Jump to content
DonnaB

Trojan.Agent/Gen-Kazy

Recommended Posts

Hello,

I have a user that scanned with SAS and the scan targeted the following file:

Trojan.Agent/Gen-Kazy

C:\PROGRAM FILES (X86)\GOOGLE\GOOGLE EARTH\PLUGIN\IGEXPORTCOMMON.DLL

Upon researching, I find that VirusTotal found the file as being legit on Sep. 16, 2013 then 5 daus later on Sep. 21, 2013 the file is being targeted as malicious.

Can I safely assume this is a false positive? I'm quite sure it belongs to Google Earth plugin.

Thank you,

Donna :)

Share this post


Link to post
Share on other sites

Hello,

I have a user that scanned with SAS and the scan targeted the following file:

Trojan.Agent/Gen-Kazy

C:\PROGRAM FILES (X86)\GOOGLE\GOOGLE EARTH\PLUGIN\IGEXPORTCOMMON.DLL

Upon researching, I find that VirusTotal found the file as being legit on Sep. 16, 2013 then 5 daus later on Sep. 21, 2013 the file is being targeted as malicious.

Can I safely assume this is a false positive? I'm quite sure it belongs to Google Earth plugin.

Thank you,

Donna :)

 

I have the same problem with the same file. I know that the problem is the definition update. It has happened several times in the past and the same excuse was given. There is no quality assurance with these definition that are disitributed by SAS. The engineers that are working to remedy the solution should be drawing Workman's Compensation for a job that is surely out of their league. It has been a problem among others that this company has experienced since the company changed hands. This new crew really needs to go back to the drawing board and pick up what they missed in the first classes. When a program is suppose to detect and prevent malicious spyware, malware and others from being installed does it itself with the definition updates that are supposedly screened by professional engineers distributes the problem,  there is a serious problem here. How can you trust a program that does this continously? This use to be a really trustworthy piece of software before the change over. Excuses are one thing but when it continously happens what are reegistered users with Lifetime Subscriptions suppose to do? The lack of quality control, poor administration of policies lead to companies loosing respect and trust from paid subscribers. All of the comments that I have read over the months have become tiresome. The engineers are working to fix the problem. It seems to me the engineers are the problem. If there is no quality control over these definition updates lead to numerous false positives. Poor definition updates on the weekend where you may only get one a day and then it's flawed. May be management needs to reevaluate the people to see if they are truly qualified to perform this job? It is just like preaching to the choir, nothing is ever resolved. The lack of Tech Support is another problem, but let's just stay with the one at hand. The lack of program updates, bad definitions, lack of Tech Support, and excuses have become to commonplace. Just pat them on the head and the buck keeps passing on. It is a real pain when you have to stop and try and see what the problem is with the complete scans that scan one day and all is fine and scan the next day with the same definition then there are items detected. Piss poor way to run a business.

Share this post


Link to post
Share on other sites

I had the same problem last night.  SAS found the same files as yours, which I quarantined.  I then ran scans with SAS, Malwarebytes, comodo cleaning essentials, and my av Webroot.  All of them showed my computer as clean.  This morning I ran a scan with SAS and it was clean.  Tried to run Google Earth without the files that were quarantined and it wouldn't run.  I then deleted Earth with Revo UI and re-installed it from Google's site.  I then ran a SAS scan and it pinpointed the same files as before.  Sure seems to me that this indicates this as a false positive.

Share this post


Link to post
Share on other sites

Hm? So it is a false positive. I thought it was rather ironic that 5 days ago SAS did not detect and now it is being detected as malicious!!!! Does this mean that the SAS databse is "living" in the past? I understand that the database must be "flushed" to make room for new files, but once it is added to the exclusion list shouldn't it stay there so users don't quarantine those files that inevitable cause corruption in their installed software.

Guess I better ask my OP if Google Earth was intentionally installed and if so, let him know that he may have to uninstall and reinstall unless their is an option to access quarantine and restore the file to it's original glory.

Thanks for the replies. Very helpful.

Donna :)

Share this post


Link to post
Share on other sites

Hello, getting rather brassed off at having to re-install google earth every time I want to use it, I also have to re-install adblocker every morning thrant.gif

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

×