• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

TrojanDownloader:Win32/Small.gen!C. Did MSE catch it?

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Spyware // Adware // Trojans Discussion

View previous topic :: View next topic  
Author Message
thedaego
Just Arrived
Just Arrived


Joined: 25 Mar 2010
Posts: 0


Offline

PostPosted: Thu Mar 25, 2010 6:07 pm    Post subject: TrojanDownloader:Win32/Small.gen!C. Did MSE catch it? Reply with quote

MSE = Microsoft Security Essentials

I'm wondering if anyone else has recently experienced this. Here's what happened:

I went to the following URL, using Firefox 3.6.2 (Please don't click on this, as this is what seemed to cause the issue)
unwiredview.com/2010/03/23/blueant-intros-rugged-t1-bluetooth-headset-q1-android-app-video/

Firefox crashes. Strangely, there is no crash report.

Microsoft Security Essentials reports the existence of TrojanDownloader:Win32/Small.gen!C.

I select to 'remove the threat', but now I'm concerned.

Checking the event viewer logs (because there weren't any left over from the Firefox crash. I checked about:crashes.) I noticed 2 relevant entries:
Quote:

1 Warning:
Microsoft Antimalware has detected spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Small.gen!C&threatid=2147572276
Name: TrojanDownloader:Win32/Small.gen!C
ID: 2147572276
Severity: Severe
Category: Trojan Downloader
Path: file:C:\Users\xxxxx\AppData\Local\Temp\A9RD967.tmp->(pdf0000:)->(EmbeddedCode)
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Status: Suspended
User: XXXXXXX
Process Name: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Signature Version: AV: 1.79.495.0, AS: 1.79.495.0
Engine Version: 1.1.5605.0

and 1 Error:
Quote:

Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Small.gen!C&threatid=2147572276
User: WOPCORE\thedaego
Name: TrojanDownloader:Win32/Small.gen!C
ID: 2147572276
Severity: Severe
Category: Trojan Downloader
Path:
Action: Remove
Error Code: 0x80508023
Error description: The program could not find the spyware and other potentially unwanted software on this computer.
Status:
Signature Version: AV: 1.79.495.0, AS: 1.79.495.0
Engine Version: 1.1.5605.0


What worries me is the error description in the above error. "The program could not find the spyware and other potentially unwanted software on this computer. "

I did tell MSE to 'remove the threat', and maybe it did and that's why the above error was generates... or maybe the above error was generated because it couldn't remove the threat.

Even more disturbing are the events found in the security areas of the Windows logs that occured at the same time as the crash and trojan detection:

"An account was successfully logged on."
followed by
"Special privileges assigned to new logon."

I suppose that it's possible that MSE (the anti-virus) creates a new logon and gives itself special privileges to remove the trojan, but I'm just not sure.

I'd really appreciate some suggestions for further investigation to make sure the trojan is actually gone. Thanks in advance for any help.
[/b][/quote]
Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Spyware // Adware // Trojans Discussion All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register