Jump to content
thebigeast

Trojan.Agent/Gen-Krpytik False Positive?

Recommended Posts

I completed the following scan earlier today - is this a false positive? I plan to run a few more scans with other products and see if they come up with something. I'll report back. Thanks!

SUPERAntiSpyware Scan Log

https://www.superantispyware.com

Generated 04/15/2010 at 05:45 PM

Application Version : 4.35.1002

Core Rules Database Version : 4810

Trace Rules Database Version: 2622

Scan type : Complete Scan

Total Scan Time : 00:35:44

Memory items scanned : 568

Memory threats detected : 0

Registry items scanned : 6856

Registry threats detected : 0

File items scanned : 26960

File threats detected : 1

Trojan.Agent/Gen-Krpytik

C:\WINDOWS\SYSTEM32\DS61GT.DLL

Share this post


Link to post
Share on other sites

I completed the following scan earlier today - is this a false positive? I plan to run a few more scans with other products and see if they come up with something. I'll report back. Thanks!

SUPERAntiSpyware Scan Log

https://www.superantispyware.com

Generated 04/15/2010 at 05:45 PM

Application Version : 4.35.1002

Core Rules Database Version : 4810

Trace Rules Database Version: 2622

Scan type : Complete Scan

Total Scan Time : 00:35:44

Memory items scanned : 568

Memory threats detected : 0

Registry items scanned : 6856

Registry threats detected : 0

File items scanned : 26960

File threats detected : 1

Trojan.Agent/Gen-Krpytik

C:\WINDOWS\SYSTEM32\DS61GT.DLL

I highly dont think that this is a false positive. Because usually some spyware are just random numbers and letters.

Share this post


Link to post
Share on other sites

Update:

I ran the following free antispyware programs and nothing showed up: Spybot, Ad-aware and Mbam.

I also ran my paid AV - ESET Nod32 AV4 and nothing showed up. I submitted the file to ESET.

I then ran the latest SAS and the same trojan is showing up as before. I received a false positive several days ago which was corrected. I'm concerned that this is the same thing. If it was not a false positive, you would think one of the other programs would pick it up. I'm not sure what will happen if I quarantine it since it resides in System 32.

This trojan name was included in the recent updates. Either SAS is picking up something noone else is yet or it's a false positive. In another forum the same trojan was thought to be a false positive in a Wordperfect file.

Any feedback from SAS would be appreciated. Thanks!

Share this post


Link to post
Share on other sites

Update:

I ran the following free antispyware programs and nothing showed up: Spybot, Ad-aware and Mbam.

I also ran my paid AV - ESET Nod32 AV4 and nothing showed up. I submitted the file to ESET.

I then ran the latest SAS and the same trojan is showing up as before. I received a false positive several days ago which was corrected. I'm concerned that this is the same thing. If it was not a false positive, you would think one of the other programs would pick it up. I'm not sure what will happen if I quarantine it since it resides in System 32.

This trojan name was included in the recent updates. Either SAS is picking up something noone else is yet or it's a false positive. In another forum the same trojan was thought to be a false positive in a Wordperfect file.

Any feedback from SAS would be appreciated. Thanks!

I got this same warning yesterday on 2 machines and both in a WordPerfect file. I sent it into SAS but have not heard back yet.

Have a good day,

Normandie

Share this post


Link to post
Share on other sites

Please use the built in reporting to report the False Positive, that helps us elimiate them immediately.

I did that yesterday. Last evening that is. Have not heard back yet.

Have a great day,

Normandie

Share this post


Link to post
Share on other sites

I did report the false positive from within SAS early in the morning. I updated SAS today and the false positive is now gone. This is the 2nd false positive within a week. Hopefully, I do not see anymore for quite awhile.

Share this post


Link to post
Share on other sites

I did report the false positive from within SAS early in the morning. I updated SAS today and the false positive is now gone. This is the 2nd false positive within a week. Hopefully, I do not see anymore for quite awhile.

