Trojan Agent/Gen-Nullo(micro) --SAS keeps finding this

Trojan Agent/Gen-Nullo(micro) --SAS keeps finding this when doing a scan which I do with it every few days. I use Avira free as my AV (I was using AVG which I purchased 2 years ago but is no longer very functional -- it let several Trojans download recently.)

I am assuming that Avira Free protects me as I go to various websites. I rarely go to sites that might be at risk -- HULU is probably the most risky.

But this Trojan agent Gen-Null (Micro) is never found in any scan by Avira -- and it gets run once a day.

Before I ran SAS, I ran Malwarebyte which found nothing. I find that Malwarebyte seem sot never find anything while SAS finds an occasional Trojan or 3 and a lot of tracking cookies.

Anyone have any ideas?

 

when it says it finds the trojan, what specifically (file and location) is it finding?

 

where is it located and what is the file name , i scanned with trend housecall and it found a trojan , it was an Asus prog not a trojan , i also use avira , make sure it is not a false pos .

 

Good thing I thought to look

It was in Documents & Settings/Favorites/Google/Favicon (<-- I am no so sure about the last term but it definitely began with FAV -- all the letters were in caps for the whole string.)

I do recall at some point my Google link stopped working and I had to resave it. But that has happened many times before with various links since I started using Xmarks to sync my favorites across my computers. So I didn't note whether it was associated with the previous deletion of above.

During the previous deletion there were 2 trojans SAS found. And when they were deleted one of them was in the same location (i.e., Favorites Google Fav...) though the deletion didn't say which one.

I looked at SAS's record of adding viruses and trojans this one was recently added.

 

Certainly sounds like a false positive to me. The favicon is the special icon loaded when you visit a webpage that offers one. I've never heard of a virus that infects that way.

When you go to google, in your address bar is it a generic icon or the special one with a lowercase G with four colored bars?

 

The special one --- I wondered about a false positive. Based on what you say -- it sounds like it was --- hmmm I wonder why?

 

Everything I keep finding related to this indicates that there was an exploit in Firefox that allowed a script to run with elevated privilidges based on faveicons.

I wonder if SAS is trying to alert you to that?

What browsers do you use? Are they all updated?

 

It's quite possibly a false positive.
What you could do is try to quick scan the system with MBAM and MSE (if you use it) and see if they report anything.