Daave said:
rock said:
HI,
I am getting an SVG 8.5 FREE virus checker telling me I have an
infected file in the /drivers/agp440.sys file. They call it a Trojan
Generic14.BLZl
It says not to delete as it is a critical system file.
It is 93kb big.
Should I delete it? I have never had this message before but now it
is all day coming up.
I also get the message from Dr Web saying it is called a
Trojan.Download.47257. It also asks whether to delete it?
You should definitely *not* delete it -- at least for the time being --
becuase it might be a false positive. Instead, send it to the "vault."
You can know for sure by following these instructions:
In the case where AVG Free detects a file on your PC as infected, moves
it to the AVG Virus Vault, and you are sure that this file is correct
and clean, it is possible that the detected file is a false alarm. If
so, we shall prepare the correction as soon as possible. Unfortunately,
false alarms do appear from time to time in every Anti-Virus software.
To solve the problem, please send us this file for analysis directly
from the AVG Free program this way:
Open AVG Free User Interface.
Choose the "Virus Vault" option from the "History" menu.
Right-click the false positive file and select the "Send to analysis"
option from context menu.
Fill in your e-mail address
Confirm the dialog
This file will be sent to our virus specialists for analysis and we will
inform you about the result.
The above is from:
http://free.avg.com/faq.num-1244#faq_1320
Are your definitions up to date?
Thank you guys for your time and advice.
I did rename it and there no was difference so I bit the bullet and
removed it to quarantine. Both files also noticed a 7758ql.exe file
which I also gave to quarantine. After the last quarantine, XP closed
and warm booted. I noticed a slight speed up in the box at that stage as
well.
At the moment the box is up and running without the agp440.sys in
/drivers/ however it is in the /SoftwareDistribution/ dir.
Yes did the VirusTotal thing as well. A great free service.
I do also have.. SpywareBlaster, Spyware Terminator, SysProt, HiJack
this, procexp, Ad-Aware, Security Check and RootRepleal. All have been
helpful in letting me know some of what is happening.
I eventually got a reply the from SpywareWarriors forum and they have
done an excellent and thorough job diagnosing my box and we are just
about through showing a clean system!! He has suggested to move the
agp440.sys from /software/ to /drivers/ when he is ready. Box speed is
up tremendously and so are my 'spirits'.
It sure is a heavy load when these things happen, especially when the
box is so importantly used for business 16 hours a day.
This box is using ftp much of the day to our clients sites and we had
been breached through ftp somehow. We had several sites which had all
index files across the sites changed, some with those iframes pointing
to a site with a ru extension.
We checked the ftp log and I did an IP search and found they were from
Slovenia, Romania, Netherlands, Sweden, Hungary and all points east so
it seems. They must have been using some proxy or something as they
were all uploading the new index files within seconds of each other.
Anyway, that some my gossip!!
Thanks again guys. It is always good to know that there are some who
balance up the evil on the Internet.
oz
from downunda
