank Nick Skrepetos for his offer. I just now got a chance to check this Forum, and found the same TR/Clicker.CP alert from Antivir. This time though it was in a System Volume Information exe file. I have deleted those before without concern, but it does worry me a slight bit that the pcmgrnet exe. is needed for something I don't know about. I read that Trojans and other Malware will sometimes "Masquerade" as this file. Thanks again I will send the TR/Clicker. CP out soon. My pc seemed to be running fine before this, and I had SKPF 4.2.3 set for outbound protection, with Application Behavior Blocking enabled. Everything also seems to be running fine with the files in quarantine as well. That's why I too wonder if it's not a false positive, although I only have the Guard set to scan as Macrovirus heuristics and not Win32 heuristics. I guess time will tell. Thanks again everyone.

 

You can also try to get the file scanned by multiple softwares.

1. www.virustotal.com

2. virusscan.jotti.org

 

I also think it isn't false-positive alarm .
As AMRX said while SAS and Ewido were scannig Anti-Vir was scanning , too .

Either Avira's scanner is much faster than Ewido and SAS or Ewido and SAS doesn't detect it

Scanning in Safe Mode with all security softwares ~snip~ should help

 

If its a trojan then its the duty of the AV to detect it. The low level hook
of the software allows every file to be scanned by the realtime scanner
before its been read or written by some other software. Its not that Avira
is faster, its just that Avira has its claws deeper in the guts of the OS.

 

Like I said that's why I too don't think it is a false positive. (LOLO) Oh well I tried to belieive it was one, but you have all convinced me it may not be, and I have sent it to Avira. I had to restore the file first though and then use the browse feature in the form pykko gave me, to go to Windows and the system32 folder and then of course add the pcmgrnet exe. The reason I'm telling you this is as I was doing it, Antivir alerted me once again as the Guard of course scanned that file. I wonder if I should turn off the Guard and then use SA or Ewido to scan after restoring the file again? One more thing. Do any of you know what the pcmgrnet exe is, or what it may be used for? Oh and a P.S for Nick Skrepetos. I really like SuperAntiSpyware.

 

You can do that but make sure you are not connected to the Net at that
moment. I have no clue what the file is or does. I just know that I don't
have it on my XP system and this file is not from Microsoft. Have you
checked the two web pages I mentioned? Why don't you scan the file
with multiple scanners? If its really a trojan than Kaspersky shouldn't miss
it .

 

Duke very interesting on what avira found.....when I ran a scan on my pc avira found TR/Hooker.bb........ I also scanned my system with my trojan scanner and nothing showed up....will be interested on what the results will show when avira reports back to you

 

In a related situation, I recently visited a legit site and FSAVCS's http scanner flagged a variant of the trojan you've received. Trojan-Clicker.HTML.Agent.a. The offender was adsrevenue.net. Nice banner adverts dropping (or trying to) trojans on unsuspecting users. The site's owner was clueless and downright nasty when I informed him that his advertisers are malware pushers. To bad for him.

 

Hey everyone, I will scan the file on jotti.org tomorrow and let everyone know the results. Do I have to restore it again to do this, or is there a way to do it when it's in quarantine? Also what about it also being in System Volume Restore? Is it in there because my system made a back up of it for the restore option?

 

well, Avira makes usually more FPs than other scanners, and I have also detections by sugnature which are FPs.

 

I just wish I could find out what the pcmgrnet exe file is, that the TR/Clicker.CP was found in. Going to use the "jottie" sometime today to run virus scan of this file. Take care everyone. Just used the jottie scan with all the available Antiviruses, and only Antivir showed finding TR/Clicker.CP. I also sent file to Virustotal.com, but at this point not sure that this file is anything to worry about. I must add that both Avast and AVG Free found this TR/Clicker.CP in one of my System Volume Restore exe files when I had them recently, but seperately installed. They did not pick it up in the pcmgrnet exe file in my Windows\system32 folder however, like Antivir did. Wether this is good or not remains to be seen. I'm sticking with Antivir though. Looking for more input from everyone, until then take care.

 

Hey everyone. Avira confirmed that this is indeed a virus and that Antivir does indeed detect it. See ya.

 

great

 

More power to AntiVir!

 

thx for the news duke. If you're kind please send the sample to other AVs also to add detection: NOD32, Kaspersky, etc.

 

I want to add that both Avast and AVG free did find TR/Clicker.CP in a Volume System Information file with their scans. I just never ran SA with either one installed so I don't know if AVG Free or Avast Realtime Shields would have found the "pcmgrnet exe" in the Windows system32 folder like Antivir did. See ya all.