A full system scan with SUPERAntiSpyware – Free – v. 5.6.1040 has detected this item:
Trojan.Agent/Gen-Downloader in
C:\DOCUMENTS AND SETTINGS\XXXXXX\DOCUMENTI\DOWNLOAD\SUPPORT-LOGMEINRESCUE.EXE
(XXXXXX cover a personal detail).
I did the full scan as I usually do at least once a week, without any particular reasons, just peace of mind, as I also regularly do with Malwarebytes Anti-Malware – Free.
Now, since:
- Logmein Rescue.exe is the file which is usually downloaded by Norton Support to remotely access the
computer
- Last Monday (Oct. 7), I contacted Norton Support and allowed the agent to remotely access my
computer
can I reasonably think that the file detected by SAS is a false positive?
LogMeInRescue is a Support Program that some companies may use to gain Remote-Access to your computer when dealing with Technical Support, for example. There is no issue with you Removing this File from your system; if the program is not likely to be used for a few months, then I would recommend you Remove it, but it looks like a F.P. that SUPERAntiSpyware has Detected.
Hope this helps, and answers your concerns.
--------------
Edit:
You could always Upload the File to virustotal to test it against Multiple Security Software Virus' Definitions. This will hopefully put your mind at ease.
A full system scan with SUPERAntiSpyware – Free – v. 5.6.1040 has detected this item:
Trojan.Agent/Gen-Downloader in
C:\DOCUMENTS AND SETTINGS\XXXXXX\DOCUMENTI\DOWNLOAD\SUPPORT-LOGMEINRESCUE.EXE
(XXXXXX cover a personal detail).
I did the full scan as I usually do at least once a week, without any particular reasons, just peace of mind, as I also regularly do with Malwarebytes Anti-Malware – Free.
Now, since:
- Logmein Rescue.exe is the file which is usually downloaded by Norton Support to remotely access the
computer
- Last Monday (Oct. 7), I contacted Norton Support and allowed the agent to remotely access my
computer
can I reasonably think that the file detected by SAS is a false positive?
Hi, Laura. Likely a FP. SuperantiSpyware has been known to throw one up occasionally.....
Hi, F4E,
Any Security Software will have a F.P. every-now-and-then, some of which cause no or little damage, while others cause alot of issues! It happens to the best of them.
I don’t check the file with virustotal because of a personal detail which I think it is not possible to replace with XXXXXX as I did in my post above?... And I can’t leave it clearly visible… The computer guy’s fault: when he installed the OS he gave it a too personal name without even asking me and when I afterwards complained about it, I was told that I couldn’t change it unless I reinstalled the OS!
Sorry to read about your experience with a "computer guy"; that's a bit un-fortunate. However, please try not to be too worried/embarrassed about your un-wanted Computer Name/Personal Detail as I'm sure you'd rather be sure that there wasn't a threat on your computer doing un-told damage or spying on you. virustotal is a tool which is more interested in the last part of the Path. If you don't want to use then, then I completely understand. But, as has been noted, it is a False Positive; again, if you're not likely to contact Support within the next few weeks, please Remove this from your system. Maybe you should have asked the "computer guy" for a new computer...?
<< The computer guy’s fault: when he installed the OS he gave it a too personal name without even asking me and when I afterwards complained about it, I was told that I couldn’t change it unless I reinstalled the OS! >>
I'm not too sure just what you/he means by "he gave it a personal name" but I'm not sure he is correct. My present computer is called Ollie3 (Another fine mess you've got us into .....) as you can see from the image below that I get first by pressing the WINKEY and the Pause key at the same time to bring up System Information
Then clicking on Change Settings brings up the gray screen where you can alter the name to anything you want.
I don't fully follow your path where you show the XXXXX you want to hide
C:\DOCUMENTS AND SETTINGS\XXXXXX\DOCUMENTI\DOWNLOAD\SUPPORT-LOGMEINRESCUE.EXE
since on my system Documents and Settings is a locked folder even tho' I have elevated privileges and the normal route to DOWNLOAD is via Users
E:\Users\Hugh\Downloads
If you want to "change" the username eg from my Hugh to something else there is a way of doing that I'm pretty sure by copying the account to a new name and logging on to that new name.
Just some thoughts on something I don't fully understand....
<< The computer guy’s fault: when he installed...>>
I meant the OS name, not the computer/username which instead can be changed.
The path I mentioned in my first post is from SAS Scan Log, except for those XXXXXX which cover the OS name.
It is at the bottom of the SAS Scan log, just below the list of items scanned.
I confirm it is as follows:
Trojan.Agent/Gen-Downloader
C:\DOCUMENTS AND SETTINGS\XXXXXX\DOCUMENTI\DOWNLOAD\SUPPORT-LOGMEINRESCUE.EXE
Please note that “DOCUMENTI” after XXXXXX is not a typo, it is the Italian word for DOCUMENTS.
(The username is completely different from the OS name, and it is not mentioned anywhere in SAS Scan Logs, while it is, for instance, in MBAM Scan Logs)
Having cleared that the file path contains the OS name and not the username, I think it is not possible to change it as the computer guy had told me, unless I’m reinstalling the OS… Is this correct? I’m not computer literate...
