• Announcements

    • Andrew Browne

      Support for other products than adaware, ad block and Web Companion

      Support for the following products is handled by the Lavasoft support team: Lavasoft Tuneup Kit Lavasoft PC Optimizer Lavasoft Driver Updater Lavasoft Registry Tuner Lavasoft Privacy Toolbox Lavasoft File Shredder Lavasoft Digital Lock


      For help with these products, contact the support team here: http://www.lavasoft.com/support/supportcenter/

Sign in to follow this  
Followers 0
taffy078

False Positive? Trojan.Win32.Generic.pak!cobra

8 posts in this topic

A scan last night (AAW Free) found a Trojan.Win32.Generic.pak!cobra in c:\program files\uniblue\registrybooster\unins000.exe
I left the PC to run overnight the "ThreatWork Alliance - submitting suspicious files".
[b]I noticed that one of the 'suspicious files' was in the AdAware folder. [/b]

As there was no message showing this morning, I scanned again. It found the above plus another one: Trojan.Win32.Generic.pak!cobra in
c:\system volume information\_restore{dee4b321-5e9d-4a92-95c5-eacebc257d73}\rp348\a0092084.exe.

I cannot find this folder in My Computer C: drive.

The "ThreatWork Alliance - submitting suspicious files" started at 07:20 this morning and finished at 08:26. I've not done this before so I have no idea if that's what it normally takes.

I seached this forum and found from last October the below thread, which shows a false positive: [url="http://www.lavasoftsupport.com/index.php?showtopic=30226"]http://www.lavasoftsupport.com/index.php?showtopic=30226[/url]
Unfortunately I seems that I should have saved the log file before enabling the ThreatWork Alliance submission. I didn't and found when that had finished that the "export log" button was no longer there.

I scanned again. The above two threats didn't appear again. (But there were two more found, both cookies which I have deleted.) The two are in quarantine, your recommended action. Should I delete them
or can I get log files from them?

Is there anything else you need from me to enable you to check if these are false positives, please? Edited by taffy078

Share this post


Link to post
Share on other sites
Hi taffy078,

Thanks for your report. We should be able to recover the log file as well as the detected files from your machine to check them out.

[b]Locate & Upload Log Files[/b]
Can you check in the appropriate folder for your operating system for the log files?

XP - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Logs\Scan_<date information>.log
Vista and 7 - C:\ProgramData\Lavasoft\Ad-Aware\Logs\Scan_<date information>.log

Just double click on the .log file to open it. Upload the log files that detected the files to this topic.

[b]Locate and Upload Quarantine Files[/b]
Navigate to:

XP - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Quarantine
Vista and 7 - C:\ProgramData\Lavasoft\Ad-Aware\Quarantine

Again, upload the two quarantine files to this topic and I can check them out.

Regards,

Andy
Lavasoft Malware Labs

Share this post


Link to post
Share on other sites
thank you Andy. Here's the log-file from last night i.e. the first one in my post. The second one wasn't in that location.

There are four files in quarantine - these are attached too. Not having done this for a long time, I've forgotten if I can send you a folder! Let's see!

No - it's rejected the folder - "Upload failed. You are not permitted to upload this type of file". I'll try one file at a time.

Taffy078 Edited by taffy078

Share this post


Link to post
Share on other sites
I keep getting the "not permitted to upload this type of file" message.

Here's a screen print of the contents of the Quarantine folder. What else should I do please?

AAarrrggggggggggghhhhhh. This too has failed - it's just a word document. Help would be appreciated!!

Can I email it (the Word Document) if all else fails? Edited by taffy078

Share this post


Link to post
Share on other sites
I recommend zipping the quarantine files individually and password protecting them with the password [b]infected[/b] then uploading them. If you would like some guidance on how to do that, let me know.

Andy

Share this post


Link to post
Share on other sites
[quote name='LS Andy' post='125621' date='Mar 21 2011, 01:18 PM']I recommend zipping the quarantine files individually and password protecting them with the password [b]infected[/b] then uploading them. If you would like some guidance on how to do that, let me know.

Andy[/quote]
Thank you Andy. Here we go:

Share this post


Link to post
Share on other sites
Hi taffy078,

Thanks for uploading everything - it was very helpful. This was an FP - it has been corrected and will reflect in a definitions update this afternoon.

Regards,

Andy
Lavasoft Malware Labs

Share this post


Link to post
Share on other sites
[quote name='LS Andy' post='125633' date='Mar 22 2011, 01:29 PM']Hi taffy078,

Thanks for uploading everything - it was very helpful. This was an FP - it has been corrected and will reflect in a definitions update this afternoon.

Regards,

Andy
Lavasoft Malware Labs[/quote]

That's a relief! :unsure: Thank you for your prompt help, Andy. Much appreciated.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0