AVG Found 2 Trojan Horses in the System process!

AVG Found 2 Trojan Horses in the System process!
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Microsoft Antivirus Discussions    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
AVG Found 2 Trojan Horses in the System process! mmm 03-26-2007
Posted by mmm on March 26, 2007, 6:23 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
My AVG Free Found 2 Trojan Horses in the System process in my newly abtained
DELL E521 desktop but saying access to the file has been denied:
C:\WINDOWS\system32\zfryb.dll
C:\WINDOWS\system32\drivers\prkka.sys
Are they realy trojan horses or AVG got an error?

And with my 160G West Data hard disk, the led flashes every 1 second when
there is no other operation. Is this relatede to the trojan horses above
harmful to the hard disk?

How can I solve the problem?
Thank you in advance!



Posted by David H. Lipman on March 26, 2007, 8:27 pm
If you were  Registered and logged in, you could reply and use other advanced thread options

| My AVG Free Found 2 Trojan Horses in the System process in my newly abtained
| DELL E521 desktop but saying access to the file has been denied:
| C:\WINDOWS\system32\zfryb.dll
| C:\WINDOWS\system32\drivers\prkka.sys
| Are they realy trojan horses or AVG got an error?
|
| And with my 160G West Data hard disk, the led flashes every 1 second when
| there is no other operation. Is this relatede to the trojan horses above
| harmful to the hard disk?
|
| How can I solve the problem?
| Thank you in advance!
|


Please submit samples of "prkka.sys" and "zfryb.dll" to Virus Total --
http://www.virustotal.com/flash/index_en.html
The submission will then be tested against many different AV vendor's scanners.
That will give you an idea what it is and who recognizes it. In addition,
unless told
otherwise, Virus Total will provide the sample to all participating vendors.

You can also submit a suspect, one at a time, via the following email URL...
mailto:scan@virustotal.com?subject=SCAN

When you get the report, please post back the exact results.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Posted by mmm on March 27, 2007, 8:05 am
If you were  Registered and logged in, you could reply and use other advanced thread options
写入消息新闻:ePzEuaAcHHA.264@TK2MSFTNGP05.phx.gbl...
>
> Please submit samples of "prkka.sys" and "zfryb.dll" to Virus Total --
> http://www.virustotal.com/flash/index_en.html
> The submission will then be tested against many different AV vendor's
> scanners.
> That will give you an idea what it is and who recognizes it. In addition,
> unless told
> otherwise, Virus Total will provide the sample to all participating
> vendors.
>
> You can also submit a suspect, one at a time, via the following email
> URL...
> mailto:scan@virustotal.com?subject=SCAN
>
> When you get the report, please post back the exact results.
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>

Virus Total returned the fllowing message for the file ZFRYB.DLL(I renamed
to ZFRYB.DLL.bak):

Complete scanning result of "ZFRYB.DLL.bak", processed in VirusTotal at
03/27/2007 12:59:12 (CET).

[ file data ]
* name: ZFRYB.DLL.bak
* size: 59392
* md5.: e778cef14b7279194c57dba33687fcf7
* sha1: 6deb6f9a8ff61c97a9bef779681d0a65f4b79fac

[ scan result ]
AhnLab-V3 2007.3.27.0/20070327 found [Win-Trojan/Xema.variant]
AntiVir 7.3.1.44/20070327 found nothing
Authentium 4.93.8/20070326 found nothing
Avast 4.7.936.0/20070325 found nothing
AVG 7.5.0.447/20070326 found [BackDoor.Generic5.LJB]
BitDefender 7.2/20070327 found nothing
CAT-QuickHeal 9.00/20070326 found nothing
ClamAV devel-20070312/20070327 found nothing
DrWeb 4.33/20070327 found [DLOADER.Trojan]
eSafe 7.0.14.0/20070326 found nothing
eTrust-Vet 30.6.3515/20070327 found nothing
Ewido 4.0/20070327 found nothing
F-Prot 4.3.1.45/20070326 found nothing
F-Secure 6.70.13030.0/20070327 found nothing
FileAdvisor 1/20070327 found [Not analyzed yet]
Fortinet 2.85.0.0/20070327 found [W32/Agent.EA09!tr]
Ikarus T3.1.1.3/20070327 found [Trojan.Spambot.BXC]
Kaspersky 4.0.2.24/20070327 found nothing
McAfee 4992/20070326 found [BackDoor-CVM.dll]
Microsoft 1.2306/20070327 found nothing
NOD32v2 2146/20070327 found nothing
Norman 5.80.02/20070323 found nothing
Panda 9.0.0.4/20070327 found [Trj/Agent.ELA]
Prevx1 V2/20070327 found [Polynomial.Code.Exploit]
Sophos 4.15.0/20070327 found [Troj/QQHelp-Gen]
Sunbelt 2.2.907.0/20070324 found nothing
Symantec 10/20070327 found nothing
TheHacker 6.1.6.080/20070323 found nothing
UNA 1.83/20070316 found nothing
VBA32 3.11.2/20070326 found nothing
VirusBuster 4.3.7:9/20070326 found nothing
Webwasher-Gateway 6.0.1/20070327 found nothing

