AVG Found 2 Trojan Horses in the System process!

Discussion in 'Virus Information' started by mmm, Mar 26, 2007.

  1. mmm

    mmm Guest

    My AVG Free Found 2 Trojan Horses in the System process in my newly abtained
    DELL E521 desktop but saying access to the file has been denied:
    C:\WINDOWS\system32\zfryb.dll
    C:\WINDOWS\system32\drivers\prkka.sys
    Are they realy trojan horses or AVG got an error?

    And with my 160G West Data hard disk, the led flashes every 1 second when
    there is no other operation. Is this relatede to the trojan horses above
    harmful to the hard disk?

    How can I solve the problem?
    Thank you in advance!
     
    mmm, Mar 26, 2007
    #1
    1. Advertisements

  2. From: "mmm" <>

    | My AVG Free Found 2 Trojan Horses in the System process in my newly abtained
    | DELL E521 desktop but saying access to the file has been denied:
    | C:\WINDOWS\system32\zfryb.dll
    | C:\WINDOWS\system32\drivers\prkka.sys
    | Are they realy trojan horses or AVG got an error?
    |
    | And with my 160G West Data hard disk, the led flashes every 1 second when
    | there is no other operation. Is this relatede to the trojan horses above
    | harmful to the hard disk?
    |
    | How can I solve the problem?
    | Thank you in advance!
    |


    Please submit samples of "prkka.sys" and "zfryb.dll" to Virus Total --
    http://www.virustotal.com/flash/index_en.html
    The submission will then be tested against many different AV vendor's scanners.
    That will give you an idea what it is and who recognizes it. In addition, unless told
    otherwise, Virus Total will provide the sample to all participating vendors.

    You can also submit a suspect, one at a time, via the following email URL...
    mailto:?subject=SCAN

    When you get the report, please post back the exact results.
     
    David H. Lipman, Mar 27, 2007
    #2
    1. Advertisements

  3. mmm

    mmm Guest

    Virus Total returned the fllowing message for the file ZFRYB.DLL(I renamed
    to ZFRYB.DLL.bak):

    Complete scanning result of "ZFRYB.DLL.bak", processed in VirusTotal at
    03/27/2007 12:59:12 (CET).

    [ file data ]
    * name: ZFRYB.DLL.bak
    * size: 59392
    * md5.: e778cef14b7279194c57dba33687fcf7
    * sha1: 6deb6f9a8ff61c97a9bef779681d0a65f4b79fac

    [ scan result ]
    AhnLab-V3 2007.3.27.0/20070327 found [Win-Trojan/Xema.variant]
    AntiVir 7.3.1.44/20070327 found nothing
    Authentium 4.93.8/20070326 found nothing
    Avast 4.7.936.0/20070325 found nothing
    AVG 7.5.0.447/20070326 found [BackDoor.Generic5.LJB]
    BitDefender 7.2/20070327 found nothing
    CAT-QuickHeal 9.00/20070326 found nothing
    ClamAV devel-20070312/20070327 found nothing
    DrWeb 4.33/20070327 found [DLOADER.Trojan]
    eSafe 7.0.14.0/20070326 found nothing
    eTrust-Vet 30.6.3515/20070327 found nothing
    Ewido 4.0/20070327 found nothing
    F-Prot 4.3.1.45/20070326 found nothing
    F-Secure 6.70.13030.0/20070327 found nothing
    FileAdvisor 1/20070327 found [Not analyzed yet]
    Fortinet 2.85.0.0/20070327 found [W32/Agent.EA09!tr]
    Ikarus T3.1.1.3/20070327 found [Trojan.Spambot.BXC]
    Kaspersky 4.0.2.24/20070327 found nothing
    McAfee 4992/20070326 found [BackDoor-CVM.dll]
    Microsoft 1.2306/20070327 found nothing
    NOD32v2 2146/20070327 found nothing
    Norman 5.80.02/20070323 found nothing
    Panda 9.0.0.4/20070327 found [Trj/Agent.ELA]
    Prevx1 V2/20070327 found [Polynomial.Code.Exploit]
    Sophos 4.15.0/20070327 found [Troj/QQHelp-Gen]
    Sunbelt 2.2.907.0/20070324 found nothing
    Symantec 10/20070327 found nothing
    TheHacker 6.1.6.080/20070323 found nothing
    UNA 1.83/20070316 found nothing
    VBA32 3.11.2/20070326 found nothing
    VirusBuster 4.3.7:9/20070326 found nothing
    Webwasher-Gateway 6.0.1/20070327 found nothing

    [ notes ]
    Bit9 info:
    http://fileadvisor.bit9.com/services/extinfo.aspx?md5=e778cef14b7279194c57dba33687fcf7
    Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PXC=bf4f80671020

    __________________________________________________
    VirusTotal is a free service offered by Hispasec Sistemas. There are no
    guarantees about the availability and continuity of this service. Do not
    reply to this message. It has been generated by an automatic address that
    will not handle any reply. Although the detection rate afforded by the use
    of multiple antivirus engines is far superior to that offered by just one
    product, these results DO NOT guarantee the harmlessness of a file.
    Currently, there is not any solution that offers a 100% effectiveness rate
    for detecting viruses and malware.
     
    mmm, Mar 27, 2007
    #3
  4. mmm

    mmm Guest

    Virus Total returned the fllowing message for the file PRKKA.SYS(I renamed
    to PRKKA.SYS.bak). I'm still not sure wheather or not the hard disk led
    flash is relavant to this problem:

    Complete scanning result of "PRKKA.SYS.bak", processed in VirusTotal at
    03/27/2007 12:59:12 (CET).

