Results 1 to 10 of 10

Thread: Trojan Horse Generic

  1. #1
    Junior Member
    Join Date
    Apr 2008
    Posts
    18

    Default Trojan Horse Generic

    A few days ago I was shredding a file in a folder, both of which I CREATED. Anti-virus popped up saying it was Trojan Horse Generic and gave a #, every time I would shred a file this now pops up, the last 2 gave a different # than the previous group.

    Will this be addressed in the next update or is there another Spybot product that can be used to ferret out this trojan.

    Another person said they had gotten Trojan Horse Generic17, which MAY be what the # was on what I saw, but while the Anti-virus in the popup links to a history list it cannot be found on the interface, so I can't give the precise numbers but surely this must have come to the attention the S&D people.

    POINT&CLICK about limit of computer skills so this is rather disconcerting for me.

  2. #2
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    Hello GEEWIZ,
    Quote Originally Posted by GEEWIZ View Post
    A few days ago I was shredding a file in a folder, both of which I CREATED. Anti-virus popped up saying it was Trojan Horse Generic and gave a #, every time I would shred a file this now pops up, the last 2 gave a different # than the previous group.

    Will this be addressed in the next update or is there another Spybot product that can be used to ferret out this trojan.

    Another person said they had gotten Trojan Horse Generic17, which MAY be what the # was on what I saw, but while the Anti-virus in the popup links to a history list it cannot be found on the interface, so I can't give the precise numbers but surely this must have come to the attention the S&D people.
    Which anti virus program is giving the alert and does it quarantine the files in question?

    Security vendors use their own naming conventions to identify malware, our detectives would need more information before they could add to detections.

    Infected Files. How To Submit

    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  3. #3
    Junior Member
    Join Date
    Apr 2008
    Posts
    18

    Default False positives?

    http://www.safer-networking.org/en/news/2010-04-06.html
    Warning - False Positive! McAfee detects parts of Spybot-S&D as Trojan Horse! [link] 6. April 2010

    With recent virus definitions (5938, 2-Apr-2010), McAfee detects the SDShred.exe of Spybot Search & Destroy as Generic.dx!qln (Trojan).
    AVG was showing the same.
    However in my case it was just after shredding, as I said, files I Created myself, and which Norton had found nothing and so it appears to me that the false positive was from the AVG misreading the shredder, I feel confident, that team S&D will agree. I am just using common sense here.

    One fellow said he used a newer version of AVG and that it found what the 8.5 wouldn't: this Generic.

    However this was UNRELATED to S&D or its shredder.

    I use the AVG 8.5, would the TEAM agree that my reasoning on this is sound? Thanks.
    Glad I looked at front page of the main S&D site.
    Stress. Relief.

    tashi thanks for taking the time to reply.
    There was nothing in virus vault. The popup window said result for each entry : INFECTED. When I saw the name of the trojan in your news release re MacAfee I recognized it as one of the two names for the Generic, as I said there were TWO different names the first group of shredded files had the one listed in the news report the 2nd was a different ID for the Generic so I don't know if that is a problem also or just more of the same False Positives.

    I did wish to add that when I shredded a text document there was no AVG window popup neither for images just HTML documents.
    Last edited by GEEWIZ; 2010-04-26 at 20:16. Reason: Respond to tashi

  4. #4
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    Hello GEEWIZ,
    Quote Originally Posted by GEEWIZ View Post
    AVG was showing the same.
    However in my case it was just after shredding, as I said, files I Created myself, and which Norton had found nothing and so it appears to me that the false positive was from the AVG misreading the shredder,
    Do you have two anti virus programs installed?

    Quote Originally Posted by GEEWIZ View Post
    There was nothing in virus vault. The popup window said result for each entry : INFECTED. When I saw the name of the trojan in your news release re MacAfee I recognized it as one of the two names for the Generic, as I said there were TWO different names the first group of shredded files had the one listed in the news report the 2nd was a different ID for the Generic so I don't know if that is a problem also or just more of the same False Positives.
    AVG flagged the SDShred.exe of Spybot Search & Destroy or the files you created?

    What command did you give to deal with "The popup window said result for each entry : INFECTED" if AVG didn't quarantine?

    Best regards
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  5. #5
    Junior Member
    Join Date
    Apr 2008
    Posts
    18

    Default

    Do you have two anti virus programs installed?
    No, I have AVG I used an email service that uses NORTON to check one of the files I had and Norton said NO VIRUSES DETECTED. A scan with AVG 8.5 also stated no viruses detected.
    As I said earlier a person who found the same type of warning then went to AVG 9 and it apparently found several of the Generic and then put them in vault.

    AVG flagged the SDShred.exe of Spybot Search & Destroy or the files you created?
    When I had finished shredding, the AVG popwindow, said that there was a backdoor Trojan, the one you listed on your news report, said result was infection. It did not say the file and made no mention of Spybot, it just stated that it encountered the Trojan.
    I have limited experience with computers just a point and click person, so I hope I am relating what is of use.

    What command did you give to deal with "The popup window said result for each entry : INFECTED" if AVG didn't quarantine?
    I had no idea what to do, and kept checking the vault but all the AVG said was "result infection"

    Frankly I thought it remarkable that MacCafee had caused a problem nearly identical to what I experienced.
    As I said the ONLY time I get the popup is after shredding these files, that I created in html, therefore I thought this was if not identical similar enough to perhaps think that AVG has done something similar to the MacAfee.