[ notes ]
Bit9 info:
http://fileadvisor.bit9.com/services/extinfo.aspx?md5=e778cef14b7279194c57dba33687fcf7
Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PXC=bf4f80671020

__________________________________________________
VirusTotal is a free service offered by Hispasec Sistemas. There are no
guarantees about the availability and continuity of this service. Do not
reply to this message. It has been generated by an automatic address that
will not handle any reply. Although the detection rate afforded by the use
of multiple antivirus engines is far superior to that offered by just one
product, these results DO NOT guarantee the harmlessness of a file.
Currently, there is not any solution that offers a 100% effectiveness rate
for detecting viruses and malware.



--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.446 / Virus Database: 268.18.18/734 - Release Date: 2007-3-26
14:31




Posted by mmm on March 27, 2007, 8:09 am
If you were  Registered and logged in, you could reply and use other advanced thread options
写入消息新闻:ePzEuaAcHHA.264@TK2MSFTNGP05.phx.gbl...
>
> Please submit samples of "prkka.sys" and "zfryb.dll" to Virus Total --
> http://www.virustotal.com/flash/index_en.html
> The submission will then be tested against many different AV vendor's
> scanners.
> That will give you an idea what it is and who recognizes it. In addition,
> unless told
> otherwise, Virus Total will provide the sample to all participating
> vendors.
>
> You can also submit a suspect, one at a time, via the following email
> URL...
> mailto:scan@virustotal.com?subject=SCAN
>
> When you get the report, please post back the exact results.
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>

Virus Total returned the fllowing message for the file PRKKA.SYS(I renamed
to PRKKA.SYS.bak). I'm still not sure wheather or not the hard disk led
flash is relavant to this problem:

Complete scanning result of "PRKKA.SYS.bak", processed in VirusTotal at
03/27/2007 12:59:12 (CET).

[ file data ]
* name: PRKKA.SYS.bak
* size: 10240
* md5.: d3f36e940685be0137e863bf1f0a15db
* sha1: 81f0e7b033a2fc580a8e92f8b6d5246aab46780f

[ scan result ]
AhnLab-V3 2007.3.27.0/20070327 found [Win-Trojan/Agent.10240.FU]
AntiVir 7.3.1.44/20070327 found [TR/Hijack.A.65536.A]
Authentium 4.93.8/20070326 found nothing
Avast 4.7.936.0/20070325 found nothing
AVG 7.5.0.447/20070326 found [Downloader.Agent.JKP]
BitDefender 7.2/20070327 found [Trojan.Agent.AMS]
CAT-QuickHeal 9.00/20070326 found nothing
ClamAV devel-20070312/20070327 found [Trojan.Downloader-3863]
DrWeb 4.33/20070327 found [Trojan.DownLoader.19252]
eSafe 7.0.14.0/20070326 found nothing
eTrust-Vet 30.6.3515/20070327 found [Win32/Sybuex!generic]
Ewido 4.0/20070327 found [Downloader.Agent.bbb]
F-Prot 4.3.1.45/20070326 found nothing
F-Secure 6.70.13030.0/20070327 found [Trojan-Downloader.Win32.Agent.bbb]
FileAdvisor 1/20070327 found nothing
Fortinet 2.85.0.0/20070327 found [W32/Agent.67BE!tr]
Ikarus T3.1.1.3/20070327 found [Trojan.Agent.AMS]
Kaspersky 4.0.2.24/20070327 found [Trojan-Downloader.Win32.Agent.bbb]
McAfee 4992/20070326 found nothing
Microsoft 1.2306/20070327 found nothing
NOD32v2 2146/20070327 found [Win32/TrojanDownloader.Agent.BBB]
Norman 5.80.02/20070323 found nothing
Panda 9.0.0.4/20070327 found nothing
Prevx1 V2/20070327 found nothing
Sophos 4.15.0/20070327 found nothing
Sunbelt 2.2.907.0/20070324 found nothing
Symantec 10/20070327 found nothing
TheHacker 6.1.6.080/20070323 found nothing
UNA 1.83/20070316 found nothing
VBA32 3.11.2/20070326 found [Trojan.DownLoader.19252]
VirusBuster 4.3.7:9/20070326 found [Trojan.DL.Agent.Gen.1]
Webwasher-Gateway 6.0.1/20070327 found [Trojan.Hijack.A.65536.A]

