Jump to content
Sign in to follow this  
SFdude

False Positive? only SAS detects Trojan in a ZIP file

Recommended Posts

Hi,

SAS (latest defs) in my PC,

and also

SAS at Virus Total site,

both report:

SUPERAntiSpyware 4.40.0.1006 2011.04.21 Trojan.Agent/Gen-Rogue[installer].Process

for this ZIP file:

http://calc3d.com/zip/cldpen01.zip

See the VT Report:

http://goo.gl/MH5eB

OR

http://www.virustotal.com/file-scan/report.html?id=9400f95fdd57330b383fd206ffffb409f06067905b75d64e3bdd01a36a8368a8-1303384589

Seems the EXE file inside the ZIP,

triggers the SAS alert...

False Positive...or not?

I will not install this in my PC,

unless I get the "green light" from SAS...

Help!

SFdude

XP-SP3 (latest patches)

FF 3.6.16

SAS / MBAM / AVAST (all free, updated, latest versions)

Share this post


Link to post
Share on other sites

Thanks for the thorough information.

The fie is indeed a false positive. Someone from SAS should see this thread today, and let you know it's being addressed.

Share this post


Link to post
Share on other sites

Thanks for the thorough information.

The file is indeed a false positive.

Someone from SAS should see this thread today, and let you know it's being addressed.

Thanks for the quick reply, Seth!

ok then, will wait for the "official" SAS response...

btw, Seth:

- how did you determine

that this file is a false positive? :blink:

Share this post


Link to post
Share on other sites

Thanks for the quick reply, Seth!

ok then, will wait for the "official" SAS response...

btw, Seth:

- how did you determine

that this file is a false positive? :blink:

You're welcome.

I didn't really determine it, you did with the info you provided :-D

I downloaded the file, and the .exe wasn't an obvious malware file. Add to that the VT report and some quick Googlin'

Share this post


Link to post
Share on other sites

Thanks to everyone for reporting this false positive. It has been resolved and should not be detected as of (upcoming) SUPERAntiSpyware Core Definition Database 6898 and greater. VirusTotal should also show no detection by the SUPERAntiSpyware engine as soon as they download our newest database from us.

Please PM me if you have any further issues.

Geoff

Share this post


Link to post
Share on other sites

Thanks to everyone for reporting this false positive. It has been resolved and should not be detected as of (upcoming) SUPERAntiSpyware Core Definition Database 6898 and greater. VirusTotal should also show no detection by the SUPERAntiSpyware engine as soon as they download our newest database from us.

Please PM me if you have any further issues.

Geoff

Thanks for your quick reply, Geoff.

But ... I am not reporting an "FP",

on this file:

....http://calc3d.com/zip/cldpen01.zip !.

In fact,

I don't even know if this is an FP...

I am simply asking SAS if it is, (or not).

after you test it.

I trust SAS 100%,

and take this (ominous) message:

....Trojan.Agent/Gen-Rogue[installer].Process

very seriously...

Even if other AV scanners found nothing,

and only SAS reports the message (above),

that does not make this file automatically "an FP",

in my opinion...

Will not install this file,

until I get the "green light" from the SAS Team. <_<

Thanks Geoff!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×
×
  • Create New...