4 replies to this topic

[qurious]

Hello

Immunet has quarantined 2 files:

1. clam.exploit.java.kaixin-1
2.spyware.hacktool.smz

I am trying to determine if these files are false positives or real threats.

Immunet says the original file path was C:\Windows\Temp\BF482F53-D448-408C-9637-9647BF604991-Sigs\0C22E2E3-6F20-47D0-8F06-AED3A0976B71mpavdlta.vdm.new.temp. However, the folder C:\Windows\Temp\BF482F53-D448-408C-9637-9647BF604991-Sigs is empty.

Could anyone please advise if they have any experience with these files?

Thanks
qurious

[Sveni]

Hello

Immunet has quarantined 2 files:
1. clam.exploit.java.kaixin-1
2.spyware.hacktool.smz
[...]
Could anyone please advise if they have any experience with these files?

Try upload to https://www.virustotal.com/ or http://virusscan.jotti.org/de.

[qurious]

Hello Sveni

Thanks for your reply. I have tried restoring the quarantined files from Immunet to upload to virustotal. Immunet created a temp file which virustotal cannot recognise. Is there someway for the file to be converted so that virustotal can recognise it?

My apologies if my questions are simple. I am not a tech-head and am new to this.

Thanks
qurious

[ritchie58]

Hi quious, this temp file is associated with Microsoft Security Essentials or Defender. The temp file is used when MSE/Defender is updating and installing new defination signatures. Go ahead and restore these files from Quarantine since they are false positives. To avoid any further conflicts like this add MSE/Defender's complete Program Files folder to Immunet's Exclusion List. Also it's a good idea to add Immunet's Program Files folder into MSE/Defender's exclusion/exception list too. That way they will see each other as legit programs.

Cheers, Ritchie...

[qurious]

Hello Ritchie58

Wll do.
Thanks for your help.

Best Regards