Trojan, safe to delete

Discussion in 'other anti-trojan software' started by Riverrun, May 8, 2007.

Thread Status:
Not open for further replies.
  1. Riverrun

    Riverrun Registered Member

    Joined:
    Feb 19, 2007
    Posts:
    376
    Location:
    ~
    The following file appears to contain a trojan (don't worry, I won't upload it!)

    A0005469.dll

    DAT File

    4KB


    A-squared detected it today. I'm conscious that A2 does point to some objects that are FPs so I checked at VirusTotal and 4 of their scanners flagged it and that's confirmation enough for me. I didn't save the report so I can't tell you which ones indicated that it is an infected file.

    I'd like to delete it if possible but I imagine that it's not a wise move and thought I'd ask here first. Is it safe to delete this file do you think?


    Cheers,

    River
     
  2. Tarq57

    Tarq57 Registered Member

    Joined:
    Oct 7, 2006
    Posts:
    966
    Location:
    Wellington NZ
    Just leave it in the quarantine...it ain't going anywhere.
    If it is an FP you'll be able to restore it later.
    Googling the file name didn't return many hits, just two, and those indicated it might be a data miner, so perhaps it isn't an FP.
    I'd do another scan or two with different scanners just to be sure.
     
  3. Riverrun

    Riverrun Registered Member

    Joined:
    Feb 19, 2007
    Posts:
    376
    Location:
    ~
    I noticed that Tarq. Just two results in a convoluted HJT (?) log. Not great late night reading. Thanks for the response.

    Cheers,

    River

    :thumb:
     
  4. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    Which four scanners at Virus Total flagged it? Could stil be a FP.
     
  5. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I have been reading this thread to know how my security setup would solve this problem.

    Problem :
    1. I don't have "A2" or any other scanner.
    2. So I don't even know if that file "A0005469.dll" would be on my harddisk or not.
    3. I don't have to question myself : Is it a false/positive or not ? Do I have to delete it or not ? Because I don't even know if the file is on my harddisk, but suppose it is on my harddisk.

    The worst part is that this file must have been on your harddisk for quite some time and could have done its evil job already, if it is an infection.
    I have that problem too, when nothing stops the installation.

    My solution :
    1. I have Anti-Executable on my computer. Two possibilities :
    a. The file "A0005469.dll" is whitelisted, nothing would happen.

    b. The file "A0005469.dll" is not whitelisted, AE would have stopped it immediately as an unauthorized executable, because .dll is considered as an executable by AE.

    2. Suppose I wouldn't have Anti-Executable. In that case I'm in the same situation as Riverrun, but I still have to remove this file or not and I still need an answer to these annoying questions and I don't have "A2" and this will happen on reboot.
    Two possibilities :

    a. The file "A0005469.dll" doesn't exist in my archive, then it will be removed automatically during reboot, which means it was malware for sure or at least an object that doesn't belong on my harddisk.

    b. The file "A0005469.dll" does exist in my archive, then it will remain on my harddisk during reboot, which means it was a false/positive.

    I know it is a different kind of security, but it worked and even without AE.
     
    Last edited: May 10, 2007
Thread Status:
Not open for further replies.