Win32.Agent.bfj

Discussion in 'Malware Help (A Specialist Will Reply)' started by Cat_w_9_lives, Dec 30, 2007.

  1. Cat_w_9_lives

    Cat_w_9_lives Major KittyCat

    Hello,

    Spybot found two entries in my registry for following, can't find much info on. Found one ref. that they are connected with MSN Gaming. False positive?

    PC running fine, no strange behavior, checked start-ups, port activity, processes, don't see anything blatant.

    Product: Win32.Agent.bfj
    Threat: Trojan

    Win32.Agent.bfj: [SBI $5E7E7005] Settings (Registry value, nothing done)
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SecurityProviders=...ZWEBAUTH.DLL...

    Win32.Agent.bfj: [SBI $9B652D6E] Settings (Registry value, nothing done)
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SecurityProviders\SecurityProviders=...ZWEBAUTH.DLL...

    Win32.Agent.bfj copies executable files into the system directory, connects to the internet in background and downloads files without giving the user a possibility to cancel that process. Additionally it adds itself to the SecurityProviders registry key.

    Thank you for being here,

    Peg
     
    Cat_w_9_lives, Dec 30, 2007
    #1
  2. DavidGP

    DavidGP MajorGeeks Forum Administrator - Grand Pooh-Bah Staff Member

    Hi Peg


    Its part of Zone Web Authentication SSP for MSN Gaming Zone, goto Windows32 folder ( should be in that one ) and locate it then right click properties and see who the owner is? ( me curious )

    Do you play on the MSN Gaming Zone, even if you dont MSN Gaming was included on XP IIRC, so should have flagged up before now in SpyBot, so would go with you on it being a false positive, if you really wish to be sure you know the drill in the Read Me :)
     
    DavidGP, Dec 30, 2007
    #2
  3. Cat_w_9_lives

    Cat_w_9_lives Major KittyCat

    Hi David,

    App. extension
    Opens w/unknown
    File: 16.5 KB
    On disk 20.KB
    Created: 5/27/05
    Modified: 9/18/2001
    Accessed: Today :)

    MS
    Version 6.2.2808.1
    Product: MSN Gaming Zone

    Did not think to go look at the .DLL :eek:, thank you for looking up for me. Has not been modified...don't know why not picked up till today - always update anti, have not played games at MSN for years. Looks legit and nothing going on with pc. Should I get rid of or leave it alone?

    *smiles*

    Peg
     
    Cat_w_9_lives, Dec 30, 2007
    #3
  4. DavidGP

    DavidGP MajorGeeks Forum Administrator - Grand Pooh-Bah Staff Member

    Hi Peg

    With the file info you supplied I would just leave it alone and hope Spybot sort their def out for next release.

    David
     
    DavidGP, Dec 31, 2007
    #4
  5. Cat_w_9_lives

    Cat_w_9_lives Major KittyCat

    Okay will leave it David. Thank you, Peg
     
    Cat_w_9_lives, Jan 1, 2008
    #5

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds