Jump to content
stevelw

Trojan.Dropper

By stevelw, in False Positives

Recommended Posts

stevelw   

stevelw
Posted

I am currently running version 4.0.1154 of SAS and have just started receiving reports of an infection on my machine.

On bootup SAS generates a report saying that it has detected, and blocked, Trojan.dropper/svchost.exe-fake.process. After then performing a full system scan the log file shows that a file has been found which I quarantined.

SUPERAntiSpyware Scan Log

https://www.superantispyware.com

Generated 05/09/2008 at 10:12 AM

Application Version : 4.0.1154

Core Rules Database Version : 3455

Trace Rules Database Version: 1448

Scan type : Complete Scan

Total Scan Time : 00:19:14

Memory items scanned : 450

Memory threats detected : 0

Registry items scanned : 6023

Registry threats detected : 0

File items scanned : 18019

File threats detected : 1

Trojan.Dropper/SVCHost-Fake

C:\WINDOWS\SYSTEM32\CONFIG\SVCHOST.EXE

On rebooting the machine, the original report returned suggesting that the infection remains.

Is this a false positive or do I have some form of trojan that, whilst able to detect, SAS cannot remove permanently?[/img]

Share this post

Link to post
Share on other sites

SUPERAntiSpy   

SUPERAntiSpy
Posted
I am currently running version 4.0.1154 of SAS and have just started receiving reports of an infection on my machine.

On bootup SAS generates a report saying that it has detected, and blocked, Trojan.dropper/svchost.exe-fake.process. After then performing a full system scan the log file shows that a file has been found which I quarantined.

SUPERAntiSpyware Scan Log

https://www.superantispyware.com

Generated 05/09/2008 at 10:12 AM

Application Version : 4.0.1154

Core Rules Database Version : 3455

Trace Rules Database Version: 1448

Scan type : Complete Scan

Total Scan Time : 00:19:14

Memory items scanned : 450

Memory threats detected : 0

Registry items scanned : 6023

Registry threats detected : 0

File items scanned : 18019

File threats detected : 1

Trojan.Dropper/SVCHost-Fake

C:\WINDOWS\SYSTEM32\CONFIG\SVCHOST.EXE

On rebooting the machine, the original report returned suggesting that the infection remains.

Is this a false positive or do I have some form of trojan that, whilst able to detect, SAS cannot remove permanently?[/img]

Send me the sample to nicks AT superantispyware.com and I will check it out right now.

Share this post

Link to post
Share on other sites

stevelw   

stevelw
Posted

I'm new to SAS .. what do you mean by 'the sample'? Do you mean the .exe file referred to in the report or something else?

Share this post

Link to post
Share on other sites

SUPERAntiSpy   

SUPERAntiSpy
Posted
I'm new to SAS .. what do you mean by 'the sample'? Do you mean the .exe file referred to in the report or something else?

Yes, send me the SVCHOST.EXE from that folder and I'll check it out ;)

Share this post

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Go To Topic Listing False Positives
×