Trojan Agent/Gen-Laneul

Discussion in 'malware problems & news' started by guest, Oct 6, 2013.

Thread Status:
Not open for further replies.
  1. guest

    guest Guest

    I use Sandboxie all the time opening my browsers, Chrome (default), Firefox and IE8 secondary, but I do have to use my browsers unsandboxed for various specific reasons.

    I have MBAM, Emsisoft AM as manual sweepers and SpywareBlaster as a hidden minder. My online AV is AVG 2014 and Firewall PrivateFirewall.

    Recently I discovered SUPERantiSpyware, a highly impressive program that does a superb job and which I use frequently as a manual quick check before shutdown.

    A scan by MBAM, Emsisoft and AVG came up clean, but SUPERantispyware detected two Trojans - Trojan Agent/Gen-Laneul
    C:SYSTEM VOLUME INFORMATION\_RESTO...\A0920233.EXE and Trojan Agent/Gen-Laneul C:DOCUMENTS AND SETTINGS\MR ON...\CRUCIALSCAN.EXE. Both have been quarantined.

    These two Trojans were only detected by SUPERantiSpyware and appear to be recently discovered infections as late as 25th September 2013.

    Any comments about this ?
     
  2. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    have you recently run a scan to check for memory upgrades from the website crucial?
     
  3. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,728
    Location:
    localhost
    False positives? :D
     
  4. guest

    guest Guest

    Last edited by a moderator: Oct 6, 2013
  5. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    I have gone to crucial.com and downloaded crucialscan.exe and uploaded it to virustotal and it is only detected by superantispyware as Trojan.Agent/Gen-Laneul. crucial is a legitimate company and I can can almost guarantee that is it a false positive. I would send the file to superantispyware to let them fix the fp.
     
    Last edited: Oct 6, 2013
  6. guest

    guest Guest

    Thank you very much. I will do as you say.
     
  7. nosirrah

    nosirrah Malware Fighter

    Joined:
    Aug 25, 2006
    Posts:
    561
    Location:
    Cummington MA USA

    Attached Files:

    • FP.JPG
      FP.JPG
      File size:
      51.7 KB
      Views:
      31
  8. guest

    guest Guest

    Brilliant - it looks a FP to me. Thanks.

    I find it unbelievable that everybody on that very long list of 38 AV checks gives it a green light except SaS, who classify it as a major threat as described in their link I gave.

    I cannot find a means of reporting it to SaS, but you have put my mind at rest. I have no clue where these items came from.
     
    Last edited by a moderator: Oct 6, 2013
  9. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    This might help you. :)

    I think SUPERAntiSpyware detected something it should not have. What do I do?

    http://www.superantispyware.com/supportfaqdisplay.html?faq=28

     
  10. guest

    guest Guest

    That will be useful Swex, thanks.

    The trouble is that it is only after the scan when the items have been quarantined that a false positive suspicion arises. The quarantine panel has no report facility.

    I have posted this query on the SAS Forum with covering information I have been given here that they are almost certainly false positives. See what they say.

    There seems to be a lot of SAS Forum queries claiming that various other Trojan Agent/Gen- etc. are false positives.
    Sounds highly irregular to me.
     
  11. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    5,240
    I have just confirmed they are false positives.

    I too have crucialscan.exe on my computer - its the memory scanner from crucial.com, and I know it is safe. I scanned in on VirusTotal using the excellent VirusTotal Uploader and SUPERAntiSpyware gave me the same detection as it did for you. Every other scanner correctly found it to be clean.
     
  12. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    You're welcome :)
     
  13. guest

    guest Guest

    Dear Roger,

    This immediate response from you all is both enlightening and very positive.

    I can barely believe that SAS is the only one out of step in 38 reputable AV`s. It is bordering on a joke.

    One can speculate with astronomic odds, that SAS is correct and all the other 37 AV`s are wrong. It is the oldie of the only guy in the squad being out of step is actually the only guy in step, it is the rest of the squad who are out of step.

    :D
     
    Last edited by a moderator: Oct 6, 2013
  14. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    5,240
    It's very common for anti malware software to give false positives from time to time, so the fact that SAS is wrongly flagging it can be forgiven as long as they fix the false positive quickly.

    No it's definitely a wrong detection, considering that in my case, I downloaded crucialscan.exe well over 3 months ago. Plenty of time for it be identified by other scanners if it was an actual threat.
     
Loading...
Thread Status:
Not open for further replies.