Ad-Aware keeps giving me a detection of Win32. TrojanSpy.PCAgent Clean. I'm not sure what this is and if it is a false positive since Ad-Aware AE is the only application that detects it. I also have McAfee Security Suite from At&t, Threatfire, SpywareBlaster, Malwarebytes, Spybot Search and Destroy, Windows Defender and Microsoft Malicious Software Removal Tool. It seems to me that it might be something to do with system restore. Can you tell me if this is bad as it's always coming up? Could it be something blocking me from being able to restore to a restore point?
Thanks in advance. Let me know if I'm in the wrong area for this post. I apologize in advance if I am. I've uploaded the log.

Hi LavaRiver!

The file is falsely detected as a Win32.TrojanSpy.PCAgent object within a system restore point on your system. The file will be removed from detection as of the next definition file update i.e. 0149.0053. You may add the file to the Ad-Aware ignore list until then in order to avoid re-detection of the file.

Thanks for posting!

LS Pekka

Lavasoft Malware Labs

Okay thanks for getting back to me so quick. I feel better. So, just out of curiosity what file was it exactly that it was detecting as Win32.TrojanSpy/PCAgent Clean? The whole restore file or a particular file in the restore file?

Thanks

Hi again LavaRiver!

According to the posted log-file it was 3 instances of the same file i.e:

C:\System Volume Information\_restore{9B5D11CC-0877-4B7E-8121-D5675B9478B5}\Fifoed\A0081925.SYS
C:\System Volume Information\_restore{9B5D11CC-0877-4B7E-8121-D5675B9478B5}\RP106\A0083213.SYS
C:\System Volume Information\_restore{9B5D11CC-0877-4B7E-8121-D5675B9478B5}\RP108\A0089380.SYS

The files were falsely detected as Win32.TrojanSpy.PCAgent objects in a single restore point and will therefore be removed from detection as of the next definition file update i.e. 0149.0053.

Regards,

LS Pekka

Lavasoft Malware Labs

Sorry if im not understanding, what exactly are those falsely detected files supposed to be within that single restore point file?
They are quarantined now, if I delete them then I'll be deleting restore points, correct?

I understand that they will removed from the detection as of the next definition file update. So no need to go over that again.

Thanks,

Hi!

Q1: "So, just out of curiosity what file was it exactly that it was detecting as Win32.TrojanSpy/PCAgent Clean...The whole restore file or a particular file in the restore file?"
A1: 3 instances of the same file in a single restore point was detected i.e. not the whole restore point.

Q2: "what exactly are those falsely detected files supposed to be within that single restore point file?"
A2: Those files are files that existed on your system at the time when the restore point was created. Ad-Aware is capable of detecting files within restore points.

Q3: "They are quarantined now, if I delete them then I'll be deleting restore points, correct?"
A3: You will not delete the whole restore point by deleting the quarantined files but deleting the files may cause an error later when trying to restore your system using that specific restore point. You have the option to restore the files from the Ad-Aware quarantine instead, further info is available at http://www.lavasoftsupport.com/index.php?showtopic=26395

More info about system restore is available at http://support.microsoft.com/kb/306084

The falsely detected file has been removed from detection so update to the latest definitions (0149.0053) and re-scan your system and the files should not be detected.

Regards,

LS Pekka

Lavasoft Malware Labs

I was just trying to find out if you could tell me what those files were, exactly, that it was detecting. That's all. I was just curious as to what files it was calling spyware.

Thanks for you help.