Jump to content

Inconsistent detection?

Recommended Posts

I noticed a strange behavior in SAS 4.21.1004 Free edition. It detected that a file in the System32 folder (CRP32DLL.dll) is infected with Trojan.Vundo-Variant/F. I had it quarantine/cleaned. That was the only infection after doing a complete system scan.

Did a search for the file, and found another copy of it in a folder belonging to a valid program. Scanned it, and it was clean.

I then copied the clean file to the System32 folder. Scanned it again. SAS again says it is infected. Moved the file to the desktop, scanned it; it was clean.

So it seems that it only recognizes the file as infected if it is in the C:\Windows\System32 folder.

To further test this, I checked on my other computer which has the same file in the same locations (and the same version of SAS with all the options being identical). On this other computer, SAS does not say the same file is infected when found in System32 (or any other location).

Does anyone have any idea why this inconsistency exists or how a file can be clean when in one location but (the very same file) when moved to another location seems infected?

Thanks in advance.

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Create New...