anyone see this?

[Robinb]

after the last update AVG 8.0 popped up and said there was this Trojan horse
Generic11.clr in the files below and one in c:/System Volume
Information\_restore,,,,,

c:\windows\system32\spool\drivers\w32x86\3\hpztbu06.exe
and \\(name of machine)\print$\W32X86\3\hpztbu07.exe

Every machine that is connected to my network and using the hp desktjet 5550
is getting the same message from AVG

What triggered it is when i went to print something.

I never saw this before. I have not updated this driver recently and did
not install any new software for it.

I ran superantispyware pro and it is coming up clean.

I sent an analysis to AVG- have not heard as of yet

So what gives? You think it is a false positive? it is sitting the in the
virus vault until i know what to do with it. I do not want to delete it for
fear i will have to reinstall the printer again, which i do not want to do
or restore it and find out it is something bad.

robin

--

 

[Robinb]

btw i searched around and found this

http://www.bleepingcomputer.com/startups/hpztsb05.exe-2016.html

this is for the same trojan just a different number after the hpztsb

i am hoping they are right and avg fixes this so it stops screaming and i
can restore the file back

robin

 

[Robinb]

and, seems AVG caught on too because they just issued another defintioin
update which now seems to have fixed this- so far anyway
robin

btw i searched around and found this

http://www.bleepingcomputer.com/startups/hpztsb05.exe-2016.html

this is for the same trojan just a different number after the hpztsb

i am hoping they are right and avg fixes this so it stops screaming and i
can restore the file back

robin

 

[Randy Knobloch]

Download and run HijackThis;
(http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php?page=hijackthis)
Read this Tutorial *before* first use;
(http://www.bleepingcomputer.com/forums/index.php?showtutorial=42)
Once done > run HijackThis > save a scan log and post it to /any/ of the
following (expert) forums for analysis.
*Note, //registration// *is* required prior to posting a log.

- Not listed in any particular order -

(http://forum.securitycadets.com/index.php?showforum=2)
(http://forums.spywareinfo.com/index.php?&showforum=18)
(http://www.spywarewarrior.com/viewforum.php?f=5)
(http://www.bleepingcomputer.com/forums/forum22.html)
(http://www.dslreports.com/forum/cleanup)
(http://forum.malwareremoval.com/viewforum.php?f=11)
(http://www.cybertechhelp.com/forums/forumdisplay.php?f=25)
(http://www.atribune.org/forums/index.php?showforum=9)
(http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html)
(http://forums.spywareinfo.com/index.php?showforum=18)
(http://www.techmonkeys.co.uk/forums/viewforum.php?f=8)
(http://forum.networktechs.com/forumdisplay.php?f=130)
(http://forums.maddoktor2.com/index.php?showforum=17)
(http://forums.spywaretimes.com/index.php?showforum=2)
(http://www.bluetack.co.uk/forums/index.php?showforum=172)
(http://forums.techguy.org/f54-s.html)
(http://forums.tomcoyote.org/index.php?showforum=27)
(http://forums.subratam.org/index.php?showforum=7)
(http://www.5starsupport.com/ipboard/index.php?showforum=18)
(http://www.malwarebytes.org/forums/index.php?showforum=7)
(http://www.wilderssecurity.com/forumdisplay.php?f=26)
(http://makephpbb.com/phpbb/viewforum.php?f=2)
(http://forums.techguy.org/54-security/)
(http://forums.security-central.us/forumdisplay.php?f=13)
(http://castlecops.com/forum67.html)
(http://gladiator-antivirus.com/forum/index.php?showforum=170)
(http://www.lavasoftsupport.com/index.php?showforum=36)
(http://forum.piriform.com/index.php?showforum=12)
(http://aumha.net/viewforum.php?f=30)

Post back the URL where you posted your log, *not* the entire log.