possible infection ?? assistance required

Discussion in 'other software & services' started by Bethrezen, Jul 1, 2007.

Thread Status:
Not open for further replies.
  1. Bethrezen

    Bethrezen Registered Member

    Joined:
    Apr 16, 2002
    Posts:
    546
    hi all

    earlier to day when i ran my regular sweep spybot identified a file mgrs.exe as being part of smitfraude-c toolbar888 after cleaning the file mgrs.exe was back

    now after doing some research on the net I found reference to the fact that this could be a false positive in a effort to confirm this I downloaded a copy of privx 2.0 updated it and then ran a fun system scan and it found nothing i also ran a scan with nav and that also found nothing so i then tryed scanning with avg it also found nothing

    anyway on the off chance i might be infected with smitfraude-c toolbar888 i downloaded SmitfraudFix restarted my computer and selected safe mode with command prompt ran SmitfraudFix.cmd selected option 2 to remove it from my system then rebooted

    but upon looking in the windows folder mgrs.exe was still there so I'm not sure what’s going on and I'm somewhat confused coz everything i can find on this says its a Trojan downloader and it does keep trying to connect to the net

    which is what tipped me off in the first place that i might be infected coz i didn't recognize this file

    but the question is if i am infected why is spybot the only one detecting it
     
  2. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    I suspect it's a false positive.
    I would upload a copy of the file to VirusTotal to confirm whether it's a false positive or not.
    CastleCops security forum also has analysis of suspicious files in the "Unknown Files" thread.

    http://www.virustotal.com/en/indexf.html
     
  3. Bethrezen

    Bethrezen Registered Member

    Joined:
    Apr 16, 2002
    Posts:
    546
    hi

    it would appear that what ever it was that was on my system has been stomped out coz after deleting mgrs.exe after running SmitfraudFix it didn't come back and spybot is no longer detecting it either so i can only conclude that i was infected but a combo of SmitfraudFix and vertumonde begone has wiped it out

    so i think i should be ok now

    just to be sure i have a hijack this log i made just now i can post
     
    Last edited: Jul 2, 2007
Thread Status:
Not open for further replies.