Jump to content
shilohdad

Potential false positive Rootkit.Agent/Gen-Local

Recommended Posts

Twice I have submitted potential false positive reports for Rootkit.Agent/Gen-Local in a program I use frequently: \Program Files\Common Files\DeLorme\DelSerial\SerEmulVspStartup.exe. This program starts up a GPS driver from DeLorme mapping software. I have had it for years. I have received no feedback whatsoever, even though I submitted the first report over two weeks ago, and the second report about 5 days ago. What can I do to get a response as to whether or not this is a false positive? I also run AVG Free 8.0, and it does not report it. I have also submitted it to www.virustotal.com and virusscan.jotti.org, neither of which reports this as an infection. So, how can I get a definitive answer from SUPERAntiSpyware?

Thanks.

Share this post


Link to post
Share on other sites
Twice I have submitted potential false positive reports for Rootkit.Agent/Gen-Local in a program I use frequently: \Program Files\Common Files\DeLorme\DelSerial\SerEmulVspStartup.exe. This program starts up a GPS driver from DeLorme mapping software. I have had it for years. I have received no feedback whatsoever, even though I submitted the first report over two weeks ago, and the second report about 5 days ago. What can I do to get a response as to whether or not this is a false positive? I also run AVG Free 8.0, and it does not report it. I have also submitted it to http://www.virustotal.com and virusscan.jotti.org, neither of which reports this as an infection. So, how can I get a definitive answer from SUPERAntiSpyware?

Thanks.

I checked the false positive database, and I don't see this file - can you do it one more time and I'll watch for it? Make sure and include your e-mail address and a reference to the forum so I can track it.

Share this post


Link to post
Share on other sites

I just sent in another false positive report. The e-mail address I supplied is the same one I have registered with this forum. If you don't find it, is there an alternative way, say via e-mail, to send you a zipped file with the suspect file?

Share this post


Link to post
Share on other sites
I just sent in another false positive report. The e-mail address I supplied is the same one I have registered with this forum. If you don't find it, is there an alternative way, say via e-mail, to send you a zipped file with the suspect file?

We'll check it out!

Share this post


Link to post
Share on other sites

Well, I just downloaded the latest definitions, and it is still showing this infection on the file. Any other ideas? I took the last posting to mean that the definitions had been changed to avoid showing a false positive, but perhaps I misunderstood you. Again, if the problem is that you did not actually receive the file, let me know if there is some other way to send it to you.

Share this post


Link to post
Share on other sites
Well, I just downloaded the latest definitions, and it is still showing this infection on the file. Any other ideas? I took the last posting to mean that the definitions had been changed to avoid showing a false positive, but perhaps I misunderstood you. Again, if the problem is that you did not actually receive the file, let me know if there is some other way to send it to you.

Very odd, it should have been removed. Can you zip and send it to nicks AT superantispyware.com and I'll check it out?

Share this post


Link to post
Share on other sites

Hmmm,

If I scan just the folder, the notification does not show up. If I scan the folder AND memory, then the notification shows up.

The notification shows up (more or less) as:

Rootkit.Agent/Gen-Local [2 items]

- Files

C:\PROGRAM FILES\COMMON FILES\DELORME\DELSERIAL\SEREMULVSPSTARTUP.EXE

- Memory Processes

C:\PROGRAM FILES\COMMON FILES\DELORME\DELSERIAL\SEREMULVSPSTARTUP.EXE

As I said, if I scan just the folder C:\PROGRAM FILES\COMMON FILES\DELORME\DELSERIAL or C:\PROGRAM FILES\DELORME, I get no notification.

Very strange!

I will zip up the file and send it to you at the address you specified.

P.S., I did the above-mentioned scans after downloading the latest signature files at about 7:15 PM EST, Feb. 16, 2009

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

×