Some advice please

Discussion in 'malware problems & news' started by Dinkie, Mar 31, 2008.

Thread Status:
Not open for further replies.
  1. Dinkie

    Dinkie Registered Member

    Joined:
    Mar 31, 2008
    Posts:
    3
    Hi Guys and Gals,

    Today my AVG anti-spyware found a trojan.agent.cj on my laptop. The agent was embeded into a software keygen that I downloaded:oops: . I had a folder of 4 or 5 keygens and I decided to scan all of them with jotti's virus scan.

    Unfortunately, jotti's virus scan found at least 1 agent per file, so I deleted the folder from my hard drive and I then emptied the recycle bin. Are these files now completely gone? Also, I currently use NOD32, ZoneAlarm and AVG Anti-spyware remover (which was formally Ewido). Are these programs good enough to protect my network? If they're not; what are the best anti virus software, spyware remover and firewall?

    I would like to add, that during my jotti scan, Ikarus found a few items that the other anti virus software didn't? I visited the Ikarus site but it is in Germano_O

    I was very happy with my NOD32, but I am now kinda disillusioned with NOD32, especially after today's problems...

    Any advice would be welcomed.
     
  2. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    you should of sent the samples to eset before deleting them so that nod32 would detect them. no AV can give 100percent protection. so if it doesnt detect it you send it to the av companie so they can protect against it.
     
  3. Dinkie

    Dinkie Registered Member

    Joined:
    Mar 31, 2008
    Posts:
    3
    I've turned system restore off. How can I get these files back?
     
  4. kinwolf

    kinwolf Registered Member

    Joined:
    Oct 19, 2006
    Posts:
    271
    Actually, it is possible there wasn't a real trojan in each file. Some AV simply flag any keygen as a generic trojan since a keygen is not "supposed" to be on a desktop. ;) Plus, many keygen use packers that are detected by AV, so it leads to many false positive.
     
  5. Tarq57

    Tarq57 Registered Member

    Joined:
    Oct 7, 2006
    Posts:
    966
    Location:
    Wellington NZ
    Agree with all above.
    First step, if something is found; investigate it. (Which you did by seeking alternative opinions.)
    Second, if still suspicious, quarantine it.
    Only delete it if you are 100% sure it is not something that is supposed to be there. Or after receiving information to this effect from your AV vendor, having submitted it.

    You may possibly be able to recover the files by using recovery software, like Recuva.

    Virtually all my detections these days (and there aren't many) give an identification based on heuristics. (Likely behaviour of the file). Such detections usually have a name like "gen" or "generic" in them. These should be treated as suspicious, not definites.
     
  6. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
    My advice.....Don't download crap like that.
    There's enough malware floating around the web without asking for trouble.
    But if you insist on this type of very risky surfing/downloading I would strongly suggest a sandbox app. Sandboxie for example, after downloading something one could and should scan with everything you have avaliable on your box. As well as with Virus Total before letting it out.
     
  7. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,791
    Location:
    Texas
    Good advice.
     
Thread Status:
Not open for further replies.