Jump to content
IObit Forum
Top Free Driver Updater Tools Best 25 PC Optimization Software Best 22 Antimalware Best 22 Uninstaller Software IObit Coupons & Discount Offers PC Optimizer

WgaLogon.dll - Trojan.Bagle? [SOLVED by updating WGA or db 1414]


Recommended Posts

Hi Guys,

 

Have just run an IS 360 smart scan. This time - it's come up with the "eBay.com.au" logo JPG as Worm.Packed.Generic in the Temporary Internet Files folder. When running a scan on that file (from the context menu) - it finds nothing. No other security software detects anything, anywhere.

 

I've uploaded the "infected" file to - http://wikisend.com/download/212064/ebay_88_31[1].zip

 

Here is a copy of the detection report :

 

IObit Security 360

 

OS:Windows XP

Version:1.4.1.11

Define Version:1407

Time Elapsed:00:00:44

Objects Scanned:53441

Threats Found:5

 

|Name|Type|Description|ID|

Tracking Cookies, Cookies, Cookie:footy@quantserve.com/, 7-2075

Tracking Cookies, Cookies, Cookie:footy@content.yieldmanager.com/ak/, 7-1540

Tracking Cookies, Cookies, Cookie:footy@ad.yieldmanager.com/, 7-1540

Tracking Cookies, Cookies, Cookie:footy@content.yieldmanager.com/, 7-1540

Worm.Packed.Generic, File, C:\Documents and Settings\Footy\Local Settings\Temporary Internet Files\Content.IE5\GZ9G81NH\ebay_88_31[1].jpg, 9-87623

 

I will ignore this detection, until it has been reported as having been repaired.

 

ADVICE : To those people who've upgraded to a purchased version - my advice is :

Please make sure that you have ruled out any detection by IS 360 as being a F/P before you go out & spend unnecassarily. That is - if your other security software detects nothing, and only IS 360 detects something - do some research, upload your "infected" file to VirusTotal (or similar). If it is only IS 360 finding an infection : then it's most likely a false-positive. In this case - IObit needs to know, so they can rectify the problem. Don't become angry. Become inquisitive & positively helpful. You might help someone else to "not become scared", and/or to "not spend needlessly".

 

Off my soapbox now :lol:. Thanks for any help with this present F/P IObit.

Cheers for now - Robert

Link to comment
Share on other sites

  • 2 weeks later...

Another FP Detected in Def. DB 1413

 

Hi All,

 

I have another seemingly FP detected, when scanning with Def. DB 1413. That's in addition to the image file FP. No other security software finds anything. Here is the updated Detection Log :

 

IObit Security 360

 

OS:Windows XP

Version:1.4.1.11

Define Version:1413

Time Elapsed:00:05:15

Objects Scanned:52142

Threats Found:3

 

|Name|Type|Description|ID|

 

Trojan.Bagle, File, C:\WINDOWS\system32\WgaLogon.dll, 12-1299

Worm.Packed.Generic, File, C:\Documents and Settings\Footy\Desktop\ebay_88_31[1].jpg, 9-87623

 

Thanks for any help.

Cheers - Footloose

Link to comment
Share on other sites

Hi Guys,

 

Have just run an IS 360 smart scan. This time - it's come up with the "eBay.com.au" logo JPG as Worm.Packed.Generic in the Temporary Internet Files folder. When running a scan on that file (from the context menu) - it finds nothing. No other security software detects anything, anywhere.

 

I've uploaded the "infected" file to - http://wikisend.com/download/212064/ebay_88_31[1].zip

 

Here is a copy of the detection report :

 

IObit Security 360

 

OS:Windows XP

Version:1.4.1.11

Define Version:1407

Time Elapsed:00:00:44

Objects Scanned:53441

Threats Found:5

 

|Name|Type|Description|ID|

Tracking Cookies, Cookies, Cookie:footy@quantserve.com/, 7-2075

Tracking Cookies, Cookies, Cookie:footy@content.yieldmanager.com/ak/, 7-1540

Tracking Cookies, Cookies, Cookie:footy@ad.yieldmanager.com/, 7-1540

Tracking Cookies, Cookies, Cookie:footy@content.yieldmanager.com/, 7-1540

Worm.Packed.Generic, File, C:\Documents and Settings\Footy\Local Settings\Temporary Internet Files\Content.IE5\GZ9G81NH\ebay_88_31[1].jpg, 9-87623

 

I will ignore this detection, until it has been reported as having been repaired.

