psicutrinius Posted November 10, 2006 SAS has discovered the TROJAN.GROMOZON-INSTALLER embedded into the software for an hp deskjet 3650 printer. This has been downloaded straight from the hp downloads site (due to a reinstallation of the xpPro sp2). Certainly, the software gets inoperative if I throw all 5 reported files into quarantine and restoring them makes the programs operative again. And this is the question: Coming straight fron the hp site, is this a false positive? have hp been infected and unaware of it?. Share this post Link to post Share on other sites
nosirrah Posted November 10, 2006 Which download from this page did it come from ? http://h10025.www1.hp.com/ewfrf/wc/soft ... 35〈=en Share this post Link to post Share on other sites
psicutrinius Posted November 10, 2006 No, it actually was http://h10025.www1.hp.com/ewfrf/wc/softwareList?os=228&lc=es&cc=es&dlc=es&product=304535〈=es Which is actually the same but in Spanish Share this post Link to post Share on other sites
nosirrah Posted November 10, 2006 Which one from that page ? Also , if it is not to much trouble could you upload those files to this page : http://www.castlecops.com/f81-Unknown_Files.html . Create a new thread and submit the four files . @ Nic and fatdcuk Basic driver english = 8.37M Basic driver spanish = 8.38M Full driver english = 16.34M Full driver spanish = 27.09M It is probably nothing but we should look into this . Share this post Link to post Share on other sites
SUPERAntiSpy Posted November 11, 2006 Which one from that page ?Also , if it is not to much trouble could you upload those files to this page : http://www.castlecops.com/f81-Unknown_Files.html . Create a new thread and submit the four files . @ Nic and fatdcuk Basic driver english = 8.37M Basic driver spanish = 8.38M Full driver english = 16.34M Full driver spanish = 27.09M It is probably nothing but we should look into this . They are legit files - it was a false positive that was resolved in yesterday's later definition release. Share this post Link to post Share on other sites
psicutrinius Posted November 11, 2006 It was the full version as you guessed. SAS looked into the matter, reported it to be a false positive, already taken care of in the latest update. I ran SAS again after that and, yes, that was over. Therefore, since the matter is solved (and in fact had been solved shortly before I posted), I believe it is not necessary to copy these files here. Not now, HOURS after the matter has been solved (which is due to the time zone differences: I use to sleep a few hours a night). Anyway, thanks a lot both for the clear answer and the interest and for the speed as well. Share this post Link to post Share on other sites
