Jump to content
Sign in to follow this  
itsme

False Positive?

Recommended Posts

Hello.

I just ran a scan using SAS version 4.47.1000, Definition Data Base Version Core: 6061, Trace: 3873.

I usually run SAS at least 4 times a week after running my other scans.

This time it showed this: Trojan.Agent/Gen-Virut

C:\PROGRAM FILES\K-LITE CODEC PACK\TOOLS\VOBSUBSTRIP.EXE

I haven't updated or changed anything in the K-Lite Codec Pack.

So my question is, is this a false positive?

Here's the log:

SUPERAntiSpyware Scan Log

https://www.superantispyware.com

Generated 12/23/2010 at 04:05 AM

Application Version : 4.47.1000

Core Rules Database Version : 6061

Trace Rules Database Version: 3873

Scan type : Complete Scan

Total Scan Time : 00:41:07

Memory items scanned : 471

Memory threats detected : 0

Registry items scanned : 8315

Registry threats detected : 0

File items scanned : 27165

File threats detected : 1

Trojan.Agent/Gen-Virut

C:\PROGRAM FILES\K-LITE CODEC PACK\TOOLS\VOBSUBSTRIP.EXE

Thanks in advance.

Share this post


Link to post
Share on other sites

The file is in quar, so how do I go about this?

1. restore the file then run a scan again with SAS, using the report positive function?

If I do that, will it send my file without copying it? In other words, if it's a good file I would not want to lose it.

2. Same question for the virus total except how do I place it in? Do I first restore it, then find the file and try to upload it?

And, if I do upload it will it leave the original file or a copy if I want to keep it, in other words, if it's a good file I don't want to lose it.

Thanks in advance.

Share this post


Link to post
Share on other sites

I didn't notice this thread earlier, but I'm having the same issue. I did upload the file to both VirusTotal and Symantec. The only engine to detect any sort of malware for me was SAS.

Edit: An update reveals that the problem has been addressed. As of 4.47.1000 Core: 6063 Trace: 3877, it no longer detects Trojan.Agent/Gen-Virut in C:\PROGRAM FILES\K-LITE CODEC PACK\TOOLS\VOBSUBSTRIP.EXE

Share this post


Link to post
Share on other sites

Andrew:-,

I just experienced the same results, with the new set of definitions it's not reading it as a trojan.

I'm glad I restored it instead of jumping the gun and just deleting it.

Thanks to both of you for your help.

Problem has been resolved.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×