Trojan Agent/Gen-Laneul

I use Sandboxie all the time opening my browsers, Chrome (default), Firefox and IE8 secondary, but I do have to use my browsers unsandboxed for various specific reasons.

I have MBAM, Emsisoft AM as manual sweepers and SpywareBlaster as a hidden minder. My online AV is AVG 2014 and Firewall PrivateFirewall.

Recently I discovered SUPERantiSpyware, a highly impressive program that does a superb job and which I use frequently as a manual quick check before shutdown.

A scan by MBAM, Emsisoft and AVG came up clean, but SUPERantispyware detected two Trojans - Trojan Agent/Gen-Laneul
C:SYSTEM VOLUME INFORMATION\_RESTO...\A0920233.EXE and Trojan Agent/Gen-Laneul COCUMENTS AND SETTINGS\MR ON...\CRUCIALSCAN.EXE. Both have been quarantined.

These two Trojans were only detected by SUPERantiSpyware and appear to be recently discovered infections as late as 25th September 2013.

Any comments about this ?

 

have you recently run a scan to check for memory upgrades from the website crucial?

 

False positives?

 

No. I have never heard of that website in my life.
A Start/Search came up with nothing.

My concern is why did the big 3 not pick up this Trojan and SUPERantiSpyware did.

SaS link - http://www.superantispyware.com/malwarefiles/DWWIN.EXE.html seems to cover it.

Screenshot of SaS quarantine :-
http://i.imgur.com/06kkIzm.jpg

 

I have gone to crucial.com and downloaded crucialscan.exe and uploaded it to virustotal and it is only detected by superantispyware as Trojan.Agent/Gen-Laneul. crucial is a legitimate company and I can can almost guarantee that is it a false positive. I would send the file to superantispyware to let them fix the fp.

 

Thank you very much. I will do as you say.

 

Its a false positive, here is the VT link for your file in question and a screen shot of its signature passing validity check.

https://www.virustotal.com/en/file/...76f37635747aa64252fc8377/analysis/1381070955/

@ Mods, I know there are rules about VT but in this case I am not sure how to go about proving that this is a FP without it.

 

Brilliant - it looks a FP to me. Thanks.

I find it unbelievable that everybody on that very long list of 38 AV checks gives it a green light except SaS, who classify it as a major threat as described in their link I gave.

I cannot find a means of reporting it to SaS, but you have put my mind at rest. I have no clue where these items came from.

 

This might help you.

I think SUPERAntiSpyware detected something it should not have. What do I do?

http://www.superantispyware.com/supportfaqdisplay.html?faq=28

 

That will be useful Swex, thanks.

The trouble is that it is only after the scan when the items have been quarantined that a false positive suspicion arises. The quarantine panel has no report facility.

I have posted this query on the SAS Forum with covering information I have been given here that they are almost certainly false positives. See what they say.

There seems to be a lot of SAS Forum queries claiming that various other Trojan Agent/Gen- etc. are false positives.
Sounds highly irregular to me.

 

I have just confirmed they are false positives.

I too have crucialscan.exe on my computer - its the memory scanner from crucial.com, and I know it is safe. I scanned in on VirusTotal using the excellent VirusTotal Uploader and SUPERAntiSpyware gave me the same detection as it did for you. Every other scanner correctly found it to be clean.

 

You're welcome

 

Dear Roger,

This immediate response from you all is both enlightening and very positive.

I can barely believe that SAS is the only one out of step in 38 reputable AV`s. It is bordering on a joke.

One can speculate with astronomic odds, that SAS is correct and all the other 37 AV`s are wrong. It is the oldie of the only guy in the squad being out of step is actually the only guy in step, it is the rest of the squad who are out of step.

 

It's very common for anti malware software to give false positives from time to time, so the fact that SAS is wrongly flagging it can be forgiven as long as they fix the false positive quickly.

No it's definitely a wrong detection, considering that in my case, I downloaded crucialscan.exe well over 3 months ago. Plenty of time for it be identified by other scanners if it was an actual threat.