Trojan 2nd thought Ik

Hi there,
Im having problems with Trojan 2nd thought Ik keep coming up with my Emsi a-squared anti malware prog, it comes up in c/windows/temp/cb8c/tmp
cb18d, cb197,cb19 etc, these numbers differ.
I am active in the emsi forum at the moment whilst they look into it and have been asked to ask you if you recognise these files as yours at all ? as this all started when upgrading to the new comodo security suite.
and im hoping its just a false positive as it automatically gets quarantined then im asked to restore the false positives it finds, i say yes then i get this trojan again continually throughout the day popping up and getting quarantined all day long.
Thanks
Magz

The next time it happens can you not quarantine it and submit it online to http://www.virustotal.com/ and http://camas.comodo.com/? Can you then post a link to the online results?

In this way we can examine the file and let you know for sure if it’s a false positive. It probably is.

Also, can you please follow the steps described here:
https://forums.comodo.com/virusmalware-removal-assistance/everything-you-need-to-know-about-removing-infections-and-securing-your-computer-t56725.0.html;msg398787#msg398787
and let us know what the 2 programs have to say about whether you are infected or not. Screenshots of the Comodo Cloud Scanner results may be useful.

Thanks.

Thank you, will get back to you with the results

Turn off system restore and try to remove it again.

To take a different angle. Suppose cb is an abbreviation of the name of a program that is installed on your computer. To what program do you think it belongs? Comodo Backup for example?

http://www.virustotal.com/analisis/3e78959b6f0a89373496428ccc0d49ceedc5c67f07a094ee510aebe0c3d62a24-1278243929

http://camas.comodo.com/cgi-bin/submit?file=3e78959b6f0a89373496428ccc0d49ceedc5c67f07a094ee510aebe0c3d62a24

This is the links as asked for that i uploaded the file to.
I have also done a screen shot of cloud scanner results after a scan, but dont know if you want it posted in this link, and am a bit suprised at its findings, showing i have loads of registry errors when i regulary use c cleaner, Tune up utilities and E using cleaners.

I did remove all system restore points and did scans with Spybot, Super antispyware and Spyware terminator which all showed nothing.

Yes, I believe it would be useful to post it. The only part that matters for this is the Malware and Suspicious Files section. You can ignore the others. If you are worried about privacy you can erase any areas of the screen-shot that give specific information about you. What is important is the pathnames, whether CIMA finds it malicious, and possibly the name of the file.

It might be useful to see this as it appears that the file being quarantined by Emsisoft is likely malicious.

I’ve had this too, I read on Google that it is a false positive, That Avira AntiVir makes, but i don’t know if this is what he says

The screen shot after scanning with the cloud scanner, I didnt go further with the programme than this, I spoke live with one of the operaters, and you have to download the programme on trial basis to go further with it, which I didnt want to do at present.
6000 errors errors seems a tad peculiar to me im afraid, it felt to me like a scare tactic to clean my pc, though i know this is not the case as its your product, it still put me off though.

What I meant was for you to go into the Malware and suspicious files section and show the results. Can you please show us that? Most of the privacy issues are from your cache and cookies. Nothing to worry about.

Yes, one of the main points of this program is to get you to try the live pc support, but without that it’s still a great diagnostic tool.

Is this what you mean, sorry.

Yes, that’s what I meant. Can you please click the + sign for them so that I can see the path?

Also, what other scanners have you scanned your computer with? Have you tried Hitman Pro and Malwarebytes?

Also, the next time the file pops up can you go to properties and see if it gives any useful information? It’s possible this is a false positive and it will list the program it belongs to.

What might be a good idea is submitting the file as a false positive to Avira and a suspicious file to Kaspersky. They will send you an email back letting you know if it’s actually dangerous. A list is given here:
https://forums.comodo.com/virusmalware-removal-assistance/links-to-report-malware-to-all-major-avs-t51387.0.html

Hi,
I have done all that is asked, installed Hitman pro, results were No threats. Installed Malware bytes and did the 2 and half hour full scan, it showed clean. Uploaded the file to Kaspersky which came up clean (did screen print of results). Uploaded file to Avira which came up as false positive (done screen print of results).
I have clicked the + sign on the individual items and screen printed them, but it means 4 screen prints, and clicked the send file to analyise.

Sounds like it was a false positive then.

Let us know if you have any more problems.

:-TU Thanks for all your help, you have been so helpful and thorough, you are a credit to the forums,
I’m very grateful,
Big Thanks once again
Magz :wink: