itsme Report post Posted December 23, 2010 Hello. I just ran a scan using SAS version 4.47.1000, Definition Data Base Version Core: 6061, Trace: 3873. I usually run SAS at least 4 times a week after running my other scans. This time it showed this: Trojan.Agent/Gen-Virut C:\PROGRAM FILES\K-LITE CODEC PACK\TOOLS\VOBSUBSTRIP.EXE I haven't updated or changed anything in the K-Lite Codec Pack. So my question is, is this a false positive? Here's the log: SUPERAntiSpyware Scan Log https://www.superantispyware.com Generated 12/23/2010 at 04:05 AM Application Version : 4.47.1000 Core Rules Database Version : 6061 Trace Rules Database Version: 3873 Scan type : Complete Scan Total Scan Time : 00:41:07 Memory items scanned : 471 Memory threats detected : 0 Registry items scanned : 8315 Registry threats detected : 0 File items scanned : 27165 File threats detected : 1 Trojan.Agent/Gen-Virut C:\PROGRAM FILES\K-LITE CODEC PACK\TOOLS\VOBSUBSTRIP.EXE Thanks in advance. Share this post Link to post Share on other sites
siliconman01 Report post Posted December 23, 2010 I recommend that you run VOBSUBSTRIP.EXE through VirusTotal at the link below. http://www.virustotal.com/ This file seems to be "questionable". Also send it in to SAS as a potential False Positive per the instructions in the link below. https://www.superantispyware.com/supportfaqdisplay.html?faq=28 Share this post Link to post Share on other sites
itsme Report post Posted December 23, 2010 The file is in quar, so how do I go about this? 1. restore the file then run a scan again with SAS, using the report positive function? If I do that, will it send my file without copying it? In other words, if it's a good file I would not want to lose it. 2. Same question for the virus total except how do I place it in? Do I first restore it, then find the file and try to upload it? And, if I do upload it will it leave the original file or a copy if I want to keep it, in other words, if it's a good file I don't want to lose it. Thanks in advance. Share this post Link to post Share on other sites
Andrew Report post Posted December 24, 2010 I didn't notice this thread earlier, but I'm having the same issue. I did upload the file to both VirusTotal and Symantec. The only engine to detect any sort of malware for me was SAS. Edit: An update reveals that the problem has been addressed. As of 4.47.1000 Core: 6063 Trace: 3877, it no longer detects Trojan.Agent/Gen-Virut in C:\PROGRAM FILES\K-LITE CODEC PACK\TOOLS\VOBSUBSTRIP.EXE Share this post Link to post Share on other sites
itsme Report post Posted December 24, 2010 Andrew:-, I just experienced the same results, with the new set of definitions it's not reading it as a trojan. I'm glad I restored it instead of jumping the gun and just deleting it. Thanks to both of you for your help. Problem has been resolved. Share this post Link to post Share on other sites
