NOD32 2.12.3 SCAgent in HTTP compatibility set-up.

Discussion in 'NOD32 version 2 Forum' started by djs17404, Nov 15, 2004.

Thread Status:
Not open for further replies.
  1. djs17404

    djs17404 Registered Member

    Joined:
    Nov 15, 2004
    Posts:
    12
    Ok I d/l the Nod32 trial version and updates yesterday and this showed up today, if the image doesn't show its in the HTTP comp. setup-- SCAgent(user agent) Explorer.EXE (program) and the same again with iexplorer.exe as the program. All the Google searches web and groups comes up with this as a trojan, hijackthis shows nothing about this, a total hd search has nothing, Adaware nothing, Spybot S&D nothing, Housecall won't load for some reason, but it did the other day before I had Nod32 installed, it may not be related. I am also running Sygate Pro firewall behind a router to a cable modem. WIN XP SP2

    So is this a trojan or something else? The info I saw says it resides in the system32 folder, no such animal there. It wasn't there last night and only showed up sometime this morning the only places I went was here the Microsoft Dungeon Siege website and Windows update. I know this because I went over the great tutorial Blackspear made on this forum for the extra settings last night and didn't see it in there, the computer was in sleep mode all night.

    Anyway can anyone look and see if they have this and if not maybe direct me to find out more and what to do.

    If this post is not right for this forum feel free to delete or move.

    Thanks,
    Don
     

    Attached Files:

    • Imon.JPG
      Imon.JPG
      File size:
      43.8 KB
      Views:
      176
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
  3. djs17404

    djs17404 Registered Member

    Joined:
    Nov 15, 2004
    Posts:
    12
    Helphost yes, SCAgent is not there, that's the suspicious file. Thanks for that link though it will be helpful. Right there in that dialog and the corresponding registry entries for IMON and the MRU for search is the only place I can find the SCAgent name on my computer. It's almost like this tried to attach to the computer but Sygate or something else refused it but Nod32 picked up the reference. I did visit another website which was the amazon site that is linked in the top sticky post here about broswers not loading properly.
     
  4. djs17404

    djs17404 Registered Member

    Joined:
    Nov 15, 2004
    Posts:
    12
    Nod32 run full bore again found nothing, Housecall found nothing, I couldn't run Housecall before because Sygate had my browser stealthed (referer).

    I found this...

    http://www.viruslist.com/en/find?search_mode=virus&words=scagent&x=14&y=3

    ....but all the major and most minor AV's pick them up according to the site if I read it correctly. I'm sure Nod32 and Housecall do too. But there has to be a file and that I don't have.

    I have to go to bed, thanks again. I'll check back in a few hours.
     
  5. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    I have SCAgent within IMON as well, as per screen shot...

    There are very comprehensive cleaning instructions that can be found in post number 2 here: https://www.wilderssecurity.com/showthread.php?t=47830 though I suspect that your system is indeed clean.

    Hope this helps...

    Cheers :D
     

    Attached Files:

  6. djs17404

    djs17404 Registered Member

    Joined:
    Nov 15, 2004
    Posts:
    12
    Hey thanks, Blackspear, Marcos, ewido found 2 tracking cookies, that's it. I uninstalled Nod32 and reinstalled to see if I could make that entry come back and so far trying to repeat my footsteps from this morning I can't make it show up so I don't know what it is. I'll keep tabs on it and if it shows up try to determine what launched it if there was anything that was launched.

    As an aside if it can be answered here, when IMON is in active mode for downloads where does it store the file before it releases it to the OS? I ask this because I turned off "Automatic Passive Mode" for files larger than xxxx kB so I can see the d/l window. If the download should fail or otherwise not complete I don't want to leave remnants of large files laying around.

    Thanks I appreciate the help,

    Don
     
  7. djs17404

    djs17404 Registered Member

    Joined:
    Nov 15, 2004
    Posts:
    12
    Found it, haha it's the IE and Windows Search Companion Agent using msagent. SCAgent, just click the search button in Explore or IE and there it is, entry in IMON.

    "Microsoft Agent is a set of programmable software services that supports the presentation of interactive animated characters within the Microsoft Windows interface. "

    I turned the lousy animated dog off the first day I installed XP and he comes back and almost bites me. Bah and MS making an user agent with the same moniker as a trojan downloader. Bah Bah.

    Thanks,

    Don

    BTW: I'll give NOD32 a few more days to see how it works with my system then I'll be a paying customer. I love this thing and I've tried them all, well most of them. :D
     
    Last edited: Nov 15, 2004
  8. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Good to see Don, it will be nice to have you aboard...

    All the best.

    Cheers :D
     
Thread Status:
Not open for further replies.