TrojanDownloader:Win32/Small.gen!C. Did MSE catch it?

Networking/Security Forums -> Spyware // Adware // Trojans Discussion

Author: thedaego PostPosted: Thu Mar 25, 2010 6:07 pm    Post subject: TrojanDownloader:Win32/Small.gen!C. Did MSE catch it?
    ----
MSE = Microsoft Security Essentials

I'm wondering if anyone else has recently experienced this. Here's what happened:

I went to the following URL, using Firefox 3.6.2 (Please don't click on this, as this is what seemed to cause the issue)
unwiredview.com/2010/03/23/blueant-intros-rugged-t1-bluetooth-headset-q1-android-app-video/

Firefox crashes. Strangely, there is no crash report.

Microsoft Security Essentials reports the existence of TrojanDownloader:Win32/Small.gen!C.

I select to 'remove the threat', but now I'm concerned.

Checking the event viewer logs (because there weren't any left over from the Firefox crash. I checked about:crashes.) I noticed 2 relevant entries:
Quote:

1 Warning:
Microsoft Antimalware has detected spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Small.gen!C&threatid=2147572276
Name: TrojanDownloader:Win32/Small.gen!C
ID: 2147572276
Severity: Severe
Category: Trojan Downloader
Path: file:C:\Users\xxxxx\AppData\Local\Temp\A9RD967.tmp->(pdf0000:)->(EmbeddedCode)
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Status: Suspended
User: XXXXXXX
Process Name: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Signature Version: AV: 1.79.495.0, AS: 1.79.495.0
Engine Version: 1.1.5605.0

and 1 Error:
Quote:

Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Small.gen!C&threatid=2147572276
User: WOPCORE\thedaego
Name: TrojanDownloader:Win32/Small.gen!C
ID: 2147572276
Severity: Severe
Category: Trojan Downloader
Path:
Action: Remove
Error Code: 0x80508023
Error description: The program could not find the spyware and other potentially unwanted software on this computer.
Status:
Signature Version: AV: 1.79.495.0, AS: 1.79.495.0
Engine Version: 1.1.5605.0


What worries me is the error description in the above error. "The program could not find the spyware and other potentially unwanted software on this computer. "

I did tell MSE to 'remove the threat', and maybe it did and that's why the above error was generates... or maybe the above error was generated because it couldn't remove the threat.

Even more disturbing are the events found in the security areas of the Windows logs that occured at the same time as the crash and trojan detection:

"An account was successfully logged on."
followed by
"Special privileges assigned to new logon."

I suppose that it's possible that MSE (the anti-virus) creates a new logon and gives itself special privileges to remove the trojan, but I'm just not sure.

I'd really appreciate some suggestions for further investigation to make sure the trojan is actually gone. Thanks in advance for any help.
[/b][/quote]



Networking/Security Forums -> Spyware // Adware // Trojans Discussion


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group