__________________________________________________
VirusTotal is a free service offered by Hispasec Sistemas. There are no
guarantees about the availability and continuity of this service. Do not
reply to this message. It has been generated by an automatic address that
will not handle any reply. Although the detection rate afforded by the use
of multiple antivirus engines is far superior to that offered by just one
product, these results DO NOT guarantee the harmlessness of a file.
Currently, there is not any solution that offers a 100% effectiveness rate
for detecting viruses and malware.



--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.446 / Virus Database: 268.18.18/734 - Release Date: 2007-3-26
14:31




Posted by David H. Lipman on March 27, 2007, 4:32 pm
If you were  Registered and logged in, you could reply and use other advanced thread options

< snip >

| AhnLab-V3 2007.3.27.0/20070327 found [Win-Trojan/Agent.10240.FU]
| AntiVir 7.3.1.44/20070327 found [TR/Hijack.A.65536.A]
| Authentium 4.93.8/20070326 found nothing
| Avast 4.7.936.0/20070325 found nothing
| AVG 7.5.0.447/20070326 found [Downloader.Agent.JKP]
| BitDefender 7.2/20070327 found [Trojan.Agent.AMS]
| CAT-QuickHeal 9.00/20070326 found nothing
| ClamAV devel-20070312/20070327 found [Trojan.Downloader-3863]
| DrWeb 4.33/20070327 found [Trojan.DownLoader.19252]
| eSafe 7.0.14.0/20070326 found nothing
| eTrust-Vet 30.6.3515/20070327 found [Win32/Sybuex!generic]
| Ewido 4.0/20070327 found [Downloader.Agent.bbb]
| F-Prot 4.3.1.45/20070326 found nothing
| F-Secure 6.70.13030.0/20070327 found [Trojan-Downloader.Win32.Agent.bbb]
| FileAdvisor 1/20070327 found nothing
| Fortinet 2.85.0.0/20070327 found [W32/Agent.67BE!tr]
| Ikarus T3.1.1.3/20070327 found [Trojan.Agent.AMS]
| Kaspersky 4.0.2.24/20070327 found [Trojan-Downloader.Win32.Agent.bbb]
| McAfee 4992/20070326 found nothing
| Microsoft 1.2306/20070327 found nothing
| NOD32v2 2146/20070327 found [Win32/TrojanDownloader.Agent.BBB]
| Norman 5.80.02/20070323 found nothing
| Panda 9.0.0.4/20070327 found nothing
| Prevx1 V2/20070327 found nothing
| Sophos 4.15.0/20070327 found nothing
| Sunbelt 2.2.907.0/20070324 found nothing
| Symantec 10/20070327 found nothing
| TheHacker 6.1.6.080/20070323 found nothing
| UNA 1.83/20070316 found nothing
| VBA32 3.11.2/20070326 found [Trojan.DownLoader.19252]
| VirusBuster 4.3.7:9/20070326 found [Trojan.DL.Agent.Gen.1]
| Webwasher-Gateway 6.0.1/20070327 found [Trojan.Hijack.A.65536.A]
|

Both were oviously righteous declarations.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Similar ThreadsPosted
JS Downloader Agent (Virus) and Trojan Horses January 27, 2008, 2:24 pm
Trojan DND Changer not found by ONECARE February 17, 2007, 6:19 am
Trojan found; Internet Explorer shuts down May 10, 2006, 11:28 am
A problem with a process CRCAB.exe July 5, 2005, 11:55 am
Generic Host Process for Win 32 August 6, 2005, 2:29 pm
Process remover/killer May 6, 2007, 9:37 pm
Annoying virus - can't tell what process it's associated with... July 16, 2008, 6:04 pm
A new startup process SlowDowncpu.exe gets added July 20, 2005, 1:36 am
Irremovable process running on my laptop April 7, 2006, 3:33 pm
task manager process hog or virus? April 4, 2007, 9:28 am

The site map in XML format XML site map

Contact Us | Privacy Policy