Pete Posted October 28, 2010 Report Share Posted October 28, 2010 I installed Immunet Protect (free version) 2 days ago and ran a scan. The scan identified the below listed files as trojans. I currently run Comodo Inteternet Security Suite 5, Malewarebytes 1.46 (paid version), and SpyShelter (personal free); all of ,which did not identify the files suspicious or as trojans. I also ran ESET online scanner and it returned with negative results. Need some help trying to determine if the below listed files are actual trojans or just false positives. File: waudit.exe Detection name: W32.Trojan.b047 Location: c c:\windows\asmbb\win32\waudit.exe Virus Total results: http://www.virustotal.com/file-scan/report.html?id=429362427e712c34513db321bcc18400b839089b62c7a59b1cb5b477782f896b-1288180062 File: khcap.sys Detection name: W32.Trojan.4293 Location: c:\windows\system32\drivers\khcap.sys Virus Total results: http://www.virustotal.com/file-scan/report.html?id=b047d554bf35e66dd8b750f71ea55551a454bd0544e79ed95f51df7ac92f25a2-1288230032 File: x86_ waudit.exe Detection name: W32.Trojan.4293 Location: c:\users\kravmaga\appdata\local\temp\x86_ waudit.exe Virus Total results: http://www.virustotal.com/file-scan/report.html?id=429362427e712c34513db321bcc18400b839089b62c7a59b1cb5b477782f896b-1288230474 Pete Link to comment Share on other sites More sharing options...
Guest Orlando Posted October 28, 2010 Report Share Posted October 28, 2010 I installed Immunet Protect (free version) 2 days ago and ran a scan. The scan identified the below listed files as trojans. I currently run Comodo Inteternet Security Suite 5, Malewarebytes 1.46 (paid version), and SpyShelter (personal free); all of ,which did not identify the files suspicious or as trojans. I also ran ESET online scanner and it returned with negative results. Need some help trying to determine if the below listed files are actual trojans or just false positives. File: waudit.exe Detection name: W32.Trojan.b047 Location: c c:\windows\asmbb\win32\waudit.exe Virus Total results: http://www.virustotal.com/file-scan/report.html?id=429362427e712c34513db321bcc18400b839089b62c7a59b1cb5b477782f896b-1288180062 File: khcap.sys Detection name: W32.Trojan.4293 Location: c:\windows\system32\drivers\khcap.sys Virus Total results: http://www.virustotal.com/file-scan/report.html?id=b047d554bf35e66dd8b750f71ea55551a454bd0544e79ed95f51df7ac92f25a2-1288230032 File: x86_ waudit.exe Detection name: W32.Trojan.4293 Location: c:\users\kravmaga\appdata\local\temp\x86_ waudit.exe Virus Total results: http://www.virustotal.com/file-scan/report.html?id=429362427e712c34513db321bcc18400b839089b62c7a59b1cb5b477782f896b-1288230474 Pete The results of Virus Total are clear, 8/43 - 3/43 - 8/43 are percentages of good to say that these files are malware and not a FP. However, a good result for us, these survey results are excellent. Orlando Link to comment Share on other sites More sharing options...
markusg Posted October 28, 2010 Report Share Posted October 28, 2010 hi, you can not take the vt results and say, a file is malware or not, i have often malware here and the vt results shows 0/43... @Pete is it posible to attach the file, so we can check it. Link to comment Share on other sites More sharing options...
Pete Posted October 28, 2010 Author Report Share Posted October 28, 2010 hi, you can not take the vt results and say, a file is malware or not, i have often malware here and the vt results shows 0/43... @Pete is it posible to attach the file, so we can check it. Thanks for quick response. I download a program the other day called Blackbox Security Monitor. I uninstalled the program the same day. It appears these files are remnants of the program; however, I would like to be sure. The files are too large to upload in one zip file. Attached are the first two files. Thanks! Pete waudit.zip khcap.zip Link to comment Share on other sites More sharing options...
Pete Posted October 28, 2010 Author Report Share Posted October 28, 2010 I keep getting an error indicating the third file is too big to upload (Used 450.53K of your 500K global upload quota (Max. single file size: 49.47K) Pete Link to comment Share on other sites More sharing options...
Guest Orlando Posted October 28, 2010 Report Share Posted October 28, 2010 hi, you can not take the vt results and say, a file is malware or not, i have often malware here and the vt results shows 0/43... @Pete is it posible to attach the file, so we can check it. Yes, you are right, but these files were also analyzed by PrevX and categorized as malware, so the analysis is just one more thing. However I will check the file personally. Orlando Link to comment Share on other sites More sharing options...
Guest Orlando Posted October 28, 2010 Report Share Posted October 28, 2010 I keep getting an error indicating the third file is too big to upload (Used 450.53K of your 500K global upload quota (Max. single file size: 49.47K) Pete You can send me the file at orlandopivi@hotmail.com Orlando Link to comment Share on other sites More sharing options...
Pete Posted October 28, 2010 Author Report Share Posted October 28, 2010 You can send me the file at orlandopivi@hotmail.com Orlando Orlando, I keep getting an Delivery Status Notification (Failure). Reporting-MTA: dns;snt0-mc3-f35.Snt0.hotmail.com Received-From-MTA: dns;mail-iw0-f171.google.com Arrival-Date: Thu, 28 Oct 2010 15:18:50 -0700 Final-Recipient: rfc822;orlandopivi@hotmail.com Action: failed Status: 5.5.0 Diagnostic-Code: smtp;550 Requested action not taken: mailbox unavailable (1044235902:3448:-2147467259) Pete Link to comment Share on other sites More sharing options...
Guest Orlando Posted October 29, 2010 Report Share Posted October 29, 2010 Orlando, I keep getting an Delivery Status Notification (Failure). Reporting-MTA: dns;snt0-mc3-f35.Snt0.hotmail.com Received-From-MTA: dns;mail-iw0-f171.google.com Arrival-Date: Thu, 28 Oct 2010 15:18:50 -0700 Final-Recipient: rfc822;orlandopivi@hotmail.com Action: failed Status: 5.5.0 Diagnostic-Code: smtp;550 Requested action not taken: mailbox unavailable (1044235902:3448:-2147467259) Pete You can send file here: http://www.mediafire.com/ (without account) and then post here the link. Orlando Link to comment Share on other sites More sharing options...
Pete Posted October 29, 2010 Author Report Share Posted October 29, 2010 You can send file here: http://www.mediafire.com/ (without account) and then post here the link. Orlando Orlando, Here is the last file. http://www.megafileupload.com/en/file/279332/x86waudit-zip.html Pete Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.