    [ file data ]
    * name: PRKKA.SYS.bak
    * size: 10240
    * md5.: d3f36e940685be0137e863bf1f0a15db
    * sha1: 81f0e7b033a2fc580a8e92f8b6d5246aab46780f

    [ scan result ]
    AhnLab-V3 2007.3.27.0/20070327 found [Win-Trojan/Agent.10240.FU]
    AntiVir 7.3.1.44/20070327 found [TR/Hijack.A.65536.A]
    Authentium 4.93.8/20070326 found nothing
    Avast 4.7.936.0/20070325 found nothing
    AVG 7.5.0.447/20070326 found [Downloader.Agent.JKP]
    BitDefender 7.2/20070327 found [Trojan.Agent.AMS]
    CAT-QuickHeal 9.00/20070326 found nothing
    ClamAV devel-20070312/20070327 found [Trojan.Downloader-3863]
    DrWeb 4.33/20070327 found [Trojan.DownLoader.19252]
    eSafe 7.0.14.0/20070326 found nothing
    eTrust-Vet 30.6.3515/20070327 found [Win32/Sybuex!generic]
    Ewido 4.0/20070327 found [Downloader.Agent.bbb]
    F-Prot 4.3.1.45/20070326 found nothing
    F-Secure 6.70.13030.0/20070327 found [Trojan-Downloader.Win32.Agent.bbb]
    FileAdvisor 1/20070327 found nothing
    Fortinet 2.85.0.0/20070327 found [W32/Agent.67BE!tr]
    Ikarus T3.1.1.3/20070327 found [Trojan.Agent.AMS]
    Kaspersky 4.0.2.24/20070327 found [Trojan-Downloader.Win32.Agent.bbb]
    McAfee 4992/20070326 found nothing
    Microsoft 1.2306/20070327 found nothing
    NOD32v2 2146/20070327 found [Win32/TrojanDownloader.Agent.BBB]
    Norman 5.80.02/20070323 found nothing
    Panda 9.0.0.4/20070327 found nothing
    Prevx1 V2/20070327 found nothing
    Sophos 4.15.0/20070327 found nothing
    Sunbelt 2.2.907.0/20070324 found nothing
    Symantec 10/20070327 found nothing
    TheHacker 6.1.6.080/20070323 found nothing
    UNA 1.83/20070316 found nothing
    VBA32 3.11.2/20070326 found [Trojan.DownLoader.19252]
    VirusBuster 4.3.7:9/20070326 found [Trojan.DL.Agent.Gen.1]
    Webwasher-Gateway 6.0.1/20070327 found [Trojan.Hijack.A.65536.A]

    __________________________________________________
    VirusTotal is a free service offered by Hispasec Sistemas. There are no
    guarantees about the availability and continuity of this service. Do not
    reply to this message. It has been generated by an automatic address that
    will not handle any reply. Although the detection rate afforded by the use
    of multiple antivirus engines is far superior to that offered by just one
    product, these results DO NOT guarantee the harmlessness of a file.
    Currently, there is not any solution that offers a 100% effectiveness rate
    for detecting viruses and malware.
     
    mmm, Mar 27, 2007
    #4
  5. From: "mmm" <>

    < snip >

    | AhnLab-V3 2007.3.27.0/20070327 found [Win-Trojan/Agent.10240.FU]
    | AntiVir 7.3.1.44/20070327 found [TR/Hijack.A.65536.A]
    | Authentium 4.93.8/20070326 found nothing
    | Avast 4.7.936.0/20070325 found nothing
    | AVG 7.5.0.447/20070326 found [Downloader.Agent.JKP]
    | BitDefender 7.2/20070327 found [Trojan.Agent.AMS]
    | CAT-QuickHeal 9.00/20070326 found nothing
    | ClamAV devel-20070312/20070327 found [Trojan.Downloader-3863]
    | DrWeb 4.33/20070327 found [Trojan.DownLoader.19252]
    | eSafe 7.0.14.0/20070326 found nothing
    | eTrust-Vet 30.6.3515/20070327 found [Win32/Sybuex!generic]
    | Ewido 4.0/20070327 found [Downloader.Agent.bbb]
    | F-Prot 4.3.1.45/20070326 found nothing
    | F-Secure 6.70.13030.0/20070327 found [Trojan-Downloader.Win32.Agent.bbb]
    | FileAdvisor 1/20070327 found nothing
    | Fortinet 2.85.0.0/20070327 found [W32/Agent.67BE!tr]
    | Ikarus T3.1.1.3/20070327 found [Trojan.Agent.AMS]
    | Kaspersky 4.0.2.24/20070327 found [Trojan-Downloader.Win32.Agent.bbb]
    | McAfee 4992/20070326 found nothing
    | Microsoft 1.2306/20070327 found nothing
    | NOD32v2 2146/20070327 found [Win32/TrojanDownloader.Agent.BBB]
    | Norman 5.80.02/20070323 found nothing
    | Panda 9.0.0.4/20070327 found nothing
    | Prevx1 V2/20070327 found nothing
    | Sophos 4.15.0/20070327 found nothing
    | Sunbelt 2.2.907.0/20070324 found nothing
    | Symantec 10/20070327 found nothing
    | TheHacker 6.1.6.080/20070323 found nothing
    | UNA 1.83/20070316 found nothing
    | VBA32 3.11.2/20070326 found [Trojan.DownLoader.19252]
    | VirusBuster 4.3.7:9/20070326 found [Trojan.DL.Agent.Gen.1]
    | Webwasher-Gateway 6.0.1/20070327 found [Trojan.Hijack.A.65536.A]
    |

    Both were oviously righteous declarations.
     
    David H. Lipman, Mar 27, 2007
    #5
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.