Ragamuffin Posted August 17, 2009 Hi, I'm sorry if this is the wrong place for this, the only other forum which seemed like it might be I don't have access to. Anyway, I just finished a SAS scan, my last one being about 6 days ago, and it turned up "Rootkit.Agent/Gen-Rx", there are 5 items flagged they are: Program files\Epox\eptp\epcpuid64.sys, Program files\Epox\eptp\getbinfile64.sys, Program files\Epox\eptp\hwmdr.sys, Program files\Epox\eptp\scanmemory64.sys and Windows\system32\driver\hwmdr.sys . I've quarantined them and all, and I'm running a second scan now, I'm just look for some advise, I haven't visited any insecure websites that I know of, nor installed anything in since my SAS scan, I run avast scans daily and they haven't detected anything, should I do anything else? Could this be a false positive? Share this post Link to post Share on other sites
siliconman01 Posted August 18, 2009 It looks to me like these are all legitimate files. It is best to go to the link below and follow the instructions for submitting as false positives. I would restore them and then rescan and follow the instructions for submitting an FP. https://www.superantispyware.com/support ... tml?faq=28 Share this post Link to post Share on other sites
Ragamuffin Posted August 18, 2009 Someone advised me to send the files to VirusTotal.com to make sure, most of them didn't find anything wrong, but "Sunbelt" flagged the two hwmdr.sys files as Trojan, although nothing else did. Share this post Link to post Share on other sites
siliconman01 Posted August 18, 2009 Well, I continue to recommend that you submit all of them to SAS and let the SAS gurus analyze them .... inasmuch as it is SAS flagging them as malicious on your system. I suspect that Epox is using the driver properly...although it can/is also used by the cybercriminals in their crapware to do malicious things...which is often the case. Share this post Link to post Share on other sites
Ragamuffin Posted August 18, 2009 Forgot the links to the ones listed as Trojans: Program Files\Epox\EPTP\hwmdr.sys Windows\system32\drivers\hwmdr.sys Share this post Link to post Share on other sites
Ragamuffin Posted August 18, 2009 Well, I continue to recommend that you submit all of them to SAS and let the SAS gurus analyze them .... inasmuch as it is SAS flagging them as malicious on your system. I will do, I've restored them and am running a scan to see if they get flagged again now. Share this post Link to post Share on other sites
diesellayer Posted August 19, 2009 where should I send it, what is their email address? I have a suspected virus keep running on my computer... Share this post Link to post Share on other sites