Thank you very much, Hugh, for your help and I apologize for not explaining myself clearly in my previous post, hoping I did it now… if not, please let me know.
I’ve seen Trojan.Agent detected by Bitdefender Free as well and it was much ado about nothing. Trojan.Spambot was anouther detected by Malwarebytes (1.46 I believe) paid version, however, when I contacted their support, they were not overly moved by either of these detections.
I would imagine that unless I changed the software I’m running i.e. Windows 7, the “OS Name” will not change. However, both the “System Name” and (of course) “User Name” can be modified. Please see: System Information Screenshot and enlarge view if required.
In order to modify the “System Name”, you’re going back to pretty much where Mr. Hugh had you. Again, press the Windows Key and Pause Key simultaneously. Conversely, go under the start menu and right-click where it says “Computer” - - go under “Properties”. To the right of the window that comes up, go under “Change settings”. From the next window that appears, go under “Change”. In the next window, as you start typing a “Computer name” notice how it replicates under “Full computer name”. (See Screenshot 2, enlarge view if necessary) In addition, if you go under “More” (circled in red on Screenshot 2) you will notice that the “NetBios computer name” also reflects your change. Now, “x” out of that. On the “Computer Name/Domain Changes” window, click OK. You will be prompted to close any open applications etc. Acknowledge that message. Then, click close on the System Properties window. Re-start the machine. Afterwhich, you will notice, once back at the desktop, if you go back under System Information, you will see that under “System Name”, your change is reflected.
A: As I mentioned in my previous post – Message 11:
“Please note that “DOCUMENTI” after XXXXXX is not a typo, it is the Italian word for DOCUMENTS.”
Documents is the translation for Documenti, I don’t know if in the “Computer language” that would be “My Documents” (Sorry, but as I already pointed out, I am not computer literate).
As to your suggestion
“When you restore the file, copy the file to another location outside your user folder. Like C:\
Then when you upload it to virus total it will be from C:\LOGMEINRESCUE.EXE”
I'd be very grateful if you could give me all the steps to do it, from the very first one (for the same "illiteracy" reason as a.m...)
For the time being, I’d rather not to change the system name.
As far as I understand, also from some Google search results including Microsofts’ as well, this would involve Registry changes, and I really don’t feel like doing it - I wouldn’t want to find myself in worse troubles!
Thank you very much for providing the instructions but I think I still have a lot to learn before dealing with this matter.
Everyone- It's the user name not the computer name and please don't give advice to change it or rename it unless you have done it yourself. Laura is right here, it's not as simple as it seems. Renaming the username even through the control panel will cause all the user data to appear missing and certain programs and settings (and desktop) will be gone.
Even copying everything over to the new profile causes some problem that I can't seem to remember, it's been a while since I had to do this.
Laura,
Restore the file,
then go to: C:\DOCUMENTS AND SETTINGS\XXXXXX\DOCUMENTI\DOWNLOAD\SUPPORT-LOGMEINRESCUE.EXE
Right click on it and select "copy"
Then open up "My Computer" then open up the C drive.
Inside the C drive window right click and select "paste".
then go to: C:\DOCUMENTS AND SETTINGS\XXXXXX\DOCUMENTI\DOWNLOAD\SUPPORT-LOGMEINRESCUE.EXE
Right click on it and select "copy"
Then open up "My Computer" then open up the C drive.
Inside the C drive window right click and select "paste".
Am I wrong or the file name would remain the same, i.e. with the system name which here in the thread I replaced with XXXXXX? Or is there a way I can change the system name before pasting the file into the C drive?
Rainbow_2’s post to Mr. Hugh, “not the computer/username which can be changed….”
Then….
Rainbow_2 explains to Hammer_Bro, “I’d rather not change the system name….”
However, Rainbow_2’s last post, “is there a way I can change the system name….”
Okay. I’m not exactly sure what’s going on here any longer, however, when I performed the experiment insofar as changing the System Name on my XP Professional machine, all “hell” (so to speak) did not break loose….
I apologize for having caused further confusion! Please bear with me - with English clearly not being my native language and my being computer illiterate it (read confusion) can easily occur...
Rainbow_2 explains to Hammer_Bro, “I’d rather not change the system name….”
Yes, and in my post/Message #16 I explained the reason why:
“ …As far as I understand, also from some Google search results including Microsofts’ as well, this would involve Registry changes, and I really don’t feel like doing it - I wouldn’t want to find myself in worse troubles!..."
However, Rainbow_2’s last post, “is there a way I can change the system name….”
Why I asked that? Because, given that I had previously explained the reason why I preferred not to leave the system name clearly visible, when I saw DaveH’s suggestion (Message #17) about copying and pasting the file to another location I thought that my intention had been considered but was unable to fully understand how this could be done, thus my reply (Message #18):
“…Am I wrong or the file name would remain the same, i.e. with the system name which here in the thread I replaced withXXXXXX? Or is there a way I can change the system name before pasting the file into the C drive?”
Thinking it possible to easily change the system name just in thefile path before pasting it (thus without embarking on the way of changing the system name everywhere, method which I had just decided not to follow)? Probably a stupid question, but please consider that it was/is from a computer illiterate...
Still finding incongruencies? I hope not otherwise please let me know.
