Trojan.Win32.VB.atz

Status Object
------ ------
deleted: Trojan program Trojan.Win32.VB.atz Running module: asrupdate.exe\asrupdate.exe
deleted: Trojan program Trojan.Win32.VB.atz File: C:\WINDOWS\system32\asrupdate.exe
Events
------
Time Name Status Reason
---- ---- ------ ------
11/22/2006 11:09:50 AM Running module: asrupdate.exe\asrupdate.exe detected Trojan program Trojan.Win32.VB.atz
11/22/2006 11:09:50 AM Running module: asrupdate.exe\asrupdate.exe deleted
11/22/2006 11:09:51 AM File: C:\WINDOWS\system32\asrupdate.exe detected Trojan program Trojan.Win32.VB.atz
11/22/2006 11:09:52 AM Startup object: HKEY_USERS\S-1-5-21-1547161642-764733703-1708537768-1004\Software\Microsoft\Windows\CurrentVersion\Run\asrupdate.exe deleted
11/22/2006 11:09:53 AM File: C:\WINDOWS\system32\asrupdate.exe deleted...

I downloaded AdvancedSpyRemover/Evonsoft earlier today and alarms started going off immediately, and I was redirected to Viruslist.com by my scanner. After further investigation I found out that this variant was discovered on Oct.30th and quite a few people have complained to Evonsoft (and to their a/t and a/v companies) but over 3 weeks later the problem still persists. False/positive or not, ASR still works (without the add-ons) and does not re-install the trojans unless ASR is re-installed. My question is this... after disinfection, would it be safe to keep this scanner (If you defused a time-bomb would you keep the clock) Or would you uninstall because of not wanting to associate with this company (that was de-listed from SpywareWarrior.com a year or so ago) I just finished a total re4mat, complete with all the needed MS-patches and security proggies (and restored my system to "brand-new" afterwards) and know all was clean before ASR. I don't use InternalExploder so I know I didn't pick up Win32.VB.atz on the way to softpedia to dLo ASR. {If you are still reading this, thanx for your patience...}

 

Well i just downloaded both free and pro editions, i didn't get any alarms but nod32 informed me of some suspicious files which i sent through for analysis.

 

I use AOL AVS and I read that Avast and AVG users are having the same problem, going back to Oct.30th. I'm 99.9% sure it's just a fp, that it is just the updater for ASR, but over 3 weeks and no resolution to the "conflict". AOL AVS hasn't had issues with any other auto-updaters so far, so that 0.01% of uncertainty has made me leary. I liked the immunization and the process & service monitoring in ASR. I just finished a complete re4mat and I'm a little leary of dLo'ing a lot of different A/S-apps. and was hoping ASR would "play nice", but it didn't like AOL and another proggie that I can't think of right now...

 

I have installed "Advanced Spyware Remover Professional" v. 1.95 from Evonsoft (and tried other previous versions), and I don't have this file: C:\WINDOWS\system32\asrupdate.exe. Are you sure this file is coming from that program? As far as I know, the updater that Advanced Spyware Remover Professional uses is: "LiveUpdate.exe" residing in the program's main directory, not in the system32 directory.

Farmerlee: the file that NOD32 reacts to is the program's main executable, not the updater. It's an heuristic detection; "C:\Program Files\Advanced Spyware Remover Pro\AsrPro.exe - probably unknown NewHeur_PE virus [7]" (probably something to do with some of the program's functions).

 

I had installed the freeware version 1.94 from softpedia, and then download.com. I had read reviews of AVG & Avast users having the "alerts", which is why I gave it a try. ASR used to be my favorite (before SAS) and it never raised any flags on my pc until 1.94 Viruslist.com had very little to say about it (Trojan.Win32.VB.atz) except that it was a "backdoor-trojan", a variant that popped up the end of October. I'll hold off on ver.1.95 until I hear from other AOL AVS users.....