Prevx detected Trojan... FP?

Hi all, I have a problem deciding if this is a FP detected by Prevx.

C:\windows\mota113.exe

Could someone please confirm this as being a threat or false positive?

I have done the usual google search, and their seems to be no concise answer.
Half saying it is malicious the other half saying it is a FP.

 

You can upload the file to http://www.virustotal.com/ or http://virusscan.jotti.org/

At those sites it will be scanned by multiple scanners. Just don't post the results here as it's against forum rules.

Also, welcome to Wilders .

 

Do a single file scan of this file with Prevx, save the log file and send it to Joe (PrevxHelp) via PM. I found this so it could be malware http://spywarefiles.prevx.com/RRHJEF9220657/MOTA113.EXE.html If the results of the online scan(s) indicate it is malware there are several sites that will look at your HijackThis log. You can download the program here http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis. This site can help you http://www.bleepingcomputer.com/forums/

 

I have done that, some engines report it as a trojan (7.5%)

 

see my above post.

 

I'll do that, and thank you for your quick replies

 

If you are using the paid version of Prevx they will assist you with removal.

 

I have the paid version, but at the moment PM are unavailable.
I'll try again in a few hours
Thanks

 

Okay, Good luck. Let us know what happens.

 

Again thanks for your advice. Yes the file was bad but was sucsesfully removed...

 

Good news. Any ideas how you got the bug. Was Prevx running at the time. Just curious because I also use Prevx 3.0.

 

It may have been resident for some time, I,m sure it wasn't prevx that let it through.
The file didn't execute but it slipped through some how
I assume geswall didn't allow it to do any harm.
Over the past month or so I have been testing many AV's and malware apps, before I setteled on my current configuration.
Fact is, Prevx was the only application that detected the threat
Their support was top notch...

 

Glad to hear it. I have been using Prevx for maybe 2 months now. Good protection.

 

I agree, I've only been using prevx for about 1 week. I had tried earlier versions, but found them to be to buggy.
With this release they seem to have hit the nail on the head.
Purchased prevx after 2 days, so far it seems to be a good investment

 

Prevx = top notch

Just out of interest, do you remember which other AVs detected the file?

 

But Comodo AV, A-Squared, Super-Antispyware, Avira and Kasparsky failed to detect the threat during a scan of my PC.

 

All depends what the threat was doing. Causing slowdowns, problems?

Or it might have just been sitting there doing nothing. Either way, as long as you have no problems, you'll be happy.

 

I agree with your agreeing.

Trialed some earlier versions but had mixed feelings. With this version Prevx is heading in the good direction. Like it very much. It is doing a good job in protection (double checked with Dr.Web & Counterspy). Good support also.

I have had it with hour long scans. I use Prevx now as my main protection, but keep the good Dr.Web & Counterspy installed (have disabled real time protection of both).

I'm using Prevx for 8 days now and have purchased it.

 

Same here. Used it a few years ago and it really slowed down my system. The new version Edge (now 3.0) is fast and works well with my other security. Hope they don't change things too much with future editions. It is great right now.

 

finding the original source of the malware

Hi Folks,

This is an area where I think a certain type of security-utility software might be helpful. One that reads the dates and time of a file install and matches that up to other files on the system .. was it part of a team .. or an orphan ? Was it a day ago, or a month ago ? Has it been accessed since the install ? (If your looking at the file itself changes the access date .. not sure if it does, think not .. then this might be checked on a recent backup copy. If one exists.)

Possibly this could also integrate with browser download logs that x-refs file names and sites and files downloaded and date and time. (Conceptually such logs should be kept for a long time, in reality, probably very little.)

I did the first section of this by hand on a recent false positive and found the solid source of a file that emsi flagged. (They were totally disinterested in that type of process and finding since it did not fit into their bureaucracy.) It took a bit of effort, but was well worthwhile, the file had come in as a .dll on a task manager program and was all fine. (The false positive basically had it coming from Venus, going back to the fact that an earlier iteration of the .dll was used in a parental control keylogger program a decade ago. The experience made me quite wary of such flags.)

Is there a security product that assists or automates this type of process ? It all seemed very logical to me, yet seems to be rarely considered. Where did this file come from, let's see if I can figger it out on my system post-facto.

Sidenote: One reason this type of thing is necessary is that so many programs throw .dll's into other stuff in Windows system folders. The loosey-goosey OS.

Shalom,
Steven Avery

 

i think that shadow-defender may be rouge antimalware

 

Shadow Defender is a legitimate program, as long as you have received it from the legitimate sources. Could you PM me the link which you think is malicious and I'll check it out