nalthren Report post Posted July 24, 2013 I got hit with 22 Trojans all under C\Programs Nivida/updatus with a few tell with a few game.exe's popped in there I know are related to the Nividia Geforce experience... Given how I checked my Nvidia Geforce after the 'removal' it is back to default settings, I think this was a false positive, which I was unable to flag as a false positive. SUPERAntiSpyware Scan Log https://www.superantispyware.com Generated 07/23/2013 at 11:06 PM Application Version : 5.6.1020 Core Rules Database Version : 10631 Trace Rules Database Version: 8443 Scan type : Complete Scan Total Scan Time : 02:06:38 Operating System Information Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002) UAC On - Limited User (Administrator User) Memory items scanned : 689 Memory threats detected : 0 Registry items scanned : 39296 Registry threats detected : 0 File items scanned : 60054 File threats detected : 26 Trojan.Agent/Gen-Strictor C:\PROGRAMDATA\NVIDIA\UPDATUS\PACKAGES\00002E5A\VOPS-DOTA_2.15152356.EXE C:\PROGRAMDATA\NVIDIA\UPDATUS\PACKAGES\00003E50\DAO.16281631.EXE C:\PROGRAMDATA\NVIDIA\UPDATUS\PACKAGES\00003A73\DAO.15915059.EXE C:\PROGRAMDATA\NVIDIA\UPDATUS\PACKAGES\00003A78\VOPS-LEFT_4_DEAD_2.15916653.EXE C:\PROGRAMDATA\NVIDIA\UPDATUS\PACKAGES\00003B33\DAO.16044919.EXE C:\PROGRAMDATA\NVIDIA\UPDATUS\PACKAGES\00003B51\DAO.16081870.EXE C:\PROGRAMDATA\NVIDIA\UPDATUS\PACKAGES\00003BE2\DAO.16137597.EXE C:\PROGRAMDATA\NVIDIA\UPDATUS\PACKAGES\00003BF1\DAO.16173164.EXE C:\PROGRAMDATA\NVIDIA\UPDATUS\PACKAGES\00003BF6\DAO.16199147.EXE C:\PROGRAMDATA\NVIDIA\UPDATUS\PACKAGES\00003D2D\DAO.16249320.EXE C:\PROGRAMDATA\NVIDIA\UPDATUS\PACKAGES\00003E66\DAO.16303927.EXE C:\PROGRAMDATA\NVIDIA\UPDATUS\PACKAGES\00003E7B\DAO.16329232.EXE C:\PROGRAMDATA\NVIDIA\UPDATUS\PACKAGES\00003E82\DAO.16337275.EXE C:\PROGRAMDATA\NVIDIA\UPDATUS\PACKAGES\00003E93\DAO.16368481.EXE C:\PROGRAMDATA\NVIDIA\UPDATUS\PACKAGES\0000400C\VOPS-DOTA_2.16397623.EXE C:\PROGRAMDATA\NVIDIA\UPDATUS\PACKAGES\0000401E\VOPS-LEFT_4_DEAD_2.16397623.EXE C:\PROGRAMDATA\NVIDIA\UPDATUS\PACKAGES\00004049\DAO.16397623.EXE C:\PROGRAMDATA\NVIDIA\UPDATUS\PACKAGES\00004134\DAO.16430842.EXE C:\PROGRAMDATA\NVIDIA\UPDATUS\PACKAGES\00004139\DAO.16438418.EXE C:\PROGRAMDATA\NVIDIA\UPDATUS\PACKAGES\000041D0\DAO.16449855.EXE C:\PROGRAMDATA\NVIDIA\UPDATUS\PACKAGES\000041DA\DAO.16473425.EXE C:\PROGRAMDATA\NVIDIA\UPDATUS\PACKAGES\00004318\DAO.16512755.EXE C:\Windows\Prefetch\DAO.16368481.EXE-EF98E677.pf C:\Windows\Prefetch\VOPS-DOTA_2.15152356.EXE-A11C5441.pf C:\Windows\Prefetch\VOPS-DOTA_2.16397623.EXE-02C31428.pf C:\Windows\Prefetch\VOPS-LEFT_4_DEAD_2.16397623.E-0145CD96.pf Share this post Link to post Share on other sites
nalthren Report post Posted July 24, 2013 Can I have a reply to this? Share this post Link to post Share on other sites
GuiltySpark Report post Posted July 24, 2013 it probably was a false positive but you should use the built in FP reporter so the team know what part(s) of the file(s) are causing the issue. Share this post Link to post Share on other sites
SAS Customer Service Report post Posted July 24, 2013 The NVidia files detected are false positives. We have removed the detection rule that is catching these files. Please do not remove these files. Please check for updates in SAS and they will no longer be detected. Share this post Link to post Share on other sites
nalthren Report post Posted July 24, 2013 The scanner auto removed them before I could hit cancel sadly. Share this post Link to post Share on other sites
nalthren Report post Posted July 24, 2013 Would using system restore fix the deleted items? Share this post Link to post Share on other sites
