Jump to content
Sign in to follow this  
archie

NFSHS as trojan.agent/gen-autoit

Recommended Posts

SAS detected as serious issues with NFSHS.exe and total of 5 critical errors. This is a game called Need for Speed High Stakes by Electronic Arts.

There has not been any indications of malicious activity. No browser issues, no problems with banking, no signs of password theft, and no hijacked windows xp IE8 settings. Everything looks to be operating normal.

Scan log:

SUPERAntiSpyware Scan Log

https://www.superantispyware.com

Generated 11/16/2011 at 11:44 AM

Application Version : 5.0.1136

Core Rules Database Version : 7948

Trace Rules Database Version: 5760

Scan type : Quick Scan

Total Scan Time : 00:04:10

Operating System Information

Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)

Administrator

Memory items scanned : 327

Memory threats detected : 0

Registry items scanned : 31038

Registry threats detected : 2

File items scanned : 5999

File threats detected : 3

Trojan.Agent/Gen-Autoit

C:\PROGRAM FILES\ELECTRONIC ARTS\NEED FOR SPEED HIGH STAKES\NFSHS.EXE

HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\nfsHs.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\nfsHs.exe#Path

C:\DOCUMENTS AND SETTINGS\DOYLE\DESKTOP\NEED FOR SPEED HIGH STAKES.LNK

C:\WINDOWS\Prefetch\NFSHS.EXE-2C0AF8F2.pf

The exectuable is a no-cd modification. This does not make it malicious.

Please update your definitions to exclude this false positive

Thanks,

archie.

Share this post


Link to post
Share on other sites

Hi Archie,

Thank you for reporting this to us. In order to review the file we need you to use our in-application 'Report as False Positive' button (located next to the results window immediately following a scan). This will send us all the vital file info we need so that we can make a ruling, and then exclude the file if it is indeed a false positive. Unless you use this Report button then we will not be able to reproduce the detection or be able to know exactly what file (you say it's modified?) you have there that is causing the detection.

Thanks so much Archie, we really appreciate your help reporting False Positives!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×
×
  • Create New...