Beware of this Trojan-Agent-Iconforamazon.exe

Started Mar 27, 2013 | Discussions
3dreal
Senior MemberPosts: 1,765
Like?
Beware of this Trojan-Agent-Iconforamazon.exe
Mar 27, 2013

Trojan.Agent/Gen-MSFake

DESKTOPICONFORAMAZON\ICONFORAMAZON.EXE

I had found it on my desktop and deleted it. It was only after that when Firefox started crashing all the time lately(i never had this over all the years).

Non of these scanners found it but Superantispyware did.

Its the scanner which has always found what others did not.

Microsoft Security Essentials,

Malwarebytes

Housecall

adwcleaner

spybot

None of these found it.

it was found in a second non-used old account.

I have that trojan seperated and will now scan it by special scanners.

If i were you i would keep systempartition with applications only small(my winxp is 34gb) and backup it up onto a second drive e.g. esata external or internal if not possible. Not usb or firewire, they are slow. It takes multiple hours.

-- hide signature --

www.stereopan.org

Jim Cockfield
Forum ProPosts: 14,447
Like?
use virustotal.com before installing any software
In reply to 3dreal, Mar 27, 2013

I'd suggest always uploading anything you want to install to http://www.virustotal.com

It scans using over 40 Different AV products and reports the results.

Of course, even if *all* of them say a program is clean, that doesn't mean it's not really malware; and sometimes brand new malware is undetected by all major scanners. 

But, it's going to catch most of it.

So, it's a good idea to use an AV product that blocks any suspicious behavior from an application by default, requiring your OK before a program can proceed.

Comodo Internet Security is good about that kind of thing   But, because they are using what I consider to be unscrupulous tactics try and get unsuspecting users to get help via their GeekBuddy service for vague problems, I will no longer recommend them.

I'm in the process of evaluating new AV protection now to replace Comodo, and I'll probably end up using something like Emisoft Anti-Malware in conjunction with other products for extra layers of protection.

For example, you may also want to consider using something like the free version of ThreatFire in conjunction with your AV protection of choice for an added layer of protection (it's uses heuristics only to block suspicious behavior).  I used Threatfire in conjunction with Avira AntiVir Premium and Comodo Firewall for a long time.  Sometimes the alerts were redundant (where more than one AV product required me to OK a program's suspicious behavior).  But, I'd rather have the extra alerts than risk malware getting through.

I'd also make sure to run using a non Admin account.   That's easy if using Vista or newer versions of Windows like Win 7.  Basically, click on your start button and type in Standard User Account into the search box and you'll see a link to set one up.  Running under an Account without Admin permissions decreases the chance of malware installing without your knowledge.

-- hide signature --

JimC
------

Reply   Reply with quote   Complain
3dreal
Senior MemberPosts: 1,765
Like?
Re: use virustotal.com before installing any software-BEWARE pesfdisk.exe
In reply to Jim Cockfield, Mar 27, 2013

Good hints, thanks. I think at sysopt.com there is a link to an AV-comparison-site. The same has been reported about comodo.

Yes i am using a restricted account normally. Maybe its better installing all programs-if possible from there.

I dont know if its good to add this here or open a new thread. Its about Firefox which started crashing abou 14 days ago.

Exactly at this date this suspicious file had been installed in SYSTEM32-directory.

pesfdisk.exe

Important: Superantispyware and  processexplorer have found it!

sasw is my favorite scanner, with highest success-rate.

More updates about this file will follow.

at windows\pchealth a userdumps-file had been found 6 days later. will ask in sysopt.com whats all about this. exact name will follow, is on the other drive.

will now try to find out what i was doing on the installation date.

-- hide signature --

www.stereopan.org

Reply   Reply with quote   Complain
3dreal
Senior MemberPosts: 1,765
Like?
Re:BEWARE OF pesfdisk.exe
In reply to 3dreal, Mar 27, 2013

found here

WINDOWS\SYSTEM32\PESFDISK.EXE   11.3.2013 ANWENDUNG
WINDOWS\pchealth\ERRORREP\UserDumps\pesfdisk.ex...... 17.3.2013
HDMP-DATEI 17.03.2013

since this happened just when Firefox started crashing all the time i had to inform about this here beside that trojan. Maybe related. Pity i didnt check at what date i received the iconforamazon.exe.

-- hide signature --

www.stereopan.org

Reply   Reply with quote   Complain
3dreal
Senior MemberPosts: 1,765
Like?
Re:BEWARE OF pesfdisk.exe
In reply to 3dreal, Mar 31, 2013

Is a serious danger. I must replace my systempartion by an older backup or even "flat" my whole drive.

I know from where i received that file. It seem not related. 6 weeks ago i had an attack towards my Firefox masterpassword. was blocked! Maybe everything is related. so only a clean reinstall will help.

I was told at camp-firefox(german) it could be a backdoor-trojan. virustotal.com has it listed, seek for europanorama(me).

-- hide signature --

www.stereopan.org

Reply   Reply with quote   Complain
3dreal
Senior MemberPosts: 1,765
Like?
Re:BEWARE of pesfdisk.exe-Firefox crashes very frequently
In reply to 3dreal, Apr 5, 2013

1. first was an attack against my Firefox-Masterpassword. It was blocked.

2. Then Firefox crashed all the times. more frequent than ever before. Beforehand it hardly crashed.

thats why the people of campfirefox and trojaner-board.de(both german) said my system is seriously infected. But i wanted to see it. Thats why i remember this german site:

http://www.hijackthis-forum.de/tipps-tricks/2912-anleitung-zur-bereinigung-von-malware.html

The very first program-STINGER- showed these "SUPERHIDDEN" backdoors trojans. They are in Chrome among a second location.

here is the mentioned comparison site about free onlinescanners:

http://www.hijackthis-forum.de/tipps-tricks/2912-anleitung-zur-bereinigung-von-malware.html

-- hide signature --

www.stereopan.org

Reply   Reply with quote   Complain
Keyboard shortcuts:
FForum MMy threads