Should I delete this file agp440.sys?
in [Windows Viruses]
|
From: rock on 1 Oct 2009 18:28 Hi, I am getting an SVG 8.5 FREE virus checker telling me I have an infected file in the /drivers/agp440.sys file. They call it a Trojan Generic14.BLZl It says not to delete as it is a critical system file. It is 93kb big. Should I delete it? I have never had this message before but now it is all day coming up. I also get the message from Dr Web saying it is called a Trojan.Download.47257. It also asks whether to delete it? Thanks, rock
From: David H. Lipman on 1 Oct 2009 20:50 From: "rock" <1940(a)pobox.com> | Hi, | I am getting an SVG 8.5 FREE virus checker telling me I have an infected | file in the /drivers/agp440.sys file. They call it a Trojan Generic14.BLZl | It says not to delete as it is a critical system file. | It is 93kb big. | Should I delete it? I have never had this message before but now it is | all day coming up. | I also get the message from Dr Web saying it is called a | Trojan.Download.47257. It also asks whether to delete it? | Thanks, | rock What is you OS and Service Pack level ? Please submit a sample to Virus Total -- http://www.virustotal.com/flash/index_en.html The submission will then be tested against many different AV vendor's scanners. That will give you an idea what it is and who recognizes it. In addition Virus Total will provide the sample to all participating vendors. You can also submit a suspect, one at a time, via the following email URL... mailto:scan(a)virustotal.com?subject=SCAN When you get the report, please post back the exact results. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
From: rock on 1 Oct 2009 21:44 David H. Lipman wrote: > From: "rock" <1940(a)pobox.com> > > | Hi, > > | I am getting an SVG 8.5 FREE virus checker telling me I have an infected > | file in the /drivers/agp440.sys file. They call it a Trojan Generic14.BLZl > > | It says not to delete as it is a critical system file. > > | It is 93kb big. > > | Should I delete it? I have never had this message before but now it is > | all day coming up. > > | I also get the message from Dr Web saying it is called a > | Trojan.Download.47257. It also asks whether to delete it? > > | Thanks, > > > | rock > > What is you OS and Service Pack level ? > > > Please submit a sample to Virus Total -- > http://www.virustotal.com/flash/index_en.html > The submission will then be tested against many different AV vendor's scanners. > That will give you an idea what it is and who recognizes it. In addition Virus > Total will provide the sample to all participating vendors. > > You can also submit a suspect, one at a time, via the following email URL... > mailto:scan(a)virustotal.com?subject=SCAN > > When you get the report, please post back the exact results. > > XP pro SP2 plus updates. Here is the report from Viristotal. I had renamed the file ext to .old but got the same result with it as sys. Thanks rock Antivirus Version Last Update Result a-squared 4.5.0.24 2009.09.28 Virus.Win32.Cutwail!IK AhnLab-V3 5.0.0.2 2009.09.28 Win32/Ntfs.B AntiVir 7.9.1.27 2009.09.28 TR/Crypt.XPACK.Gen Antiy-AVL 2.0.3.7 2009.09.28 - Authentium 5.1.2.4 2009.09.27 - Avast 4.8.1351.0 2009.09.27 Win32:Cutwail AVG 8.5.0.412 2009.09.28 - BitDefender 7.2 2009.09.28 Rootkit.Kobcka.Patched.Gen CAT-QuickHeal 10.00 2009.09.26 Trojan.Agent.ATV ClamAV 0.94.1 2009.09.28 - Comodo 2459 2009.09.28 TrojWare.Win32.Trojan.RootKit.