Trojan found by Comodo BOClean

I loaded BOClean today for the first time and it reported this...

10/25/2007 21:14:27: TROJ-AGENT.BR VARIANT STOPPED BY BOCLEAN!
Trojan horse was found in memory.
C:\ignored contained the trojan.
Active trojan horse WAS shut down. System safe.
Logged in user: Simon

I'd updated and run AVG early in the day, I've also ran Spybot today and Spyware Blaster running, all up to date. Can I be sure that BOClean has got rid or do I need a different virus scanner.

Simon

 

http://www.majorgeeks.com/images/grenade.gif Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

• Make sure you check version numbers and get all updates.

http://www.majorgeeks.com/images/grenade.gif Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

http://www.majorgeeks.com/images/grenade.gifAfter doing ALL of the above and you still have a problem, make sure you have booted to normal mode and run the steps in the below thread to properly use HijackThis and attach the log:

http://www.majorgeeks.com/images/grenade.gif Downloading, Installing, and Running HijackThis

• Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around..

http://www.majorgeeks.com/images/grenade.gifWhen you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:

• CounterSpy Log - only for Windows XP, 2K, & NT users
• AVG Antispyware Log - ONLY IF NEEDED you were not able to run CounterSpy. - only for Windows XP, 2K, & NT users
• Bitdefender Log - from step 6
• Panda Scan Log - from step 6
• runkeys.txt - the log from GetRunKey.bat
• newfiles.txt - the log from ShowNew.bat
• HijackThis Log

NOTE: You can only attach 3 files in a single message so it will require that you use two messages to attach all of these logs![/FONT]

 

I will carry out all the suggestions but could BOClean be picking up programmes I've got running from the start that should be added to the ignore menu of BOClean? On further investigation of BOClean it reports that ATI (Video card software) and Naomi (internet restriction) are the source of the problem. Both of these load at start. Could this report be a false positive? I'll carry out the checks just in case.

Simon

 

It's possible, have you tried to remove the items from startup to see?

 

I ran Spybot and found nothing. Ran Counterspy - nothing. Also Trend Micro online and found nothing. Also removed the programme that BOClean was complaining about and now there are no complaints. I will reinstall it and try to get BOClean to ignore it. The offending program is Naomi and was downloaded from majorgeeks so I'm sure its not a problem, just the installation. I don't want to send you loads of unnecessary files, so thanks for the help.

Simon

 

If all your scans are coming up clean then I would bet it's a false positive. You can either ignore the alerts or remove the items from startup.

If you like you can attach a current HJT Log so I can take a quick look.