Beware of this Trojan-Agent-Iconforamazon.exe
I had found it on my desktop and deleted it. It was only after that when Firefox started crashing all the time lately(i never had this over all the years).
Non of these scanners found it but Superantispyware did.
Its the scanner which has always found what others did not.
Microsoft Security Essentials,
None of these found it.
it was found in a second non-used old account.
I have that trojan seperated and will now scan it by special scanners.
If i were you i would keep systempartition with applications only small(my winxp is 34gb) and backup it up onto a second drive e.g. esata external or internal if not possible. Not usb or firewire, they are slow. It takes multiple hours.
I'd suggest always uploading anything you want to install to http://www.virustotal.com
It scans using over 40 Different AV products and reports the results.
Of course, even if *all* of them say a program is clean, that doesn't mean it's not really malware; and sometimes brand new malware is undetected by all major scanners.
But, it's going to catch most of it.
So, it's a good idea to use an AV product that blocks any suspicious behavior from an application by default, requiring your OK before a program can proceed.
Comodo Internet Security is good about that kind of thing But, because they are using what I consider to be unscrupulous tactics try and get unsuspecting users to get help via their GeekBuddy service for vague problems, I will no longer recommend them.
I'm in the process of evaluating new AV protection now to replace Comodo, and I'll probably end up using something like Emisoft Anti-Malware in conjunction with other products for extra layers of protection.
For example, you may also want to consider using something like the free version of ThreatFire in conjunction with your AV protection of choice for an added layer of protection (it's uses heuristics only to block suspicious behavior). I used Threatfire in conjunction with Avira AntiVir Premium and Comodo Firewall for a long time. Sometimes the alerts were redundant (where more than one AV product required me to OK a program's suspicious behavior). But, I'd rather have the extra alerts than risk malware getting through.
I'd also make sure to run using a non Admin account. That's easy if using Vista or newer versions of Windows like Win 7. Basically, click on your start button and type in Standard User Account into the search box and you'll see a link to set one up. Running under an Account without Admin permissions decreases the chance of malware installing without your knowledge.
Good hints, thanks. I think at sysopt.com there is a link to an AV-comparison-site. The same has been reported about comodo.
Yes i am using a restricted account normally. Maybe its better installing all programs-if possible from there.
I dont know if its good to add this here or open a new thread. Its about Firefox which started crashing abou 14 days ago.
Exactly at this date this suspicious file had been installed in SYSTEM32-directory.
Important: Superantispyware and processexplorer have found it!
sasw is my favorite scanner, with highest success-rate.
More updates about this file will follow.
at windows\pchealth a userdumps-file had been found 6 days later. will ask in sysopt.com whats all about this. exact name will follow, is on the other drive.
will now try to find out what i was doing on the installation date.
WINDOWS\SYSTEM32\PESFDISK.EXE 11.3.2013 ANWENDUNG
since this happened just when Firefox started crashing all the time i had to inform about this here beside that trojan. Maybe related. Pity i didnt check at what date i received the iconforamazon.exe.
Is a serious danger. I must replace my systempartion by an older backup or even "flat" my whole drive.
I know from where i received that file. It seem not related. 6 weeks ago i had an attack towards my Firefox masterpassword. was blocked! Maybe everything is related. so only a clean reinstall will help.
I was told at camp-firefox(german) it could be a backdoor-trojan. virustotal.com has it listed, seek for europanorama(me).
1. first was an attack against my Firefox-Masterpassword. It was blocked.
2. Then Firefox crashed all the times. more frequent than ever before. Beforehand it hardly crashed.
thats why the people of campfirefox and trojaner-board.de(both german) said my system is seriously infected. But i wanted to see it. Thats why i remember this german site:
The very first program-STINGER- showed these "SUPERHIDDEN" backdoors trojans. They are in Chrome among a second location.
here is the mentioned comparison site about free onlinescanners:
|Thunderheads With Egret by Buzz Lightyear|
|Double Rainbow; Abiquiu, NM, USA. by abiquiuense|
from After the Rain