~GR DrWeb 5.0.0.12182 2009.09.28 Trojan.DownLoad.47257 eSafe 7.0.17.0 2009.09.24 Win32.Horse eTrust-Vet 31.6.6763 2009.09.27 Win32/Cutwail.ATQ F-Prot 4.5.1.85 2009.09.27 - F-Secure 8.0.14470.0 2009.09.28 - Fortinet 3.120.0.0 2009.09.28 W32/Dx.FFJ!tr GData 19 2009.09.28 Rootkit.Kobcka.Patched.Gen Ikarus T3.1.1.72.0 2009.09.28 Virus.Win32.Cutwail Jiangmin 11.0.800 2009.09.27 - K7AntiVirus 7.10.855 2009.09.26 Trojan.Win32.Malware.1 Kaspersky 7.0.0.125 2009.09.28 - McAfee 5754 2009.09.27 Generic.dx!ffj McAfee+Artemis 5754 2009.09.27 Generic.dx!ffj McAfee-GW-Edition 6.8.5 2009.09.28 Trojan.Crypt.XPACK.Gen Microsoft 1.5005 2009.09.23 Virus:Win32/Cutwail.H NOD32 4463 2009.09.28 - Norman 6.01.09 2009.09.28 W32/Rootkit.AVLC nProtect 2009.1.8.0 2009.09.28 Trojan/W32.Agent.94432.B Panda 10.0.2.2 2009.09.27 Trj/CI.A PCTools 4.4.2.0 2009.09.28 - Prevx 3.0 2009.09.28 Medium Risk Malware Rising 21.49.04.00 2009.09.28 - Sophos 4.45.0 2009.09.28 Mal/Generic-A Sunbelt 3.2.1858.2 2009.09.27 - Symantec 1.4.4.12 2009.09.28 Trojan Horse TheHacker 6.5.0.2.019 2009.09.26 - TrendMicro 8.950.0.1094 2009.09.25 - VBA32 3.12.10.11 2009.09.27 - ViRobot 2009.9.28.1960 2009.09.28 Win32.Protector.C VirusBuster 4.6.5.0 2009.09.27 - Additional information File size: 94432 bytes MD5 : 5a52931ddad0b22306b9494bc9b79820 SHA1 : e5e6c0e352dc701b544764db8db3c640fc0c8d72 SHA256: 4a167f69736b89e8aca4427fea9127a0ee194d3e69eeb142b87a381d9de5544e PEInfo: PE Structure information ( base data ) entrypointaddress.: 0xFF5 timedatestamp.....: 0x4AAE8BA5 (Mon Sep 14 20:29:57 2009) machinetype.......: 0x14C (Intel I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 ..text 0x220 0xECA 0xEE0 6.06 18ff9201f68a378040f2c255ce021c55 ..data 0x1100 0x19 0x20 2.17 09023b0586a11b5dd790a88206791533 ..reloc 0x1120 0x15FAA 0x15FC0 6.04 5a7fb88a19a742040dfb2e0a56e2393d ( 0 imports ) ( 0 exports ) TrID : File type identification Generic Win/DOS Executable (49.5%) DOS Executable Generic (49.5%) VXD Driver (0.7%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%) ssdeep: 1536:aukTHOwtnnXQo/TT0QpXzRicpvZu5XLtasa199IbALiNBryARGOB/BycYDx:auAnQQpXVicpBuFRa/1z36tjB/RYDx Prevx Info: http://info.prevx.com/aboutprogramtext.asp?PX5=1E028CC8E0B6A08D70FC0142A6D1C600BED44E80 PEiD : - RDS : NSRL Reference Data Set -
