1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Trojan.Agent/Gen-Menti Found Please Help

Discussion in 'General Security' started by mpeet611, Jan 10, 2015.

Thread Status:
Not open for further replies.
Advertisement
  1. mpeet611

    mpeet611 Thread Starter

    Joined:
    Dec 16, 2013
    Messages:
    762
    I was doing some security scans this afternoon & SUPERAntiSpyware Free Edition found Trojan.Agent/Gen-Menti on my system & it was automatically removed. Other Programs that scanned my machine & didn't find anything are AVG Free 2015, Malwarebytes Anti-Malware Free Edition & ADWCleaner. I would like to know if it's safe to delete this threat from quarantine items in SUPERAntiSpyware Free Edition & what exactly is this threat & how serious is it because i've never heard of it before. I'll post the Scan Log from SUPERAntiSpyware Free below with my system info for you to review.

    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows XP Professional, Service Pack 3, 32 bit
    Processor: Intel(R) Pentium(R) M processor 1.73GHz, x86 Family 6 Model 13 Stepping 8
    Processor Count: 1
    RAM: 1271 Mb
    Graphics Card: Mobile Intel(R) 915GM/GMS,910GML Express Chipset Family, 128 Mb
    Hard Drives: C: Total - 50995 MB, Free - 32275 MB;
    Motherboard: Dell Inc., 0HC416
    Antivirus: AVG AntiVirus Free Edition 2015, Updated: Yes, On-Demand Scanner: Enabled

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 01/10/2015 at 04:57 PM

    Application Version : 6.0.1168
    Database Version : 11700

    Scan type : Complete Scan
    Total Scan Time : 00:26:07

    Operating System Information
    Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
    Administrator

    Memory items scanned : 414
    Memory threats detected : 0
    Registry items scanned : 32670
    Registry threats detected : 0
    File items scanned : 14452
    File threats detected : 1

    Trojan.Agent/Gen-Menti
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{3F80D9EC-0E68-405B-BB54-26C6740D2220}\RP232\A0084907.EXE

    ============
    End of Log
    ============
     
  2. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,283
    First Name:
    Derek
    SAS is known for a high level of false positives
    This detection was in system restore, so is highly likely to be a false detection if there was no corresponding detection for a program on the computer
    No antivirus/antimalware program should be removing anything form system restore, because that makes the system restore point damaged and prevents restore

    The only guaranteed way to remove from restore points is to totally empty system restore
     
  3. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    80,689
    First Name:
    Frank
    Load SUPERAntiSpyware.

    Click System Tools - Advanced Scan Settings.

    Put a checkmark in Ignore System Restore/Volume Information, then click OK.

    ---------------------------------------------------------

    Right-click MY COMPUTER.

    Click Properties - System Restore.

    If the slider is on its default value of 12%, move it to 6%.

    Click Apply - OK.

    ---------------------------------------------------------
     
  4. mpeet611

    mpeet611 Thread Starter

    Joined:
    Dec 16, 2013
    Messages:
    762
    Thanks for telling me it was a false positive, now i can relax knowing there no viruses on my machine. I did what you said flavalee so now i shouldn't get any more false positives. What should i do with the false positive that still sitting in quarantine in superantispyware restore it or delete it?
     
  5. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,245
    Derek didn't actually tell you it was a false positive, he said it's highly likely. It's also possible there was malware at one time and one of your security programs deleted the file but it remains in the system restore, unless nothing has ever been detected or quarantined before. But, as Derek said, the only way to clean the restore points is to turn system restore off and then back on to remove all earlier restore points and then start over fresh. With an entry like that sitting in system restore if you ever have to perform a system restore you risk restoring whatever potential infection was residing there. Of course that will be less and less of an issue as time goes by and you wouldn't be restoring to a point that far back plus older points will automatically get deleted sooner now since reducing the size allocated for them on the drive.
     
  6. mpeet611

    mpeet611 Thread Starter

    Joined:
    Dec 16, 2013
    Messages:
    762
    This is the first time that one of my security programs found a threat. Normally they only find tracking cookies. I'll clean the system restore points like you said.
     
  7. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,245
    Just keep in mind that you won't have any restore points to go back to before today if you do that.

    It might be a good time to create an image as well so that you could restore the system quickly using software such as Acronis (which isn't free) but there's also a free one called Macrium Reflect. You can install it, create a rescue disk and make backup images that can be restored in minutes if you do get infected and you wouldn't have to look for drivers, etc. as the system would be exactly as it was the day the image was taken.
     
  8. mpeet611

    mpeet611 Thread Starter

    Joined:
    Dec 16, 2013
    Messages:
    762
    That's a good idea since i don't have a recovery partition or an xp cd at the moment. Where can i download Macrium Reflect?
     
  9. mpeet611

    mpeet611 Thread Starter

    Joined:
    Dec 16, 2013
    Messages:
    762
    I found Macrium Reflect with a google search. After i install it where would the backups be saved? I'm assuming a cd. For some reason if i needed to do a restore how would i do that?
     
  10. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,245
    You store your backup images on an external hard drive.

    The instructions are given on the Macrium site. I say that because I don't know them all by heart and don't have time to look and report back right now. If you have trouble finding them let me know and I'll see what I can get for you later or perhaps tomorrow.

    I have it installed but haven't had to use it to restore an image but it's my understanding you just have to import the image (if the hard drive hasn't crashed and is able to load Windows) and then you can execute it. If the system has crashed and won't boot then you have to use the rescue CD you made to load a mini version of Windows so that the backup can be run.
     
  11. mpeet611

    mpeet611 Thread Starter

    Joined:
    Dec 16, 2013
    Messages:
    762
    Ok that sounds easy. I'll install Macrium Free & create the backup either later today or tomorrow.
     
  12. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,245
    And don't forget to create the rescue CD. It's actually very easy to do and can save you a lot of grief.
     
  13. mpeet611

    mpeet611 Thread Starter

    Joined:
    Dec 16, 2013
    Messages:
    762
    I won't forget to create the rescue cd. I read i can make a linux or windows rescue cd & was wondering which one should i choose? If i need any more help i'll let you know.
     
  14. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,245
  15. mpeet611

    mpeet611 Thread Starter

    Joined:
    Dec 16, 2013
    Messages:
    762
    Thank You for all the help & i'll do the image backup asap.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1140942

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice