DooGie Posted September 16, 2010 Since the last couple of definition updates EVEREST_ICONS.DLL a Lavalys Everest Ultimate dll is showing up as a Trojan. SUPERAntiSpyware Scan Log https://www.superantispyware.com Generated 09/16/2010 at 08:13 PM Application Version : 4.43.1000 Core Rules Database Version : 5520 Trace Rules Database Version: 3332 Scan type : Complete Scan Total Scan Time : 00:12:59 Memory items scanned : 438 Memory threats detected : 0 Registry items scanned : 13075 Registry threats detected : 0 File items scanned : 26843 File threats detected : 1 Trojan.Agent/Gen-CDesc[VB-Packed] C:\ANDY\DIAGNOSTICS\EVEREST ULTIMATE EDITION\EVEREST_ICONS.DLL Share this post Link to post Share on other sites
Seth Posted September 16, 2010 Hi Doogie. You might want to submit the file to Virus Total just to be sure it's a false positive. If it is (likely), you can submit it as false positive when the SAS scan completes. Share this post Link to post Share on other sites
DooGie Posted September 16, 2010 Hi Doogie. You might want to submit the file to Virus Total just to be sure it's a false positive. If it is (likely), you can submit it as false positive when the SAS scan completes. Hi Seth Just checked the file with Virus Total and it was flagged as a Trojan by four softwares. Namely Comodo, Prevx, SUPERAntiSpyware and TrendMicro. However I've a feeling that the packer used for the .dll is probably causing these detections and that the file is clean. Also the copy of Everest was downloaded from the authors site not 3rd party. Share this post Link to post Share on other sites
Seth Posted September 16, 2010 Ok. I'd fire it off to SAS. Share this post Link to post Share on other sites
DooGie Posted September 17, 2010 This FP is now fixed. Nice fast work by the SAS team Update I thought it was fixed as when I scanned the Everest directory from the context menu it showed as clean. However running a complete scan on the whole drive showed the dll up as infected. I would have thought that both scans would produce the same result? Share this post Link to post Share on other sites
siliconman01 Posted September 18, 2010 This FP is now fixed. Nice fast work by the SAS team Update I thought it was fixed as when I scanned the Everest directory from the context menu it showed as clean. However running a complete scan on the whole drive showed the dll up as infected. I would have thought that both scans would produce the same result? This looks like an inconsistency that needs fixed by SAS. Please submit a Customer Support Request and request resolution. The inconsistency makes context switch scanning useless. https://www.superantispyware.com/csrcreateticket.html Share this post Link to post Share on other sites
DooGie Posted September 18, 2010 My post referring to the context menu scan was it turns out an error on my part, not looking at the path of a file closely enough. Since my original post regarding the possible fp I'd installed the latest beta version of Everest, in this version the icons.dll is not flagged as infected by SAS. However I'd saved a copy of the dll from the previous version to another directory which is the one being picked up by SAS during a complete scan. I still feel that this was a fp but obviously Lavalys have changed something in the latest release. Share this post Link to post Share on other sites
DooGie Posted September 28, 2010 An update on the above. After updating to SAS version 4.44.1000 the original EVEREST_ICONS.DLL that I posted as a fp is no longer detected as a trojan Share this post Link to post Share on other sites