Trojan Hunt

Lleucu

I think I may have a Trojan. I installed the trial version of Trojan Hunter and ran a scan, results as follows, is it worth paying for the full version to get them removed:

Found trojan file: C:\Program Files\Lenovo\ReadyComm\LinkAVE.dll (Generic.Vundo.C)
Found trojan file: C:\Program Files (x86)\FoxTabFlvPlayer\Uninstall\Uninstall.exe (TrojanClicker.Agent.174)
Found trojan file: C:\Users\MY NAME\AppData\Local\Temp\ICReinstall\FLVPlayerSetup[1].exe (TrojanClicker.Agent.174)

Thanks for your help.

waddler_8

is it worth paying for the full version to get them removed

Definately not!

They all look like false positives.

waddler_8

Just one thing - Where did you download FLVPlayer from?

Some downloads have offered toolbars and the like when installing (Babylon toolbar, Sweetim, Uniblue products etc). For that reason, whilst not being overly malicious, certain installers may get detected for installing/offering to install PUPs (Potentially Unwanted Programs).

http://www.threatexpert.com/report.aspx?md5=1add7b9d18cc81d9118803f7f43c8b2f

It's still not worth buying Trojan Hunter though.

Browntoa

download

http://www.filehippo.com/download_malwarebytes_anti_malware/

install , update, then FULL scan

post the log file when done

waddler_8

A quick scan would suffice for the scanning of places any active malware could run from. The only things a full scan will find over the quick scan are benign traces.

Lleucu

Thanks everybody, quick scan:

Scan type: Quick scan
Objects scanned: 181673
Time elapsed: 3 minute(s), 0 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Users\adarynefoedd\AppData\Local\Temp\icreinstall\flvplayersetup[1].exe (Adware.Agent) -> Quarantined and deleted succes

waddler_8

For future reference, the current CNET installer linked to from the developers site doesn't trigger any detections.

http://martijndevisser.com/blog/flv-player/

You may be offered "extras" during the download & installation (eg. ask toolbar) but you can opt out of these - make sure you do if you don't want them.

It's a good idea to delete temporary files from time to time.

http://support.microsoft.com/kb/260897

Lleucu

full scan:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Database version: 7604
Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514
29/08/2011 09:07:39
mbam-log-2011-08-29 (09-07-39).txt
Scan type: Quick scan
Objects scanned: 181673
Time elapsed: 3 minute(s), 0 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Users\MY NAME \AppData\Local\Temp\icreinstall\flvplayersetup[1].exe (Adware.Agent) -> Quarantined and deleted successfully.

waddler_8

That looks like the same log you posted first time round, but in the whole I wouldn't be too worried as it's at the very bottom end of anything that might be considered malicious.

Just apply the usual caveats, only download form reputable sources, read EULA's, pay attention to what you are installing and opt out of any unwanted extras that may be offered during the install process, rather than just robotically clicking I agree, next, next, next.....