Trojan.Agent/Gen-Menti Found Please Help

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

mpeet611

Thread Starter
Joined
Dec 16, 2013
Messages
773
I was doing some security scans this afternoon & SUPERAntiSpyware Free Edition found Trojan.Agent/Gen-Menti on my system & it was automatically removed. Other Programs that scanned my machine & didn't find anything are AVG Free 2015, Malwarebytes Anti-Malware Free Edition & ADWCleaner. I would like to know if it's safe to delete this threat from quarantine items in SUPERAntiSpyware Free Edition & what exactly is this threat & how serious is it because i've never heard of it before. I'll post the Scan Log from SUPERAntiSpyware Free below with my system info for you to review.

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows XP Professional, Service Pack 3, 32 bit
Processor: Intel(R) Pentium(R) M processor 1.73GHz, x86 Family 6 Model 13 Stepping 8
Processor Count: 1
RAM: 1271 Mb
Graphics Card: Mobile Intel(R) 915GM/GMS,910GML Express Chipset Family, 128 Mb
Hard Drives: C: Total - 50995 MB, Free - 32275 MB;
Motherboard: Dell Inc., 0HC416
Antivirus: AVG AntiVirus Free Edition 2015, Updated: Yes, On-Demand Scanner: Enabled

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/10/2015 at 04:57 PM

Application Version : 6.0.1168
Database Version : 11700

Scan type : Complete Scan
Total Scan Time : 00:26:07

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 414
Memory threats detected : 0
Registry items scanned : 32670
Registry threats detected : 0
File items scanned : 14452
File threats detected : 1

Trojan.Agent/Gen-Menti
C:\SYSTEM VOLUME INFORMATION\_RESTORE{3F80D9EC-0E68-405B-BB54-26C6740D2220}\RP232\A0084907.EXE

============
End of Log
============
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
SAS is known for a high level of false positives
This detection was in system restore, so is highly likely to be a false detection if there was no corresponding detection for a program on the computer
No antivirus/antimalware program should be removing anything form system restore, because that makes the system restore point damaged and prevents restore

The only guaranteed way to remove from restore points is to totally empty system restore
 

flavallee

Frank
Trusted Advisor
Joined
May 12, 2002
Messages
83,146
Load SUPERAntiSpyware.

Click System Tools - Advanced Scan Settings.

Put a checkmark in Ignore System Restore/Volume Information, then click OK.

---------------------------------------------------------

Right-click MY COMPUTER.

Click Properties - System Restore.

If the slider is on its default value of 12%, move it to 6%.

Click Apply - OK.

---------------------------------------------------------
 

mpeet611

Thread Starter
Joined
Dec 16, 2013
Messages
773
Thanks for telling me it was a false positive, now i can relax knowing there no viruses on my machine. I did what you said flavalee so now i shouldn't get any more false positives. What should i do with the false positive that still sitting in quarantine in superantispyware restore it or delete it?
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
120,033
Derek didn't actually tell you it was a false positive, he said it's highly likely. It's also possible there was malware at one time and one of your security programs deleted the file but it remains in the system restore, unless nothing has ever been detected or quarantined before. But, as Derek said, the only way to clean the restore points is to turn system restore off and then back on to remove all earlier restore points and then start over fresh. With an entry like that sitting in system restore if you ever have to perform a system restore you risk restoring whatever potential infection was residing there. Of course that will be less and less of an issue as time goes by and you wouldn't be restoring to a point that far back plus older points will automatically get deleted sooner now since reducing the size allocated for them on the drive.
 

mpeet611

Thread Starter
Joined
Dec 16, 2013
Messages
773
This is the first time that one of my security programs found a threat. Normally they only find tracking cookies. I'll clean the system restore points like you said.
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
120,033
Just keep in mind that you won't have any restore points to go back to before today if you do that.

It might be a good time to create an image as well so that you could restore the system quickly using software such as Acronis (which isn't free) but there's also a free one called Macrium Reflect. You can install it, create a rescue disk and make backup images that can be restored in minutes if you do get infected and you wouldn't have to look for drivers, etc. as the system would be exactly as it was the day the image was taken.
 

mpeet611

Thread Starter
Joined
Dec 16, 2013
Messages
773
That's a good idea since i don't have a recovery partition or an xp cd at the moment. Where can i download Macrium Reflect?
 

mpeet611

Thread Starter
Joined
Dec 16, 2013
Messages
773
I found Macrium Reflect with a google search. After i install it where would the backups be saved? I'm assuming a cd. For some reason if i needed to do a restore how would i do that?
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
120,033
You store your backup images on an external hard drive.

The instructions are given on the Macrium site. I say that because I don't know them all by heart and don't have time to look and report back right now. If you have trouble finding them let me know and I'll see what I can get for you later or perhaps tomorrow.

I have it installed but haven't had to use it to restore an image but it's my understanding you just have to import the image (if the hard drive hasn't crashed and is able to load Windows) and then you can execute it. If the system has crashed and won't boot then you have to use the rescue CD you made to load a mini version of Windows so that the backup can be run.
 

mpeet611

Thread Starter
Joined
Dec 16, 2013
Messages
773
Ok that sounds easy. I'll install Macrium Free & create the backup either later today or tomorrow.
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
120,033
And don't forget to create the rescue CD. It's actually very easy to do and can save you a lot of grief.
 

mpeet611

Thread Starter
Joined
Dec 16, 2013
Messages
773
I won't forget to create the rescue cd. I read i can make a linux or windows rescue cd & was wondering which one should i choose? If i need any more help i'll let you know.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top