Hi
As i said before this is a GREAT pogram and i will buy it as soon it be released
But i have one Problem
In EACH full scan ,the program found the "infection" "Trojan.Agent!Sd5"
In order to clean the "Infection,the program ask for reboot.After that,If i made a full scan again,the program shows the same "infection" Again and again
SD+AV dont find this "infection"
SO, i think its a fp
Please look into this
Also the Internet Suite shows the database 5. 08. 220 (Old) And the SU informs "Up to date"
I already have cleaned CACHE,COOKIES,REGISTRY,OLD REFERENCES, And Instal/ uninstal,
The problem persists
Please look into this
Thanks
Rodrigo Dos Santos Pereira Vecchio

Hi
What/where is this infection? Either a screenshot or a log would be great.

Hi mjq
This "infection" can be found according the program on c/windows/system32/winlogon.exe
SDAV DO NOT found this and this is the reason i think its a fp
And the program only informs this should be removed
Hope this helps

Hi
Can you please do the following:
Upload a File to Virustotal
Please visit Virustotal (http://www.virustotal.com/en/indexf.html)

Click the Browse... button
Navigate to the file c:/windows/system32/winlogon.exe
Click the Open button
Click the Send button
Copy and paste the results back here please.

i think it is flagging a threat thats hooking to winlogon. can u post us a screenshot of the detection? or maybe a history file in IS?

should be under Settings -> History -> Malware History, then just "Save To File".

Antivírus Version Last Update Result
AhnLab-V3 2007.10.10.0 2007.10.09 -
AntiVir 7.6.0.20 2007.10.09 -
Authentium 4.93.8 2007.10.09 -
Avast 4.7.1051.0 2007.10.09 -
AVG 7.5.0.488 2007.10.09 -
BitDefender 7.2 2007.10.09 -
CAT-QuickHeal 9.00 2007.10.09 -
ClamAV 0.91.2 2007.10.09 -
DrWeb 4.44.0.09170 2007.10.09 -
eSafe 7.0.15.0 2007.10.09 -
eTrust-Vet 31.2.5199 2007.10.10 -
Ewido 4.0 2007.10.09 -
FileAdvisor 1 2007.10.10 -
Fortinet 3.11.0.0 2007.10.09 -
F-Prot 4.3.2.48 2007.10.09 -
F-Secure 6.70.13030.0 2007.10.09 -
Ikarus T3.1.1.12 2007.10.09 -
Kaspersky 7.0.0.125 2007.10.10 -
McAfee 5137 2007.10.09 -
Microsoft 1.2908 2007.10.10 -
NOD32v2 2582 2007.10.09 -
Norman 5.80.02 2007.10.09 -
Panda 9.0.0.4 2007.10.09 -
Prevx1 V2 2007.10.10 -
Rising 19.44.12.00 2007.10.09 -
Sophos 4.22.0 2007.10.09 -
Sunbelt 2.2.907.0 2007.10.10 -
Symantec 10 2007.10.09 -
TheHacker 6.2.6.080 2007.10.09 -
VBA32 3.12.2.4 2007.10.08 -
VirusBuster 4.3.26:9 2007.10.09 -
Webwasher-Gateway 6.0.1 2007.10.09 -
additional information
File size: 504320 bytes
MD5: 6f7bde7a1126debf0cc359a54953efc1
SHA1: 89dc449c16b8083251c33b3544550a39bbfa0869


Done mjq:)

i think it is flagging a threat thats hooking to winlogon. can u post us a screenshot of the detection? or maybe a history file in IS?

should be under Settings -> History -> Malware History, then just "Save To File".

Here the history


PC Tools Internet Security PC Tools Internet Security
DateStatus
9/10/2007 14:00:49:93AntiVirus Engine
Anti-Virus engine configuration loaded successfully.
9/10/2007 14:00:58:62Anti-Spam Engine
Anti-Spam engine initialized successfully.
9/10/2007 14:00:58:312Service Started
Internet Security Service Application started
9/10/2007 14:01:32:640OnGuards status
All OnGuards were Enabled
9/10/2007 14:01:44:421Immunizer Results
ActiveX section has been immunized, Processed 3702 items.
9/10/2007 14:06:10:968Immunizer Results
ActiveX section has been immunized. No items were processed.
9/10/2007 14:06:12:171Immunizer Results
ActiveX section has been immunized. No items were processed.
9/10/2007 14:08:20:890Scan Started
Scan Type - Full Scan

9/10/2007 14:09:38:515Infection was detected on this computer
Threat Name - Trojan.Agent!sd5
Type - File
Risk Level - High
Infection - C:\WINDOWS\system32\winlogon.exe

9/10/2007 14:26:02:187Scan Finished
Scan Type - Full Scan
Items Processed - 195890
Threats Detected - 1
Infections Detected - 1
Infections Ignored - 0




Thanks

Hi mjq
This "infection" can be found according the program on c/windows/system32/winlogon.exe
SDAV DO NOT found this and this is the reason i think its a fp
And the program only informs this should be removed
Hope this helps

Hi Vecchio, you may find some of the information usefull in this report regarding this particular trojan, (if not a false positive???), it has rootkit behaviour so can hide itself.

http://www.threatexpert.com/report.aspx?uid=093237f0-94cc-4926-87d8-2d1625555654

You could have a check in the registry to see if any of the mentioned registry entries exist and check in your system 32 folder for the presence of the defLib.sys driver, (don't forget to turn on the option to view hidden files and folders). Just some thought on how to narrow down the possibility of it being a genuine infection or FP. Some alternate scanners for a second opinion may also be of use.

Hi Vecchio, you may find some of the information usefull in this report regarding this particular trojan, (if not a false positive???), it has rootkit behaviour so can hide itself.

http://www.threatexpert.com/report.aspx?uid=093237f0-94cc-4926-87d8-2d1625555654

You could have a check in the registry to see if any of the mentioned registry entries exist and check in your system 32 folder for the presence of the defLib.sys driver, (don't forget to turn on the option to view hidden files and folders). Just some thought on how to narrow down the possibility of it being a genuine infection or FP. Some alternate scanners for a second opinion may also be of use.

Nothing on the folder or in the registry
Thanks

Hi
As i said before this is a GREAT pogram and i will buy it as soon it be released
But i have one Problem
In EACH full scan ,the program found the "infection" "Trojan.Agent!Sd5"
In order to clean the "Infection,the program ask for reboot.After that,If i made a full scan again,the program shows the same "infection" Again and again
SD+AV dont find this "infection"
SO, i think its a fp
Please look into this
Also the Internet Suite shows the database 5. 08. 220 (Old) And the SU informs "Up to date"
I already have cleaned CACHE,COOKIES,REGISTRY,OLD REFERENCES, And Instal/ uninstal,
The problem persists
Please look into this
Thanks
Rodrigo Dos Santos Pereira Vecchio

Hey Rodrigo,

Could you please send the exact file that the IS is detecting.

Hey Rodrigo,

Could you please send the exact file that the IS is detecting.
Achen,
The only file i can send to you is winlogon.exe as this executable was infected but i cant find the own "infection"
what can i do?
thanks

That file should do :)

AChen
All the logs have been sent
Thanks

Attention Pc-Tools
I am now surely can afirm this "Trojan.Agent!sd5" "infection" is a FALSE POSITIVE
I have sent several rootkit scan logs to other sites dedicated to malware removal and ALL have said my computer is CLEAN of infections
I would like to say again the ONLY app able to found this "infection" is the new beta suite
No any other app can found this. so this is a fp
THE suite is very good(no,fortunatelly i have NO slowdowns or freezes like in SD beta )
And yes i will buy a suite license as soon it comes as final release
But i have to ask pctools solve this FP Problem
If the final version comes out with this problem,it will be UNACCEPTABLE :mad:
And so i will not use this
Please pctools LOOK INTO THIS
Thanks

Please pctools FIX THIS "INFECTION" imediately. its making me crazy!
AGAIN i wish to use it but if the final release comes out with this FP (OR MAYBE NOT,but so, the company must to create a signature to clean this) i WONT be able to use this

see the most recent history log

PC Tools Internet Security
Date Status
17/10/2007 11:17:59:406 Scan Started
Scan Type - Full Scan

17/10/2007 11:19:15:718 Infection was detected on this computer
Threat Name - Trojan.Agent!sd5
Type - File
Risk Level - High
Infection - C:\WINDOWS\system32\winlogon.exe

17/10/2007 11:35:11:578 Scan Finished
Scan Type - Full Scan
Items Processed - 191802
Threats Detected - 1
Infections Detected - 1
Infections Ignored - 0


ONLY THE SUITE FOUND THIS
PLEASE FIX IT IMEDIATELY
:mad:

Now see the history log of SD+AV


PC Tools Spyware Doctor
Date Status
17/10/2007 22:33:33:437 Scan Started
Scan Type - Full Scan

17/10/2007 22:53:59:171 Scan Finished
Scan Type - Full Scan
Items Processed - 194302
Threats Detected - 0
Infections Detected - 0
Infections Ignored - 0

as you can see there is a problem with the suite
its the SAME COMP with NO new instalations/uninstall
I love the suite
PLEASE FIX IT

While we are currently working on resolving this issue, as a workaround, you can add this detection to the Global Action List to prevent this from being detected.

While we are currently working on resolving this issue, as a workaround, you can add this detection to the Global Action List to prevent this from being detected.
Hi Achen,
My intention showing the history logs of the suite and SD was to prove there is a PROGRAM issue and not some problem with my machine or with some program i have installed
I think there is no doubt its a problem with the suite
I really hope the company can fix it before the final release
I am sitill waiting the final solution for this
Thank you

AChen
I am now will go back to SD+AV as it doesn't have this FP and have regular database updates
Again i love the suite, I WANNA use it but i cannot use the program if it comes out with this ABSURD fp(the own company admit the file "winlogon.exe"is not malicious),and this file is ALWAYS detected by the new suite as infection
Again, i really hope see the problem solved before the final release ,or unfortunatelly i cannot use the suite
I ask the company please contact me if you need i reinstall the suite again or if the company needs some other info/data for solve the problem
Although it is a problem no related by other people here, I hope the company is really trying to solve this problem
Thank you
Rodrigo Dos Santos Pereira Vecchio
REGULAR customer

ATTENTION PLEASE
The FP problem is NOT resolved yet with beta 2
This "trojan.Agent!sd5" "infection" still persists on beta2
I repeat again, I want to buy this program but if i will always have this error i wont buy it
The program is great
Solve this PLEASE:( :(
Please see the newest scan history with beta 2


PC Tools Internet Security
Date Status
25/10/2007 21:17:38:359 Scan Started
Scan Type - Full Scan

25/10/2007 21:19:57:546 Infection was detected on this computer
Threat Name - Trojan.Agent!sd5
Type - File
Risk Level - High
Infection - C:\WINDOWS\system32\winlogon.exe

25/10/2007 21:54:06:578 Scan Finished
Scan Type - Full Scan
Items Processed - 191285
Threats Detected - 1
Infections Detected - 1
Infections Ignored - 0


Please pctools inform me as soon this problem is resolved and so i will go back to this
Thanks

Vecchio: Calm down!
Everytime something happends in Your set up You keep bouncing like a hyperactive rubber ball and the end of the world is near.

Just send the file to PC Tools and let them have a look at it.

If it is a system/program error we should all be 'affected' by it, but I have no problem and have not seen anybody else with the problem. It might be a remain of an old infection staying in Your file, but does no harm.

Take a break, go to the beach and relax, ignore it at the scans until You get an answer.:)

Reodor
My intention was only show to the company the problem persists
sorry if im wrong
Thanks

this problem now seems to be resolved
VERY GOOD WORK PC TOOLS
BETA 3 is the best version released
this is the best security company on world
keep the good work
Thanks!