Jump to content

False Positive: 04-03-2011_Yazzn_Client_Hook.exe


etms51

Recommended Posts

Hallo today i've found two attachment is detect with threat, but the Avira team said me which this file a False positive, please check it.

 

1)Name file: u1007.exe

threat detection: Gen:Trojan.Heur.JP.8yWaaShZwIob

MD5 : d28aba48a0910c248bf16203b55e5d8c

SHA1 : 859fddd98512620c2b086ac73f240566cd3617ea

SHA256: 74032150e582a57a03f94079e8d1be30cec2e134030cf1ec9241fb481c671541

Virustotal: http://www.virustotal.com/file-scan/report.html?id=74032150e582a57a03f94079e8d1be30cec2e134030cf1ec9241fb481c671541-1302061476

 

 

2)File name: 04-03-2011_yazzn_client_hook.exe

threat detection: Trojan.Generic.5320821

MD5 : 0aeba7bcecb3123cecf094b67eebe9c6

SHA1 : 974f2dbcfad52d85108b5b592d86f7b944fa276d

SHA256: 2a97dd7f4b1b07b077a2be98024ec08d7ce5dfd85ffa4b0dd193d3c9ff86a77d

please fix .it

Link to comment
Share on other sites

Hallo today i've found two attachment is detect with threat, but the Avira team said me which this file a False positive, please check it.

 

1)Name file: u1007.exe

threat detection: Gen:Trojan.Heur.JP.8yWaaShZwIob

MD5 : d28aba48a0910c248bf16203b55e5d8c

SHA1 : 859fddd98512620c2b086ac73f240566cd3617ea

SHA256: 74032150e582a57a03f94079e8d1be30cec2e134030cf1ec9241fb481c671541

Virustotal: http://www.virustota...1541-1302061476

 

 

2)File name: 04-03-2011_yazzn_client_hook.exe

threat detection: Trojan.Generic.5320821

MD5 : 0aeba7bcecb3123cecf094b67eebe9c6

SHA1 : 974f2dbcfad52d85108b5b592d86f7b944fa276d

SHA256: 2a97dd7f4b1b07b077a2be98024ec08d7ce5dfd85ffa4b0dd193d3c9ff86a77d

please fix .it

Hi etms51,

If You are uncertain, if Your file is infected or not, You can have itanalyzed. If the file is regarded as clean, the file will not be subject to anyscan by Immunet.

 

1.) IF YOU NEED ANIMMEDIATE ANALYZIS WITH RESULT, FOR EXAMPLE DURING WEEKENDS & HOLIDAYS:

 

1a.) Download &install the freeware VirusTotal (VT) Uploader 2.0 from here:

 

http://virustotal-uploader.en.softonic.com/

 

Using this simple freeware You may upload the file to VT website, where42 different Antivirus & Antimalware products will immediately analyze thefile. After a few seconds You will from VT get a report, that lists if anyproducts regard Your file as infected or not. The products, that have foundYour file to be infected, will also give their names of the infection. Manyproducts call the infection differently by using their own vocabulary. If onlya few of the products report Your file to be infected, You may regard theinfection to be a "false postive". Note, that results from some ofthe products are more reliable than from others. (Some of the products areknown for reporting "false positives"!) Finally, it is up to Yourselfto treat the file as clean or infected!

 

1b.) If you regard thefile to be clean, it can be placed in a sort of "whitelist" in theImmunet software:

 

Product->Settings->Protection Exclusions-> Add New Exclusion.

 

You must here enter the path to the file, and the full path will beadded as a new line to the list of exclusions. Note, that to the right of theline is an (x)! If You change Your mind and want, that the path would bescanned by Immunet again, it can be deleted by clicking on the (x)- sign andthe path (line) will disappear from the list.

 

Remember to click on the "Apply" button, otherwise yoursettings will not be saved!

 

2.) IF YOU DON'T NEEDA PROMPT ANALYZIS, AND YOU CAN WAIT UNTIL WORKDAYS MON-FRI 9-15, YOU CANPREFERABLY HAVE YOUR FILE HANDLED BY THE IMMUNET STAFF:

 

2a.) Submit Yoursuspicious file (false postive) here:

 

http://www.immunet.com/contact/index.html

 

2b.)If the analysis by Immunet regards the file as a "false positive",this will be reported to the Immunet database (the Cloud), and all furtherscans by Immunet will treat the file as clean. Note, that the file does not have to be on theExclusion list any more now! If the Immunet analysis regards the file to beinfected, this will be reported to the Immunet database (the Cloud). A scan byImmunet will then place the file in Quarantine. Note, that if You personallystill regard the file as clean, you must add it to Your own exclusion list (seeitem 1b. above)

 

3.) REMEMBER

 

Note, that if You havein emergency case used alternative 1.) above, you should later anyhow followthe instructions as per alternative 2.) as well. This is important, so that thewhole Immunet communty gets proper online info from the common database (theCloud)!

 

Cheers,

sweidre

Link to comment
Share on other sites

Thanks etms51, I looked into your files and will poke them to FP's ("undetermined") shortly.

 

u1007.zip / u1007.exe (and it's latest version, u1008.exe) is a proxy tool for getting around firewalls. I can't tell if it's 100% legit or not - there website looks ok and most of the info I found on it was ok, but there was one post that said it's used to spy on any traffic you sent through it and also can be used to launch DOS attacks.

 

yazzn_client_hook.exe appears to be a hacktool for WarRock. See http://www.mpgh.me/forum/28-warrock-international-hacks/231883-yazzn-client-hook-opk-chams-cqc-prone-gps-esp-gps-2.html. Stop cheating you.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...