I ran antivirus and ad-aware. Antiviurs did not detect, but adaware did. I have not been on the internet for weeks. the only downloads i have done were from companies products: Blizzard, Lavasoft, and Symantec. This is not the first time ad-aware was able to detect something and symantec was not. I do not understand how i could have gotten the Category: Trojan, Type: TR/LenaB. I can not find any information on it even through a google search. But, Ad-aware was able to quarantine it, and on later scans the trojan was not detected. the only new thing i have done lately was to install and play warcraft 3.

Bigamer
download and install 'HijackThis'* run a scan and copy paste the log in your next reply.
Meanwhile I'll ask the FP forum leaders to have a look into your problem.
Raziel

Hello Bigamer

Could you also please post the log file from when the file was detected. For further instructions on how to post a log file please see:

http://www.lavasoftsupport.com/index.php?showtopic=18033

It would also be useful if you could uplaod the file here to the forum, zip it and use the password infected.

Regards
LS Anders

One question first. Do I have to do the Hijack this file? I have Obssesive Compulsive Disorder, which is why I keep a tight watch over internet usage to assure that things like this do not happen. Which is why i was very surprised. So, I was hoping not to need to download anything. Also, I will try to get that Fp file, but it may take a little bit before i can. Lastly, does this mean there is a good chance that it could be a false positive?


And i forgot to mention that it took 2 scans to completely quarantine. It was found in 2 different files. one was called <system volume inf>

(iam responding on a different computer)

I think this is the file you had requested from the logs. The first file has 3 logs from the day it was detected.

Also, i found that actually in the logs it says the trojan was only detected once, but I could swear it was 2 times. one on the first scan and one on the second.

I loaded a second file that shows my quarantine, it shows 2 detections.

Hi Bigamer,

Thanks for posting the log files. I noticed that files were quarantined during one of your scans - could I ask you to zip and upload the quarantined file(s)? You can find quarantined files in:

C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Quarantine

To answer your questions:

Do I have to do the Hijack this file?
Not for this part, although if someone who is trying to help you asks you to download and install, its probably a good idea!

Lastly, does this mean there is a good chance that it could be a false positive?
We'll have a look at your quarantined files and investigate further.

Andy
Lavasoft Malware Labs

I copied and pasted the whole quarantine folder into a zipped file.

I hope thats ok, didn't know any other way to do it. Gonna delete the copy in recycle bin, after i post it.

So, this should be what you asked for.

Also, if it is a real trojan, would you by chance know why norton couldn't detect it? and will i need to reset my address, or only if it appears again?

I was wondering if there was an answer to what this is and if I should worry or not.

Bigamer
the IT guys still investigate your problem, plz be patient.
To be on the safe side run 'HijackThis'* and copy/paste the log in your next reply so that we also can
check this possibility.
Raziel

Hi Bigamer,

Sorry for the delay in getting back to you - this file did not display any malicious behaviour and has been removed from the detection database. I have attached the detected file if you would like to unzip it and replace it in its original folder.

Regards,

Andy
Lavasoft Malware Labs

Thank you very much for your help Iam glad to hear that it wasn't really a problem!

I actually still have the files in quarantine, so do not neede a copy. I was planning to just leave them there for now since they don't seem to be affecting anything at the moment, being in the quarantine.

One last thing, does it matter if I opened the program before it completely reintiallized? after an update. It seemed to be taking longer so I opened it. *_*; but nothing seems affected, but I didn't know if it mattered or not.