AVG detected a Trojan horse Generic11.AVBS , advice/help needed

[Santuzzo]

OK, I just deleted the file you mentioned and ran the SmitFraudFix, here's the log:

SmitFraudFix v2.416

Scan done at 0:20:52,21, 14.05.2009
Run from C:\Dokumente und Einstellungen\Lars\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programme\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Programme\Marvell\raid\svc\mvraidsvc.exe
C:\Programme\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
C:\Programme\Marvell\raid\Apache2\bin\httpd.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\PSIService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Programme\AVG\AVG8\avgcsrvx.exe
C:\Programme\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Marvell\raid\Apache2\bin\httpd.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Programme\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ASUS\TurboV\TurboV.exe
C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
C:\Programme\Java\jre1.6.0_07\bin\jusched.exe
C:\Programme\ASUS\EPU-6 Engine\SixEngine.exe
D:\Programs\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\WINDOWS\V0270Mon.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Marvell\raid\tray\zRaidTray.exe
D:\Programs\Open Office\OpenOffice.org 3\program\soffice.exe
D:\Programs\Open Office\OpenOffice.org 3\program\soffice.bin
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Programme\Malwarebytes' Anti-Malware\mbam.exe
C:\Dokumente und Einstellungen\Lars\Desktop\Weird Metronome.exe
C:\Programme\Digital Timepiece\DigitalTimepiece.exe
C:\Dokumente und Einstellungen\Lars\Desktop\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Dokumente und Einstellungen\Lars


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOKUME~1\Lars\LOKALE~1\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Dokumente und Einstellungen\Lars\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOKUME~1\Lars\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Programme


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Die derzeitige Homepage"


»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, following keys are not inevitably infected!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

»»»»»»»»»»»»»»»»»»»»»»»» RK

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""




»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{E6D3693A-CF9F-40D8-A234-9ED5F7A35053}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E6D3693A-CF9F-40D8-A234-9ED5F7A35053}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{E6D3693A-CF9F-40D8-A234-9ED5F7A35053}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

 

[Osiris]

Ok, so what issues are you still having?

 

[Santuzzo]

Ok, so what issues are you still having?

Well apart from the fact that Malwarebyte keeps freezing when I do a full scan (just tried quick scan, that worked), my AVG still detects the trojan Generic11.AVBS.

The weird thing is, when I have AVG scan a full system scan, it does not detect it, but when I just have it scan that particular file it does say it's infected with the trojan mentioned.
3 days ago this was detected by the full system scan.

The logs of the scans I posted here, do they seem fine?
Do you think there is any virus on my PC?

Thank you very much for all your help !!!!

 

[Osiris]

Will AVG let you remove/heal?

 

[Santuzzo]

Will AVG let you remove/heal?

Yes, if I choose that option, it takes away said file and puts it into the virus vault, but the problem is, it's a file of a music software synthesizer, and I need all parts of it.

I uploaded the file to VirusTotal - Free Online Virus and Malware Scan, where it got scanned by 40 different scanners (AVG among them), and AVG was the only one that said it was infected, all other scanners (39 of them) said there was no infection......

Do you think I have or had a Trojan at all? Did the logs I posted indicate anything strange? (sorry, but to me they are all Chinese)

 

[Osiris]

Well the logs look fine. You can select ignore when it happens again

 

[Santuzzo]

Well the logs look fine. You can select ignore when it happens again

OK, cool !

So, you also think it's most likely a false positive?

Another thing: should I keep those anit-malware softwares (Combo fix, HijackThis, Malwarebytes, SmitFraudFix) on my PC and run them periodically just to be safe? Or do I only need thme in case there is a virus alert on my PC?

 

[Osiris]

Only run Combifx and Smitfraud when asked, the others are ok

 

[Santuzzo]

OK !

Thank you.

 

[Santuzzo]

I finally got a response from AVG after sending in the file thinkning it is a false positive.
They still say it was detected correctly as a Trojan.
I scanned it with every online scanner I could find, NONE of them detected anything, except for AVG.
out of 40 different upload scanners, AVG still is the only one to detect a virus.
I was so sure it must be false alarm, but they checked it and still say the detection was correct.

And the weird thing is that when I run a full system scan with AVG, it does NOT detect the virus on that particular file, only if I select that file to be scanned (or the parent folder) does AVG detect it as a Trojan. Isn't that odd?

Any idea on how to proceed here? I am not sure if I should trudt their detection?!?!