Hi!
I have Win8 PRO, Comodo Internet Security Premium, Malwarebytes Anti-Malware (trial so active protection is enabled), Superantispyware w/o active protection and SpywareBlaster.
This is Anti-Malware log from yesterday:
2012/12/05 02:09:40 +0100 PC Admin IP-BLOCK 212.117.177.190 (Type: outgoing, Port: 50847, Process: firefox.exe)
2012/12/05 02:09:40 +0100 PC Admin IP-BLOCK 212.117.177.190 (Type: outgoing, Port: 50854, Process: firefox.exe)
2012/12/05 02:20:40 +0100 PC Admin MESSAGE Executing scheduled update: Daily
2012/12/05 02:20:58 +0100 PC Admin MESSAGE Scheduled update executed successfully: database updated from version v2012.12.03.14 to version v2012.12.05.01
2012/12/05 02:20:58 +0100 PC Admin MESSAGE Starting database refresh
2012/12/05 02:20:58 +0100 PC Admin MESSAGE Stopping IP protection
2012/12/05 02:20:59 +0100 PC Admin MESSAGE IP Protection stopped successfully
2012/12/05 02:21:01 +0100 PC Admin MESSAGE Database refreshed successfully
2012/12/05 02:21:01 +0100 PC Admin MESSAGE Starting IP protection
2012/12/05 02:21:03 +0100 PC Admin MESSAGE IP Protection started successfully
2012/12/05 03:51:02 +0100 PC Admin MESSAGE Starting protection
2012/12/05 03:51:02 +0100 PC Admin MESSAGE Protection started successfully
2012/12/05 03:51:02 +0100 PC Admin MESSAGE Starting IP protection
2012/12/05 03:51:03 +0100 PC Admin MESSAGE IP Protection started successfully
2012/12/05 04:11:12 +0100 PC Admin IP-BLOCK 212.117.177.190 (Type: outgoing, Port: 49652, Process: firefox.exe)
2012/12/05 04:27:46 +0100 PC Admin IP-BLOCK 212.117.177.190 (Type: outgoing, Port: 50794, Process: firefox.exe)
2012/12/05 04:27:46 +0100 PC Admin IP-BLOCK 212.117.177.190 (Type: outgoing, Port: 50795, Process: firefox.exe)
2012/12/05 04:27:46 +0100 PC Admin IP-BLOCK 212.117.177.190 (Type: outgoing, Port: 50799, Process: firefox.exe)
2012/12/05 04:27:46 +0100 PC Admin IP-BLOCK 212.117.177.190 (Type: outgoing, Port: 50800, Process: firefox.exe)
2012/12/05 04:27:46 +0100 PC Admin IP-BLOCK 212.117.177.190 (Type: outgoing, Port: 50801, Process: firefox.exe)
2012/12/05 04:27:46 +0100 PC Admin IP-BLOCK 212.117.177.190 (Type: outgoing, Port: 50802, Process: firefox.exe)
2012/12/05 10:53:11 +0100 PC User1 DETECTION C:\Program Files (x86)\Synology\Assistant\Uninstall.exe Trojan.Agent QUARANTINE
2012/12/05 13:36:04 +0100 PC Admin MESSAGE Starting protection
2012/12/05 13:36:04 +0100 PC Admin MESSAGE Protection started successfully
2012/12/05 13:36:04 +0100 PC Admin MESSAGE Starting IP protection
2012/12/05 13:36:06 +0100 PC Admin MESSAGE IP Protection started successfully
2012/12/05 17:14:24 +0100 PC Admin IP-BLOCK 212.117.177.190 (Type: outgoing, Port: 52389, Process: firefox.exe)
Synology Assistant was downloaded from Synology website and I suppose it should be trusted. The problem I have is Anti-Malware notified me moments after login that Uninstall.exe is trying to run and that it was identified as Trojan.Agent. I quarantined but later restored to run other scanners. Every other scanner I have tried (Commodo, SuperAntiSpyware, TrojanHunter, Spybot, Kapersky Security Scan) came up with nothing. Then I ran Anti-Malware full scan which came up with this:
....
Registry Keys Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Synology Assistant (Trojan.Agent) -> No action taken.
....
Files Detected: 4
C:\Program Files\Common Files\Logishrd\Unifying\UnifyingUnInstaller.exe (Trojan.Agent) -> No action taken.
C:\Program Files (x86)\Synology\Assistant\Uninstall.exe (Trojan.Agent) -> No action taken.
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XTOHYT5O\6_unifying_logitech_64[1] (Trojan.Agent) -> No action taken.
C:\Users\Admin\AppData\Local\Temp\lu\sp_20064_6_unifying_logitech_64.exe (Trojan.Agent) -> No action taken.
Those are Synology and Logitech files downloaded from official sites. So is Malwarebytes trying to scare me into buying full version or should I pursue this any further? The one thing bothering me here is - why would Uninstall.exe (mentioned at the beginning) even try to run on its own at login?
Also is it OK to have Anti-Malware active-protection enabled together with Comodo ISP?
Thank you for your answer.