 

ADVICE : To those people who've upgraded to a purchased version - my advice is :

Please make sure that you have ruled out any detection by IS 360 as being a F/P before you go out & spend unnecassarily. That is - if your other security software detects nothing, and only IS 360 detects something - do some research, upload your "infected" file to VirusTotal (or similar). If it is only IS 360 finding an infection : then it's most likely a false-positive. In this case - IObit needs to know, so they can rectify the problem. Don't become angry. Become inquisitive & positively helpful. You might help someone else to "not become scared", and/or to "not spend needlessly".

 

Off my soapbox now :lol:. Thanks for any help with this present F/P IObit.

Cheers for now - Robert

Hi Footloose

You upload the file to www.wikisend.com that is't " ebay_88_31[1].jpg ".

PLS upload again.

Link to comment
Share on other sites

Wikisend Upload

 

Hi Hxin,

 

Thanks for getting back to me. I've uploaded the original zipped file, available at ebay_88_31[1].zip and the new detection, WgaLogon.dll, available at WgaLogon.zip Both are password protected with the usual password, all in upper case. Hope they worked this time.

 

To Melvin Deal - Thanks for your compliment my friend. We're all here to help. That's all I want to do.

 

Cheers for now - Footloose

Link to comment
Share on other sites

False Positive? wgalogon.dll

 

IObit Security 360

 

OS:Windows XP

Version:1.4.1.11

Define Version:1413

Time Elapsed:00:02:57

Objects Scanned:46549

Threats Found:1

 

|Name|Type|Description|ID|

Trojan.Bagle, File, C:\WINDOWS\system32\WgaLogon.dll, 12-1299

Link to comment
Share on other sites

Hi knightsbbs,

 

I don't say that it is not a false positive, but please read Guidelines and Requirements for Reporting a False Positive thread.

Thread explains also how to upload the suspected files to third party web sites including www.2shared.com and www.wikisend.com.

 

After following the procedure there, the response of IObit will be much quicker.

 

Upload the file "WgaLogon.dll" to VirusTotal and give the link of the analysis report here.

 

Please upload and test again your WgaLogon.dll file, as there is no FP warning for my WgaLogon.dll.

 

Cheers.

Link to comment
Share on other sites

WgaLogon.dll - VirusTotal Report

 

Hi Enoskype,

 

I have just seen your response to knightsbbs's problem (about the WgaLogon.dll issue). I wasn't able to upload my "infected" file to VirusTotal earlier today. I used JOTTI - and it came up with 0/20. I've just tried VirusTotal again - and it came up with 0/41.

 

In my case - IO360 only started detecting Trojan.Bagle in WgaLogon.dll with definitions database 1413.

 

Here is VT's Analysis Report : http://www.virustotal.com/analisis/65b355804bbf2d34024b7139b0049a9ffd4a645106f1ea5e0ac311210ecd2861-1271423003

 

Thanks for any further assistance.

Cheers - Footloose

Link to comment
Share on other sites

Thanks Footloose,

 

I hope hxin will respond soon.

 

Did you try right clicking on WgaLogon.dll and choosing Scan with IObit Security 360 ?

And did it give the same result as FP Trojan.Bagle threat? What is the version of WgaLogon.dll ?

 

Cheers.

Link to comment
Share on other sites

Right-click Scan of WgaLogon.dll

 

Hi Enoskype,

 

Thanks heaps for your prompt response.

I've just tried a right-click scan with IS 360 - and it produced the same "detection" result as a Quick Scan does.

 

That's odd, because a right-click scan of those previous 2 image file FP's didn't produce the same "detection".

 

The version # of my WgaLogon.dll is 1.8.0032.0

 

I hope this helps.

Cheers for now - Footloose

Link to comment
Share on other sites

Hi again Footloose,

 

Perhaps older versions of WgaLogon.dll has a behaviour similar to Trojan.Bagle threat, as my version is 1.9.40.0 and it is not seen as a threat. (XP pro sp3 with all updates.)

 

Anyway, let's wait for hxin, but updating may be a remedy too.

 

Cheers.

