Sign in to follow this  
jmorlan

Another Win32.Trojan.Agent FP?

Recommended Posts

I believe this detection of a regkey is a FP for SnagIt.

 

Name:Win32.Trojan.Agent

Category:Data Miner

Object Type:Regkey

Size:39 Bytes

Location:appid\bho.dll\

Last Activity:10-29-2006

Relevance:Low

TAC index:10

Comment:

Description:Win32.Trojan.Agent may download and install adware program(s) to the victim machine. May change configurations for Windows Explorer and for Windows interface.

 

Using:

 

Reference Number : SE1R125 06.10.2006

Internal build : 154

 

Note: The link to the TAC for Win32.Trojan.Agent is a dead end.

 

I left the key pending further information. Please advise.

Share this post


Link to post
Share on other sites

Hi jmorlan,

 

Thanks for reporting this. Did the log give further information on the key detected (location? value?)

 

I'll ask the Research Team to take a look here :(

Share this post


Link to post
Share on other sites
Hi jmorlan,

 

Thanks for reporting this. Did the log give further information on the key detected (location? value?)

 

I'll ask the Research Team to take a look here :)

 

This is from the log:

 

Started registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Win32.Trojan.Agent Object Recognized!

Type : Regkey

Data :

TAC Rating : 10

Category : Data Miner

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : appid\bho.dll

 

Registry Scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 1

Objects found so far: 1

 

The "jump to key" feature doesn't seem to be working for me, but here is the value:

 

Windows Registry Editor Version 5.00

 

[HKEY_CLASSES_ROOT\AppID\BHO.DLL]

"AppID"="{59AEAD8A-6822-4794-AF2E-8CC27312E26E}"

 

I tracked that value to what I believe is the Snagit IE plugin. Please let me know if you need any other information.

Share this post


Link to post
Share on other sites

I reported this back on Oct. 26, 2006.

 

http://www.lavasoftsupport.com/index.php?showtopic=4353

 

I'm sure that this registry entry came from the SnagIt BHO AppID. To satisfy myself, I uninstalled the SnagIt Add-In via Add/Remove and this in turn, removed the reg entry. A scan by Ad-Aware confirmed it (not there anymore). Re-Installed the Add-In and the key is back.

Share this post


Link to post
Share on other sites
Ok! Thanks, Don.

 

Now they have two headsup B)

I guess we can say 3 now. I found this post/thread because I was searching on the same topic, since I had this "Win32.Trojan.Agent" found as well... Which I thought a bit suspect since my enterprise McAfee scanner didn't find it.

 

Same registry key location. I also have SnagIt v8.1 (latest)

 

BTW...

Please do NOT send Private Messages to Staff or helpers to request assistance! We do not give a personal support via PM nor by email, AIM, ICQ, IRC! The way to request help is to post a NEW TOPIC in the appropriate forum.

If I wanted to report a problem with the registration process, would I still post it, or is there someone I can PM or email...?

 

Thanks... & Of course thanks for AdAware! :)

 

Cheers

Share this post


Link to post
Share on other sites

This has been corrected with today's update:

 

Reference Number : SE1R130 01.11.2006

Internal build : 162

File location : C:\Program Files\Ad-Aware SE Professional\defs.ref

File size : 827740 Bytes

Total size : 2672674 Bytes

Signature data size : 2623206 Bytes

Reference data size : 48956 Bytes

Signatures total : 71527

CSI Fingerprints total : 4337

CSI data size : 186643 Bytes

Target categories : 15

Target families : 1005

Share this post


Link to post
Share on other sites

Hi don,

If I wanted to report a problem with the registration process, would I still post it, or is there someone I can PM or email...?
You could try an email to [email protected] - they are dealing with a license issue, that I raised from inside the Support Center - would be helpful to them for the Subject line to be as explanatory as possible.

 

Should you have purchased on-line, then it may pay to visit the Customer Care Center of their online eseller, element5. There are several methods for logging-in and once inside, you will be able to retrieve such information as Order # and Reference #, together with all you other on-line purchase information.

 

element5_login_.gif

 

Hope that that is of help to you,

 

Regards,

 

Spike

Share this post


Link to post
Share on other sites

Hmmm, I don't see a question from don about registration (maybe he edited that out?)

 

Anyway, this FP appears to be resolved now so I'm moving this thread to the "Resolved" section (read only)

 

If you should have further issues, please feel free to post a new topic. :o

 

Edit: Ok, I found it was a question further up from unRheal regards registration. So if spike-nz's answer doesn't resolve the problem, please feel free to start a new topic since this one is about the FP that has since been resolved

Edited by LS CalamityJane

Share this post


Link to post
Share on other sites
Sign in to follow this