From: Malke on 2 Oct 2009 07:36 rock wrote: > XP pro SP2 plus updates. > > Here is the report from Viristotal. I had renamed the file ext to .old > but got the same result with it as sys. > Antivirus Version Last Update Result > a-squared 4.5.0.24 2009.09.28 Virus.Win32.Cutwail!IK > AhnLab-V3 5.0.0.2 2009.09.28 Win32/Ntfs.B > AntiVir 7.9.1.27 2009.09.28 TR/Crypt.XPACK.Gen > Antiy-AVL 2.0.3.7 2009.09.28 - > Authentium 5.1.2.4 2009.09.27 - > Avast 4.8.1351.0 2009.09.27 Win32:Cutwail > AVG 8.5.0.412 2009.09.28 - > BitDefender 7.2 2009.09.28 Rootkit.Kobcka.Patched.Gen > CAT-QuickHeal 10.00 2009.09.26 Trojan.Agent.ATV > ClamAV 0.94.1 2009.09.28 - > Comodo 2459 2009.09.28 TrojWare.Win32.Trojan.RootKit.~GR > DrWeb 5.0.0.12182 2009.09.28 Trojan.DownLoad.47257 > eSafe 7.0.17.0 2009.09.24 Win32.Horse > eTrust-Vet 31.6.6763 2009.09.27 Win32/Cutwail.ATQ > F-Prot 4.5.1.85 2009.09.27 - > F-Secure 8.0.14470.0 2009.09.28 - > Fortinet 3.120.0.0 2009.09.28 W32/Dx.FFJ!tr > GData 19 2009.09.28 Rootkit.Kobcka.Patched.Gen > Ikarus T3.1.1.72.0 2009.09.28 Virus.Win32.Cutwail > Jiangmin 11.0.800 2009.09.27 - > K7AntiVirus 7.10.855 2009.09.26 Trojan.Win32.Malware.1 > Kaspersky 7.0.0.125 2009.09.28 - > McAfee 5754 2009.09.27 Generic.dx!ffj > McAfee+Artemis 5754 2009.09.27 Generic.dx!ffj > McAfee-GW-Edition 6.8.5 2009.09.28 Trojan.Crypt.XPACK.Gen > Microsoft 1.5005 2009.09.23 Virus:Win32/Cutwail.H > NOD32 4463 2009.09.28 - > Norman 6.01.09 2009.09.28 W32/Rootkit.AVLC > nProtect 2009.1.8.0 2009.09.28 Trojan/W32.Agent.94432.B > Panda 10.0.2.2 2009.09.27 Trj/CI.A > PCTools 4.4.2.0 2009.09.28 - > Prevx 3.0 2009.09.28 Medium Risk Malware > Rising 21.49.04.00 2009.09.28 - > Sophos 4.45.0 2009.09.28 Mal/Generic-A > Sunbelt 3.2.1858.2 2009.09.27 - > Symantec 1.4.4.12 2009.09.28 Trojan Horse > TheHacker 6.5.0.2.019 2009.09.26 - > TrendMicro 8.950.0.1094 2009.09.25 - > VBA32 3.12.10.11 2009.09.27 - > ViRobot 2009.9.28.1960 2009.09.28 Win32.Protector.C > VirusBuster 4.6.5.0 2009.09.27 - (some snippage) I certainly hope you post this information in the thread you have going in the other newsgroup. It would be the least you could do because you've got all those people trying to help you there and now you've roped Mr. Lipman into the fray by multiposting *here*. Please don't multipost; it makes more work for everyone and will get you *less* help, not more. See this for why: http://en.wikipedia.org/wiki/Crossposting http://www.blakjak.demon.co.uk/mul_crss.htm - multiposting If you have forgotten where you posted or can't find your post, use Google Groups Advanced Search and search for your name. Malke -- MS-MVP Elephant Boy Computers - Don't Panic! http://www.elephantboycomputers.com/#FAQ
From: "FromTheRafters" erratic on 2 Oct 2009 10:40
"rock" <1940(a)pobox.com> wrote in message news:udpjhHwQKHA.5052(a)TK2MSFTNGP06.phx.gbl... Yikes! Did you have any other infections recently (like antivirus pro 2010) that was incompletely removed? You may have a rootkit preventing some antimalware programs from seeing and completely removing new malware. Try GMER and followup with MBAM, SAS and MSRT. Sometimes one malware instance can download and execute some others. Then your detection/removal programs alert you to and offer to remove what it can detect of the original and the additional malware - it can miss some of the *new* malware. Antimalware programs try to be as comprehensive as they can within their malware arena, but it is *still* a little like using a fishnet to keep out mosquitoes. |