Jump to content
Sign in to follow this  
alshall0

Trojan.Agent/Gen-Nullo[Short]

Recommended Posts

After updating SAS Free Edition this morning and running a complete scan, it detected two seemingly legitimate files:

C:\WINDOWS\REGISTEREDPACKAGES\{981FB688-E76B-4246-987B-92083185B90A}$BACKUP$\SYSTEM\WPDMTP.DLL

D:\MININT\SYSTEM32\DRIVERS\SYMMPI.SYS

The first seems to be part of the Windows OS and has been on the computer since November 2007, and the second, which is on a protected recovery drive, seems to be an actual driver.

I run a complete SAS scan every few days and haven't seen this detection before. I submitted a report for a possible false positive. Any additional information would be appreciated.

Share this post


Link to post
Share on other sites

Updated to Core 4472 Trace 2290, which cleared the FP on C:\WINDOWS\REGISTEREDPACKAGES\{981FB688-E76B-4246-987B-92083185B90A}$BACKUP$\SYSTEM\WPDMTP.DLL.

D:\MININT\SYSTEM32\DRIVERS\SYMMPI.SYS continues to show detection.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×
×
  • Create New...