Jump to content
mikew_nt

PCPBIOS.EXE: Rogue.Agent/Gen-Nullo[EXE]

Recommended Posts

Just appeared last night. Modification date on the file is many, many years ago, I'm fairly certain it's been scanned by SAS in the past. Just to be sure, uploaded it to Virus Total, and got zero hits as malware. I reported this using the FP capability inside SAS, will be looking for a new update! Thanks as always guys - great product.

=mike

PS: I have a question on how real-time protection works. In AVG, if I even touch a file that it suspects (example, right click and select Properties, the AVG real-time protection kicks in. In SAS, I can touch the file similarly, and nothing happens. Does the file actually have to attempt to run for SAS to kick in real time protection?

Share this post


Link to post
Share on other sites

I also have this (PCPBIOS.EXE: rogue.Agent/Gen-Nullo [EXE] in quarantine - found it last night. Not sure if it's a false positive or not. Would someone please advise if it should be deleted? I think it may be an old entry from PC Pitstop site...but not sure. It's been on this pc since March, 2007 and never been identified as a problem......

Share this post


Link to post
Share on other sites

I found this same identification this morning during a routine SAS complete system scan. This has never been seen before by SAS; it is not seen this morning by Spybot S&D nor by MalwareBytes' Antimalware. A Google search suggests that this file might have a connection with PCPitstop, but there is no easy way to verify this. Almost certainly an SAS false positive!

Share this post


Link to post
Share on other sites

New update issued tonight continues to find spyware, C:\Windows\System32\PCPBios.EXE. False positive report submitted. Please advise whether this needs to be removed - or if it is a false positive. MSE and MalwareBytes do not indicate any spyware on the pc , but SuperAntiSpyware continues to flag it. Thanks. I have this item quarantined and no apparent bad results...... also found some crap left behind by PcPitstop, which I have deleted, so this was a good warning flag to clean out the pc. In the meantime, I guess leaving pcpbios.exe quarantined is a good plan until I figure this all out.

Share this post


Link to post
Share on other sites

2 of my clients called with the same thing. It is in the quarantine right now. Is it real or what? if it is false will there be a fix sent up to fix it and can we restore the item? My computers do a weekly scan and not due till Tuesday but i am manually running a full scan (after doing the updates ) one now on one of my test computers using superantispyware free version

I will post the results when it finishes

robin

Share this post


Link to post
Share on other sites

We'll check it out. Those rules typically detect "Fake" files dropped by rogue applications - the PCPBIOS.EXE may be a FP, we'll have our team check it out!

Share this post


Link to post
Share on other sites

Even it this is a "false positive", can someone tell me if it's ok to remove it? If, in fact, it is related to PC Pitstop utility, which i haven't used in a couple years, it would seem that it isn't needed. In searching the Net for an answer, it appears as though this is left-over crap from the PC Pitstop tests which I ran at one time in the past. SuperAntiSpyware hasn't flagged it before, however, even if it isn't spyware, I'd like to remove it unless it causes problems by removing it. So far, putting it in Quarantine has not presented any problems. Appreciate any input in this regard, also. Thanks.

Share this post


Link to post
Share on other sites

not on the machines i see it on. None of them had this pitstop utility

including mine but we need to know soon so i can either leave it in quarantine or restore it

robin

Share this post


Link to post
Share on other sites

they issued an update- click on check updates

you will see it in there

I did the update

restored the file

did a new scan and all is well now

robin

Share this post


Link to post
Share on other sites

Thanks, Robin..............appreciate your post, HOWEVER, I updated SuperAntispyware after reading your post (to Core 4373, Trace 2214) - restored the file, and ran SuperAntispyware scan again - and there it is.......back again, just like before. Glad you got your pc's cleared, but I'm afraid mine is still in "limbo".

Share this post


Link to post
Share on other sites

I also updated SuperAntispyware to Core 4373, Trace 2214, restored the file, and then re-ran SuperAntispyware. Unfortunately, it was again flagged as problem: PCPBIOS.EXE: Rogue.Agent/Gen-Nullo[EXE]. I sent a FP report to SAS.

The one thing this SW version did do was to correct a FP for NTIEMBED.DLL: Rogue.Agent/Gen-Nullo[DLL]. Initially both the DLL & EXE file were flagged as problems for me on 12/12/09. Today I was able to restore the DLL file. Hopefully SAS programmers will correct the EXE file FP soon... ;)

Share this post


Link to post
Share on other sites

there was another update sent up today

which showed the fix for the gen-nullo

do the update and see if it fixes it now

robin

Share this post


Link to post
Share on other sites

Thanks, Robin - just updated to Core 4374, Trace 2214, restored file, and ran scan...........everything is ok again. Appreciate all the help in here.

Share this post


Link to post
Share on other sites

Just ran SAS Pro Core 4374, Trace 2214, and it corrected this FP.

However, there is another issue thay appears to need investigation. When SAS first flagged the "problem" as Rogue.Agent/Gen-Nullo[EXE], it also identified the source file (PCPBIOS.EXE) and its path: C:\windows\system32.

But SAS Pro Core 4373 did not identify the file or its location. In addition, it also flagged the problem as Rogue.Agent/Gen-Nullo[EXE-Spec], which is slightly different. Since the Core 4374 version did not flag the file it is unknown if the lack of file name & location issue was carried over from Core 4373 to Core 4374... :?:

Share this post


Link to post
Share on other sites

I have just completed an SAS Free complete scan using Core 4376, the latest update available. The PCPBIOS.exe issue that is the subject of this thread no longer appears. It was evidently a false positive. Thanks to all at SAS and elsewhere for straightening matters out!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

×
×
  • Create New...