castle1126 Posted October 7, 2010 Report Share Posted October 7, 2010 Hi all, I've been getting a few of these W32.Dropper alerts not too long after starting my computer. This seemed to have started about a week ago. I've taken the file out of quarantine and submitted to Virustotal and get a 1/43 finding. The VT link is http://www.virustotal.com/file-scan/report.html?id=850e93435917a32dd77f9780c9c241d679aab583e934b35b5d5f52dfe13a1f65-1286493526. I'm also going to attach the file (zipped with password "infected") to this posting. Reviewing the traffic logs for this system I don't see anything that would show a malicious download occurring, so I'm not sure if this is a false positive or not. Any guidance on this would be greatly appreciated! Thanks, Steve file.zip Link to comment Share on other sites More sharing options...
Guest Orlando Posted October 8, 2010 Report Share Posted October 8, 2010 Hi all, I've been getting a few of these W32.Dropper alerts not too long after starting my computer. This seemed to have started about a week ago. I've taken the file out of quarantine and submitted to Virustotal and get a 1/43 finding. The VT link is http://www.virustotal.com/file-scan/report.html?id=850e93435917a32dd77f9780c9c241d679aab583e934b35b5d5f52dfe13a1f65-1286493526. I'm also going to attach the file (zipped with password "infected") to this posting. Reviewing the traffic logs for this system I don't see anything that would show a malicious download occurring, so I'm not sure if this is a false positive or not. Any guidance on this would be greatly appreciated! Thanks, Steve file.zip The file .swf is definitely infected, the second file I'm not sure, but it could be a FP. I warn Alfred about this question. Regards, Orlando Link to comment Share on other sites More sharing options...
etms51 Posted October 8, 2010 Report Share Posted October 8, 2010 I think which this attachment is infected. It's not possible to FP. Link to comment Share on other sites More sharing options...
castle1126 Posted October 8, 2010 Author Report Share Posted October 8, 2010 The interesting thing is this - this only alerts after Windows XP has been running for a couple of minutes. At no time later while XP is running that I see the virus alert. Thoughts? Link to comment Share on other sites More sharing options...
alfred Posted October 9, 2010 Report Share Posted October 9, 2010 The interesting thing is this - this only alerts after Windows XP has been running for a couple of minutes. At no time later while XP is running that I see the virus alert. Thoughts? This means it's either getting dropped onto your file system at that point or being executed. The product only reviews files on copy/read/move/write/execute. Cheers, al Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.