Jump to content

New User

Pete

By Pete,
in False Positives

Recommended Posts

Pete Newbie

Pete

Posted
Posted

I installed Immunet Protect (free version) 2 days ago and ran a scan. The scan identified the below listed files as trojans. I currently run Comodo Inteternet Security Suite 5, Malewarebytes 1.46 (paid version), and SpyShelter (personal free); all of ,which did not identify the files suspicious or as trojans. I also ran ESET online scanner and it returned with negative results.

 

Need some help trying to determine if the below listed files are actual trojans or just false positives.

 

File: waudit.exe

Detection name: W32.Trojan.b047

Location: c c:\windows\asmbb\win32\waudit.exe

Virus Total results: http://www.virustotal.com/file-scan/report.html?id=429362427e712c34513db321bcc18400b839089b62c7a59b1cb5b477782f896b-1288180062

 

File: khcap.sys

Detection name: W32.Trojan.4293

Location: c:\windows\system32\drivers\khcap.sys

Virus Total results: http://www.virustotal.com/file-scan/report.html?id=b047d554bf35e66dd8b750f71ea55551a454bd0544e79ed95f51df7ac92f25a2-1288230032

 

File: x86_ waudit.exe

Detection name: W32.Trojan.4293

Location: c:\users\kravmaga\appdata\local\temp\x86_ waudit.exe

Virus Total results: http://www.virustotal.com/file-scan/report.html?id=429362427e712c34513db321bcc18400b839089b62c7a59b1cb5b477782f896b-1288230474

 

Pete

Link to comment
Share on other sites
Guest Orlando

Guest Orlando

Posted
Posted

I installed Immunet Protect (free version) 2 days ago and ran a scan. The scan identified the below listed files as trojans. I currently run Comodo Inteternet Security Suite 5, Malewarebytes 1.46 (paid version), and SpyShelter (personal free); all of ,which did not identify the files suspicious or as trojans. I also ran ESET online scanner and it returned with negative results.

 

Need some help trying to determine if the below listed files are actual trojans or just false positives.

 

File: waudit.exe

Detection name: W32.Trojan.b047

Location: c c:\windows\asmbb\win32\waudit.exe

Virus Total results: http://www.virustotal.com/file-scan/report.html?id=429362427e712c34513db321bcc18400b839089b62c7a59b1cb5b477782f896b-1288180062

 

File: khcap.sys

Detection name: W32.Trojan.4293

Location: c:\windows\system32\drivers\khcap.sys

Virus Total results: http://www.virustotal.com/file-scan/report.html?id=b047d554bf35e66dd8b750f71ea55551a454bd0544e79ed95f51df7ac92f25a2-1288230032

 

File: x86_ waudit.exe

Detection name: W32.Trojan.4293

Location: c:\users\kravmaga\appdata\local\temp\x86_ waudit.exe

Virus Total results: http://www.virustotal.com/file-scan/report.html?id=429362427e712c34513db321bcc18400b839089b62c7a59b1cb5b477782f896b-1288230474

 

Pete

 

The results of Virus Total are clear, 8/43 - 3/43 - 8/43 are percentages of good to say that these files are malware and not a FP. However, a good result for us, these survey results are excellent.

 

Orlando

Link to comment
Share on other sites
Pete Newbie

Pete

Posted
  • Author
Posted

hi, you can not take the vt results and say, a file is malware or not, i have often malware here and the vt results shows 0/43...

 

@Pete

is it posible to attach the file, so we can check it.

 

Thanks for quick response. I download a program the other day called Blackbox Security Monitor. I uninstalled the program the same day. It appears these files are remnants of the program; however, I would like to be sure. The files are too large to upload in one zip file. Attached are the first two files.

 

Thanks!

 

Pete

waudit.zip

khcap.zip

Link to comment
Share on other sites
Guest Orlando

Guest Orlando

Posted
Posted

hi, you can not take the vt results and say, a file is malware or not, i have often malware here and the vt results shows 0/43...

 

@Pete

is it posible to attach the file, so we can check it.

 

Yes, you are right, but these files were also analyzed by PrevX and categorized as malware, so the analysis is just one more thing.

 

However I will check the file personally.

 

Orlando

Link to comment
Share on other sites
Guest Orlando

Guest Orlando

Posted
Posted

I keep getting an error indicating the third file is too big to upload (Used 450.53K of your 500K global upload quota (Max. single file size: 49.47K)

 

Pete

 

You can send me the file at orlandopivi@hotmail.com

 

Orlando

Link to comment
Share on other sites
Pete Newbie

Pete

Posted
  • Author
Posted

You can send me the file at orlandopivi@hotmail.com

 

Orlando

 

Orlando,

 

I keep getting an Delivery Status Notification (Failure).

Reporting-MTA: dns;snt0-mc3-f35.Snt0.hotmail.com

Received-From-MTA: dns;mail-iw0-f171.google.com

Arrival-Date: Thu, 28 Oct 2010 15:18:50 -0700

 

Final-Recipient: rfc822;orlandopivi@hotmail.com

Action: failed

Status: 5.5.0

Diagnostic-Code: smtp;550 Requested action not taken: mailbox unavailable (1044235902:3448:-2147467259)

 

Pete

Link to comment
Share on other sites
Guest Orlando

Guest Orlando

Posted
Posted

Orlando,

 

I keep getting an Delivery Status Notification (Failure).

Reporting-MTA: dns;snt0-mc3-f35.Snt0.hotmail.com

Received-From-MTA: dns;mail-iw0-f171.google.com

Arrival-Date: Thu, 28 Oct 2010 15:18:50 -0700

 

Final-Recipient: rfc822;orlandopivi@hotmail.com

Action: failed

Status: 5.5.0

Diagnostic-Code: smtp;550 Requested action not taken: mailbox unavailable (1044235902:3448:-2147467259)

 

Pete

 

You can send file here: http://www.mediafire.com/ (without account) and then post here the link.

 

Orlando

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...