atiagent w32 agent trojan safelisted?

I contacted GB cause i have no other “trusted” means of removal, if comodo cis doesnt even detect it… another GB tech successfully removed it… i believe it was juan colon…no he didn’t use anything more then his wits and the remote connection…

“george” seemed to think this file, that modified several registries and fw rules just to execute was a safe file…as it was listed as safe… for ATI gfx cards… and also said “It is present on all windows versions since xp sp2”

this is false, Windows does not come preloaded with drivers of any sort, but their own, microsoft and compatable drivers. if even that…unless it came from oem with that hardware installed!

To top it off, i dont even have any ati hardware… or nvidia hardware… there are nvraid drivers installed… none of this i need, none of this i installed, and no it wasn’t pre-installed on my computer…I know i checked when it came to me. As i do with all pc’s i have ever owned…

I asked george to r-conn to remove it, he promptly disabled D+paranoid to “safe mode” D+ when an unknown registry requested access to conhost… I asked him to please set it back, he replied " i will when i’m done, I need it set like this so i can work…" He just allowed any infections to bypass d+ with this one action alone…

he looked over my D+ events and saw it was safe listed, then asked me to upgrade from cis pro to cis complete in order to remove anything…

I said, if this exploit/trojan is not removed, it will download more stuff…

he repeated, and added GB is a paid service… There is absolutely no reason to NOT remove viruses and trojans whenever Gb’s assistance is requested… free or paid… how else do you expect to convert customers, to PAID customers… the more i get sales and promotions stuffed in my face, instead of the promised services, the more i don’t want to use GB OR comodo…

then i asked if comodo/GB allows exploits such as this?

he then disconnected…

which tells me, yes!

I did a virus scan before and after this session, and after i had more trojans then before… none of them detected by comodo… I’m beginning to think, that some GB techs are loading people’s pc’s with malware…or at the very least refuse to remove known malware. And then safelist it…so that comodo doesn’t remove it… bad form…

I truely hope this will not continue!

If you are worried atiagent.exe is a trojan simply block it from accessing the web.

he repeated, and added GB is a paid service... There is absolutely no reason to NOT remove viruses and trojans whenever Gb's assistance is requested... free or paid... how else do you expect to convert customers, to PAID customers... the more i get sales and promotions stuffed in my face, instead of the promised services, the more i don't want to use GB OR comodo...

The free removal of malware by GB has been discontinued as it got widely abused. That's what's going on.

then i asked if comodo/GB allows exploits such as this?

he then disconnected…

which tells me, yes!

I did a virus scan before and after this session, and after i had more trojans then before... none of them detected by comodo... I'm beginning to think, that some GB techs are loading people's pc's with malware...or at the very least refuse to remove known malware. And then safelist it...so that comodo doesn't remove it... bad form...

I truely hope this will not continue!

You most likely scanned with another scanner after the GB sessions then you scanned before the GB sessions. That would explain why you found more traces of an infections.

These days so much malware gets produced that no scanner can always can keep up with itat any given point in time. That’s why we always advice people to scan with multiple scanners when they think they are infected.

A quick Google search shows me there is no such file as atiagent.exe but there is aitagent.exe which is a system file like the GB person stated:

This file is part of Microsoft® Windows® Operating System. Aitagent.exe is developed by Microsoft Corporation. It’s a system and hidden file. Aitagent.exe is usually located in the %SYSTEM% folder and its usual size is 122,368 bytes.

you must have ignored the listings specifying it’s a known trojan/remote exploit… if no ati hardware is present it should not be on that pc, period. Or for some reason these results were filtered from your searches. Please look into it further. there have been times these results were also filtered out for me as well, i had to use other search engines at one time.

If you think a file is safe listed where it is actually malware please post it in Report trusted and whitelisted malwares here! [Don’t attach Live Malware !!] or if it is file that does not get detected while you think it is malware please report in Submit Malware Here To Be Blacklisted - 2011 (NO LIVE MALWARE!).

That way it will be analysed by Comodo.

nuts, just before i formatted another pc, it was named aitagent.exe… it’s not a mis-spelling, but a renameing…

I then noticed while uninstalling the gb i had, if i blocked the uninstall OR install, it just renamed itself and continued to try and request rights to uninstall / install…Is this normal?

Just a couple of points:

Aitiagent.exe has nothing to to with AMD it’s actually a Microsoft application called ‘Application Impact Telemetry Agent’ and it’s used for collecting, surprisingly, telemetry information from MS customers that ‘opt-in’

Conhost.exe is a replacement for csrss.exe and is the host process for console windows, again another standard windows process.