Jump to content
Sign in to follow this  
Pete

New User

Recommended Posts

I installed Immunet Protect (free version) 2 days ago and ran a scan. The scan identified the below listed files as trojans. I currently run Comodo Inteternet Security Suite 5, Malewarebytes 1.46 (paid version), and SpyShelter (personal free); all of ,which did not identify the files suspicious or as trojans. I also ran ESET online scanner and it returned with negative results.

 

Need some help trying to determine if the below listed files are actual trojans or just false positives.

 

File: waudit.exe

Detection name: W32.Trojan.b047

Location: c c:\windows\asmbb\win32\waudit.exe

Virus Total results: http://www.virustotal.com/file-scan/report.html?id=429362427e712c34513db321bcc18400b839089b62c7a59b1cb5b477782f896b-1288180062

 

File: khcap.sys

Detection name: W32.Trojan.4293

Location: c:\windows\system32\drivers\khcap.sys

Virus Total results: http://www.virustotal.com/file-scan/report.html?id=b047d554bf35e66dd8b750f71ea55551a454bd0544e79ed95f51df7ac92f25a2-1288230032

 

File: x86_ waudit.exe

Detection name: W32.Trojan.4293

Location: c:\users\kravmaga\appdata\local\temp\x86_ waudit.exe

Virus Total results: http://www.virustotal.com/file-scan/report.html?id=429362427e712c34513db321bcc18400b839089b62c7a59b1cb5b477782f896b-1288230474

 

Pete

Share this post


Link to post
Share on other sites
Guest Orlando

I installed Immunet Protect (free version) 2 days ago and ran a scan. The scan identified the below listed files as trojans. I currently run Comodo Inteternet Security Suite 5, Malewarebytes 1.46 (paid version), and SpyShelter (personal free); all of ,which did not identify the files suspicious or as trojans. I also ran ESET online scanner and it returned with negative results.

 

Need some help trying to determine if the below listed files are actual trojans or just false positives.

 

File: waudit.exe

Detection name: W32.Trojan.b047

Location: c c:\windows\asmbb\win32\waudit.exe

Virus Total results: http://www.virustotal.com/file-scan/report.html?id=429362427e712c34513db321bcc18400b839089b62c7a59b1cb5b477782f896b-1288180062

 

File: khcap.sys

Detection name: W32.Trojan.4293

Location: c:\windows\system32\drivers\khcap.sys

Virus Total results: http://www.virustotal.com/file-scan/report.html?id=b047d554bf35e66dd8b750f71ea55551a454bd0544e79ed95f51df7ac92f25a2-1288230032

 

File: x86_ waudit.exe

Detection name: W32.Trojan.4293

Location: c:\users\kravmaga\appdata\local\temp\x86_ waudit.exe

Virus Total results: http://www.virustotal.com/file-scan/report.html?id=429362427e712c34513db321bcc18400b839089b62c7a59b1cb5b477782f896b-1288230474

 

Pete

 

The results of Virus Total are clear, 8/43 - 3/43 - 8/43 are percentages of good to say that these files are malware and not a FP. However, a good result for us, these survey results are excellent.

 

Orlando

Share this post


Link to post
Share on other sites

hi, you can not take the vt results and say, a file is malware or not, i have often malware here and the vt results shows 0/43...

 

@Pete

is it posible to attach the file, so we can check it.

Share this post


Link to post
Share on other sites

hi, you can not take the vt results and say, a file is malware or not, i have often malware here and the vt results shows 0/43...

 

@Pete

is it posible to attach the file, so we can check it.

 

Thanks for quick response. I download a program the other day called Blackbox Security Monitor. I uninstalled the program the same day. It appears these files are remnants of the program; however, I would like to be sure. The files are too large to upload in one zip file. Attached are the first two files.

 

Thanks!

 

Pete

waudit.zip

khcap.zip

Share this post


Link to post
Share on other sites

I keep getting an error indicating the third file is too big to upload (Used 450.53K of your 500K global upload quota (Max. single file size: 49.47K)

 

Pete

Share this post


Link to post
Share on other sites
Guest Orlando

hi, you can not take the vt results and say, a file is malware or not, i have often malware here and the vt results shows 0/43...

 

@Pete

is it posible to attach the file, so we can check it.

 

Yes, you are right, but these files were also analyzed by PrevX and categorized as malware, so the analysis is just one more thing.

 

However I will check the file personally.

 

Orlando

Share this post


Link to post
Share on other sites
Guest Orlando

I keep getting an error indicating the third file is too big to upload (Used 450.53K of your 500K global upload quota (Max. single file size: 49.47K)

 

Pete

 

You can send me the file at orlandopivi@hotmail.com

 

Orlando

Share this post


Link to post
Share on other sites

You can send me the file at orlandopivi@hotmail.com

 

Orlando

 

Orlando,

 

I keep getting an Delivery Status Notification (Failure).

Reporting-MTA: dns;snt0-mc3-f35.Snt0.hotmail.com

Received-From-MTA: dns;mail-iw0-f171.google.com

Arrival-Date: Thu, 28 Oct 2010 15:18:50 -0700

 

Final-Recipient: rfc822;orlandopivi@hotmail.com

Action: failed

Status: 5.5.0

Diagnostic-Code: smtp;550 Requested action not taken: mailbox unavailable (1044235902:3448:-2147467259)

 

Pete

Share this post


Link to post
Share on other sites
Guest Orlando

Orlando,

 

I keep getting an Delivery Status Notification (Failure).

Reporting-MTA: dns;snt0-mc3-f35.Snt0.hotmail.com

Received-From-MTA: dns;mail-iw0-f171.google.com

Arrival-Date: Thu, 28 Oct 2010 15:18:50 -0700

 

Final-Recipient: rfc822;orlandopivi@hotmail.com

Action: failed

Status: 5.5.0

Diagnostic-Code: smtp;550 Requested action not taken: mailbox unavailable (1044235902:3448:-2147467259)

 

Pete

 

You can send file here: http://www.mediafire.com/ (without account) and then post here the link.

 

Orlando

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

×
×
  • Create New...