    Thanks for your attention to my question.
    For those without the expertise of people such as you and those with a comprehensive knowledge of computers it is a VERY scary situation.
    Thanks again.
    GW
    Last edited by tashi; 2010-04-27 at 00:04. Reason: Moved from "Requests for additions to Spybot's detections" :-)

  6. #6
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    Hi there GEEWIZ,

    I don't see mention of a false positive regarding this issue at the AVG support forums. http://www.avgforums.com/

    Quote Originally Posted by GEEWIZ View Post
    When I had finished shredding, the AVG popwindow, said that there was a backdoor Trojan, the one you listed on your news report, said result was infection. It did not say the file and made no mention of Spybot, it just stated that it encountered the Trojan.
    You could try posting for feedback about the AVG detection over there.

    Cheers.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  7. #7
    Junior Member
    Join Date
    Apr 2008
    Posts
    18

    Default The History

    tashi,
    This started on April 1. As I said it ONLY happens when I have just finished shredding files, FILES that I created with html.
    Which have been scanned with AVG and also when using email by Norton. No viruses detected. Yet when I shred then that AVG warning about trojans pop up.
    Here is what the history shows:

    APRIL 1
    INFECTION: Trojan horse Generic 17 AHQ
    OBJECT: File
    PROCESS: Spybot Search & Destroy SDShred

    in the middle batch is
    INFECTION: Trojan horse backdoor Generic 12 BCQY
    OBJECT: File
    PROCESS: Spybot Search & Destroy SDShred

    Then late yesterday and today it is the 17 AHQ.

    While the nomenclature of the trojan is different from the MacAfee it is so very close that I wonder if the variant is just what AVG looks for rather than MacAfee.

    It is all rather disconcerting to me and as I mentioned just a point and click person, I do very much appreciate your help in this matter.

  8. #8
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    Hello GEEWIZ.

    This is a tad confusing so let's see if we can clarify please. The topic was originally started in "Requests for additions to Spybot's detections".

    Quote Originally Posted by GEEWIZ View Post
    Anti-virus popped up saying it was Trojan Horse Generic and gave a #, every time I would shred a file this now pops up, the last 2 gave a different # than the previous group.

    Will this be addressed in the next update or is there another Spybot product that can be used to ferret out this trojan.
    The request was for an unidentified Trojan to be added to Spybot-S&D's next definition update, or means to find and remove the Trojan.
    Quote Originally Posted by GEEWIZ View Post
    AVG was showing the same.
    However in my case it was just after shredding, as I said, files I Created myself, and which Norton had found nothing and so it appears to me that the false positive was from the AVG misreading the shredder,
    Quote Originally Posted by GEEWIZ View Post
    Frankly I thought it remarkable that MacCafee had caused a problem nearly identical to what I experienced.
    As I said the ONLY time I get the popup is after shredding these files, that I created in html, therefore I thought this was if not identical similar enough to perhaps think that AVG has done something similar to the MacAfee.
    There it appeared you thought that AVG was throwing a false positive.
    Quote Originally Posted by GEEWIZ View Post
    Yet when I shred then that AVG warning about trojans pop up.
    Here is what the history shows:

    APRIL 1
    INFECTION: Trojan horse Generic 17 AHQ
    OBJECT: File
    PROCESS: Spybot Search & Destroy SDShred

    in the middle batch is
    INFECTION: Trojan horse backdoor Generic 12 BCQY
    OBJECT: File
    PROCESS: Spybot Search & Destroy SDShred

    Then late yesterday and today it is the 17 AHQ.

    While the nomenclature of the trojan is different from the MacAfee it is so very close that I wonder if the variant is just what AVG looks for rather than MacAfee.
    To sum up, either AVG is incorrectly identifying the SDShred.exe of Spybot Search & Destroy as a Trojan or flagging the files you created.

    However you don't believe the files are infected.

    Are we on the same track here?

    Best regards,
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  9. #9
    Junior Member
    Join Date
    Apr 2008
    Posts
    18

    Default re Summary

    Quote Originally Posted by tashi View Post
    To sum up, either AVG is incorrectly identifying the SDShred.exe of Spybot Search & Destroy as a Trojan or flagging the files you created.

    However you don't believe the files are infected.

    Are we on the same track here?

    Best regards,
    tashi you have the patience of a saint as my mother used to say.

    I know that I created simple html file, which have gone through 2 different anti-virus system checks and were free of virus. Then after they served their purpose I shred in the S&D stand alone shredder. So based on that news on front page of the spybot.info site the results are very, close to what MacAfee was causing, the variance in the names of the trojans I can't explain but the files are clean as far as both Norton and AVG state, so I think it must be AVG's version of the MacAfee problem with a false reading of the shredder exe.
    Does that sound reasonable to you?
    Once again I would like to thank you for helping me in this problem.

  10. #10
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    Hi GEEWIZ,
    Quote Originally Posted by GEEWIZ View Post
    tashi you have the patience of a saint as my mother used to say.

    Quote Originally Posted by GEEWIZ View Post
    ... so I think it must be AVG's version of the MacAfee problem with a false reading of the shredder exe.
    Does that sound reasonable to you?
    Yes it does so that would bring us back to,
    Quote Originally Posted by tashi View Post
    http://www.avgforums.com/

    You could try posting for feedback about the AVG detection over there.
    It might be useful to provide a link back to this topic.

    Quote Originally Posted by GEEWIZ View Post
    Once again I would like to thank you for helping me in this problem.
    Glad to assist.

    tashi
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •