Trojan.Win32.VB.atz

Discussion in 'malware problems & news' started by 19monty64, Nov 22, 2006.

Thread Status:
Not open for further replies.
  1. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
    Status Object
    ------ ------
    deleted: Trojan program Trojan.Win32.VB.atz Running module: asrupdate.exe\asrupdate.exe
    deleted: Trojan program Trojan.Win32.VB.atz File: C:\WINDOWS\system32\asrupdate.exe
    Events
    ------
    Time Name Status Reason
    ---- ---- ------ ------
    11/22/2006 11:09:50 AM Running module: asrupdate.exe\asrupdate.exe detected Trojan program Trojan.Win32.VB.atz
    11/22/2006 11:09:50 AM Running module: asrupdate.exe\asrupdate.exe deleted
    11/22/2006 11:09:51 AM File: C:\WINDOWS\system32\asrupdate.exe detected Trojan program Trojan.Win32.VB.atz
    11/22/2006 11:09:52 AM Startup object: HKEY_USERS\S-1-5-21-1547161642-764733703-1708537768-1004\Software\Microsoft\Windows\CurrentVersion\Run\asrupdate.exe deleted
    11/22/2006 11:09:53 AM File: C:\WINDOWS\system32\asrupdate.exe deleted...

    I downloaded AdvancedSpyRemover/Evonsoft earlier today and alarms started going off immediately, and I was redirected to Viruslist.com by my scanner. After further investigation I found out that this variant was discovered on Oct.30th and quite a few people have complained to Evonsoft (and to their a/t and a/v companies) but over 3 weeks later the problem still persists. False/positive or not, ASR still works (without the add-ons) and does not re-install the trojans unless ASR is re-installed. My question is this... after disinfection, would it be safe to keep this scannero_O (If you defused a time-bomb would you keep the clocko_O) Or would you uninstall because of not wanting to associate with this company (that was de-listed from SpywareWarrior.com a year or so ago) I just finished a total re4mat, complete with all the needed MS-patches and security proggies (and restored my system to "brand-new" afterwards) and know all was clean before ASR. I don't use InternalExploder so I know I didn't pick up Win32.VB.atz on the way to softpedia to dLo ASR. {If you are still reading this, thanx for your patience...}
     
  2. farmerlee

    farmerlee Registered Member

    Joined:
    Jul 1, 2006
    Posts:
    2,585
    Well i just downloaded both free and pro editions, i didn't get any alarms but nod32 informed me of some suspicious files which i sent through for analysis.
     
  3. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
    I use AOL AVS and I read that Avast and AVG users are having the same problem, going back to Oct.30th. I'm 99.9% sure it's just a fp, that it is just the updater for ASR, but over 3 weeks and no resolution to the "conflict". AOL AVS hasn't had issues with any other auto-updaters so far, so that 0.01% of uncertainty has made me leary. I liked the immunization and the process & service monitoring in ASR. I just finished a complete re4mat and I'm a little leary of dLo'ing a lot of different A/S-apps. and was hoping ASR would "play nice", but it didn't like AOL and another proggie that I can't think of right now...
     
  4. kjempen

    kjempen Registered Member

    Joined:
    May 6, 2004
    Posts:
    379
    I have installed "Advanced Spyware Remover Professional" v. 1.95 from Evonsoft (and tried other previous versions), and I don't have this file: C:\WINDOWS\system32\asrupdate.exe. Are you sure this file is coming from that program? As far as I know, the updater that Advanced Spyware Remover Professional uses is: "LiveUpdate.exe" residing in the program's main directory, not in the system32 directory.

    Farmerlee: the file that NOD32 reacts to is the program's main executable, not the updater. It's an heuristic detection; "C:\Program Files\Advanced Spyware Remover Pro\AsrPro.exe - probably unknown NewHeur_PE virus [7]" (probably something to do with some of the program's functions).
     
  5. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
    I had installed the freeware version 1.94 from softpedia, and then download.com. I had read reviews of AVG & Avast users having the "alerts", which is why I gave it a try. ASR used to be my favorite (before SAS) and it never raised any flags on my pc until 1.94 o_O Viruslist.com had very little to say about it (Trojan.Win32.VB.atz) except that it was a "backdoor-trojan", a variant that popped up the end of October. I'll hold off on ver.1.95 until I hear from other AOL AVS users.....
     
Thread Status:
Not open for further replies.