Just updated and did the scan all if fine now. Thanks SAS

Have a nice day,

Normandie

Share this post


Link to post
Share on other sites

I just picked up three instances again in a backup drive's Sys Volume/Restore folder (dll files). I had submitted a first instance last month, along with a link from the source (the well known Dr. Watson's site) that explained why it is a false positive. Neither Avira nor MSE are picking it up either. If SAS has actually cleared it, it's not obvious here.

Share this post


Link to post
Share on other sites

I got Trojan.agent/Gen-Krpytik

https://www.virustotal.com/analisis/11251c9533c8d3ea55080c29a66de2b5f4474fcf1b7fb0047d96fc3eaf23bfc3-1272505511

C:\VCD PROGRAMS\TMPGENC PLUS-2.59.47.155\QTREADER.VFP

The file in question is apart of a quicktime plugin for a very old install of tmpgenc plus encoder. it's part of a very old tmpgenc and I tested it on total virus and it's clean as I suspected

SUPERAntiSpyware Scan Log

https://www.superantispyware.com

Generated 04/28/2010 at 07:35 PM

Application Version : 4.35.1002

Core Rules Database Version : 4865

Trace Rules Database Version: 2677

Scan type : Complete Scan

Total Scan Time : 01:01:58

Memory items scanned : 579

Memory threats detected : 0

Registry items scanned : 5395

Registry threats detected : 0

File items scanned : 84688

File threats detected : 1

Trojan.Agent/Gen-Krpytik

C:\VCD PROGRAMS\TMPGENC PLUS-2.59.47.155\QTREADER.VFP

Share this post


Link to post
Share on other sites

One of my PCs is running 98SE and SAS says it has a file infected with Krpytik. My question is since I cant upgrade to a later version of SAS, rather than quarantine should I just make the file a trusted item? Log is as follows:

SUPERAntiSpyware Scan Log

https://www.superantispyware.com

Generated 05/05/2010 at 06:32 AM

Application Version : 4.26.1002

Core Rules Database Version : 4891

Trace Rules Database Version: 2435

Scan type : Complete Scan

Total Scan Time : 01:15:54

Memory items scanned : 89

Memory threats detected : 0

Registry items scanned : 3012

Registry threats detected : 0

File items scanned : 13148

File threats detected : 1

Trojan.Agent/Gen-Krpytik

C:\WINDOWS\_ISTMP0.DIR\UNINST.DLL

Share this post


Link to post
Share on other sites

:?: I also suddenly get a false warning with the file SPCL01.DLL which is used with the Program "Speaking Clock". I have used this program for years, so I did a search on the Internet and have found numerous posts which say that it is a false detection. These advises come from several unrelated sources spread over some time, so I assume there is nothing underhand happening here.

I have recorded the DLL as a "trusted file" at the moment.

Do I need to report it to SASW??

Share this post


Link to post
Share on other sites

Obviously nothing has been done to fix this since yesterday my laptop detected this virus while I wasn't even using the computer. Amazing how just all of a sudden out of the blue I would get this especially when it wasn't detected during a scan or anything like that. The thing is to be safe before I looked this up I let it check my computer & quarantine this ridicules list of files from multiple LEGITIMATE programs. Then of course it says to reboot which I did & guess what? My computer would no longer start up. Instead it just kept rebooting asking if I wanted to use Safe Mode.

Thanks a lot NOT SO SUPERAnispyware. Luckily I'm a Computer & Network Admin so I knew what to do & I just booted to last known working configuration & I was able to get back into Windows not I just have to clean up this mess you created in order to get my programs to work again. Now that I know this isn't an actual virus first on my list will be to restore everything.

Interestingly enough 12 hours later another Trojan was detected. I'm betting without even looking it up that it's a False Positive too. Especially since Norton Internet Security didn't detect either one.

Trojan.Dropper/YUR-NV

Share this post


Link to post
Share on other sites

Raz ,

I would get a second opinion on that file 'trojan.Dropper/YUR-NV' if I were you.

What Norton AV do you have by the way ?

You also need to understand the difference between a 'Virus' (generic) and a 'Trojan' and the differences that can occur. Yes a "trojan" can sometimes be a "virus" but not

always and as such no ONE single AV or AS programme will detect everything, to rely on just one programme to do it all is naive.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

×