M
I have Win8 PRO, Comodo Internet Security Premium, Malwarebytes Anti-Malware (trial so active protection is enabled), Superantispyware w/o active protection and SpywareBlaster.
This is Anti-Malware log from yesterday:
2012/12/05 02:09:40 +0100 PC Admin IP-BLOCK 212.117.177.190 (Type: outgoing, Port: 50847, Process: firefox.exe)
2012/12/05 02:09:40 +0100 PC Admin IP-BLOCK 212.117.177.190 (Type: outgoing, Port: 50854, Process: firefox.exe)
2012/12/05 02:20:40 +0100 PC Admin MESSAGE Executing scheduled update: Daily
2012/12/05 02:20:58 +0100 PC Admin MESSAGE Scheduled update executed successfully: database updated from version v2012.12.03.14 to version v2012.12.05.01
2012/12/05 02:20:58 +0100 PC Admin MESSAGE Starting database refresh
2012/12/05 02:20:58 +0100 PC Admin MESSAGE Stopping IP protection
2012/12/05 02:20:59 +0100 PC Admin MESSAGE IP Protection stopped successfully
2012/12/05 02:21:01 +0100 PC Admin MESSAGE Database refreshed successfully
2012/12/05 02:21:01 +0100 PC Admin MESSAGE Starting IP protection
2012/12/05 02:21:03 +0100 PC Admin MESSAGE IP Protection started successfully
2012/12/05 03:51:02 +0100 PC Admin MESSAGE Starting protection
2012/12/05 03:51:02 +0100 PC Admin MESSAGE Protection started successfully
2012/12/05 03:51:02 +0100 PC Admin MESSAGE Starting IP protection
2012/12/05 03:51:03 +0100 PC Admin MESSAGE IP Protection started successfully
2012/12/05 04:11:12 +0100 PC Admin IP-BLOCK 212.117.177.190 (Type: outgoing, Port: 49652, Process: firefox.exe)
2012/12/05 04:27:46 +0100 PC Admin IP-BLOCK 212.117.177.190 (Type: outgoing, Port: 50794, Process: firefox.exe)
2012/12/05 04:27:46 +0100 PC Admin IP-BLOCK 212.117.177.190 (Type: outgoing, Port: 50795, Process: firefox.exe)
2012/12/05 04:27:46 +0100 PC Admin IP-BLOCK 212.117.177.190 (Type: outgoing, Port: 50799, Process: firefox.exe)
2012/12/05 04:27:46 +0100 PC Admin IP-BLOCK 212.117.177.190 (Type: outgoing, Port: 50800, Process: firefox.exe)
2012/12/05 04:27:46 +0100 PC Admin IP-BLOCK 212.117.177.190 (Type: outgoing, Port: 50801, Process: firefox.exe)
2012/12/05 04:27:46 +0100 PC Admin IP-BLOCK 212.117.177.190 (Type: outgoing, Port: 50802, Process: firefox.exe)
2012/12/05 10:53:11 +0100 PC User1 DETECTION C:\Program Files (x86)\Synology\Assistant\Uninstall.exe Trojan.Agent QUARANTINE
2012/12/05 13:36:04 +0100 PC Admin MESSAGE Starting protection
2012/12/05 13:36:04 +0100 PC Admin MESSAGE Protection started successfully
2012/12/05 13:36:04 +0100 PC Admin MESSAGE Starting IP protection
2012/12/05 13:36:06 +0100 PC Admin MESSAGE IP Protection started successfully
2012/12/05 17:14:24 +0100 PC Admin IP-BLOCK 212.117.177.190 (Type: outgoing, Port: 52389, Process: firefox.exe)
Synology Assistant was downloaded from Synology website and I suppose it should be trusted. The problem I have is Anti-Malware notified me moments after login that Uninstall.exe is trying to run and that it was identified as Trojan.Agent. I quarantined but later restored to run other scanners. Every other scanner I have tried (Commodo, SuperAntiSpyware, TrojanHunter, Spybot, Kapersky Security Scan) came up with nothing. Then I ran Anti-Malware full scan which came up with this:
....
Registry Keys Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Synology Assistant (Trojan.Agent) -> No action taken.
....
Files Detected: 4
C:\Program Files\Common Files\Logishrd\Unifying\UnifyingUnInstaller.exe (Trojan.Agent) -> No action taken.
C:\Program Files (x86)\Synology\Assistant\Uninstall.exe (Trojan.Agent) -> No action taken.
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XTOHYT5O\6_unifying_logitech_64[1] (Trojan.Agent) -> No action taken.
C:\Users\Admin\AppData\Local\Temp\lu\sp_20064_6_unifying_logitech_64.exe (Trojan.Agent) -> No action taken.
Those are Synology and Logitech files downloaded from official sites. So is Malwarebytes trying to scare me into buying full version or should I pursue this any further? The one thing bothering me here is - why would Uninstall.exe (mentioned at the beginning) even try to run on its own at login?
Also is it OK to have Anti-Malware active-protection enabled together with Comodo ISP?
Thank you for your answer.
M