Link to comment
Share on other sites

Trojan.Bagle

 

IObit Security 360

 

OS:Windows XP

Version:1.4.1.11

Define Version:1413

Time Elapsed:00:00:02

Objects Scanned:1

Threats Found:1

 

|Name|Type|Description|ID|

Trojan.Bagle, File, C:\WINDOWS\system32\WgaLogon.dll, 12-1299

 

VirusTotal scan result 0/39

http://www.virustotal.com/analisis/dc3e8258090e7fdbafaffeb3ddc116ede8a272ac3b70784e7d8ededc34251e8b-1271436739

 

IObit 360 continues to identify the above Trojan after many removals. Does this need to be added to "Ignore"?

Thanks

Link to comment
Share on other sites

Same problem

 

What is interesting is AVG did not detect anything at all. I have turned off system restore and still to no avail. I read that this file hides under hidr.exe among other files, searched for it but could not find it either

 

This is my report:

 

IObit Security 360

 

OS:Windows XP

Version:1.4.1.11

Define Version:1413

Time Elapsed:00:05:05

Objects Scanned:47950

Threats Found:1

 

|Name|Type|Description|ID|

Trojan.Bagle - Quarantined, File, C:\WINDOWS\system32\WgaLogon.dll, 12-1299

 

 

Any help or response is greatly appreciated, since I spent the whole Saturday working on it with no result. I have to admit though that I did receive an email from somebody I know and strangely it had his resume supposedly attached but never opened anything. Then a second email was sent and it indicated that he never sent anything and it was a spam. That is what caught my guard and I ran IOBit and it found trojan.bagle whereas AVG did not.

 

waiting for an answer soon, even though not sure if due to the weekend we will have to wait till Monday or not. I am running the iobit everytime I turn the computer so as to quarantine it, but not sure if that helps or not. If you run full scan you will see it hidden in hotkey file too.

 

cheers

Link to comment
Share on other sites

Trojan.Bagle WgaLogon.dll ?

 

IObit Security 360

 

OS:Windows XP

Version:1.4.1.11

Define Version:1413

Time Elapsed:01:00:24

Objects Scanned:91950

Threats Found:2

 

|Name|Type|Description|ID|

Trojan.Bagle - Quarantined, File, C:\WINDOWS\system32\WgaLogon.dll, 12-1299

Trojan.Bagle - Quarantined, File, C:\WINDOWS\system32\dllcache\WgaLogon.dll, 12-1299

 

 

 

 

Should I be worried or is this a f/p?

Link to comment
Share on other sites

I am getting the same thing with my Security 360. I run Avg and I have STOPzilla and they do not have it, just Security 360.

 

How can I find what my version of Wgalogon.dll is? I just know the basics of

operating a computer.

Link to comment
Share on other sites

I am getting the same thing with my Security 360. I run Avg and I have STOPzilla and they do not have it, just Security 360.

 

How can I find what my version of Wgalogon.dll is? I just know the basics of

operating a computer.

 

Hi

You can go to Start>Search. Click on "All files and Folders". In the Search Criteria enter "WgaLogon.dll" and click on Search. When the file is found, right click on it and select Open Containing Folder. This will open the folder with the file highlighted. Right click on the file and select Properties. Then click on Version. I hope this helps.

Link to comment
Share on other sites

iobit security 360

 

I have Iobit Security 360 installed on my computer. I was running great and never had any problems until yesterday. When I do a scan it detects... WgaLogon.dll.... C:?Windows/system 32 I deleted it and did another scan and got the same results. Is there a way to delete this for good?? Also it is called"Trojan.Bagle". Thanks for any help... You can also email me at...

 

EDIT: e-mail address deleted, not a good idea to give an e-mail address in the forum.

Link to comment
Share on other sites

The latest WGA (Windows Geniune Advantage) Notification Tool for XP WindowsXP-KB905474-ENU-x86.exe is

downloadable from:

http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=afd45b36-3d77-4259-801c-d31a9a90cdcf

 

You can also download a free program from Microsoft which needs WGA validation, and it will be installed as Active X.

Using Windows Update may update it too.

 

Cheers.

Link to comment
Share on other sites

Updating didn't work for me

 

Hi All,

 

I downloaded & installed the update (now 1.9.40.0), rebooted this PC, ran a quick IS 360 scan - and it is still finding my copy of the old version, as well as the new version, of WgaLogon.dll - as Trojan.Bagle

 

That is - even with the updated db. 1414

 

The ebay.com.au logo JPG is still being detected as Worm.Packed.Generic

 

What's happening ??

 

Cheers - Footloose

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...