Jump to content
Sign in to follow this  
Followers 0
Victor2K

False Positive Trojan/Dropper at Chrome file?

By Victor2K, in False Positives

Recommended Posts

Victor2K   

Victor2K
Posted

DUring a scan I did today, it appeared that a file from Google Chrome was pointed as a Trojan.Agent/Gen.Dropper

 

C:\USERS\USUARIO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\FILE SYSTEM\003\T\00\00000016 (file has no extension)

 

Used VirusTotal to scan the file and all bar two (SAS included) said the file was clean

 

If you want to check the file better I will zip it and upload it. Will add Virus Total's results

 

https://www.virustotal.com/pt/file/bc1acb6f67cf38755b4a666c0e859b1012de1fd581bd27db6e88e384863ffbd5/analysis/1440733876/

 

 

(MBAM and MSE did not detected any activity of Trojans and stuff in my system during recent scans (all done today)

Share this post

Link to post
Share on other sites

SAS Malware Research   

SAS Malware Research
Posted

Hello Victor2K,

 

From the file path this looks to be part of an unwanted program (possibly related to Somoto), which would mean it is incorrectly being detected as a Trojan.

 

I'll have to take a closer look to be sure. I will message you with my email address and if you could zip and send me the file that would be very helpful.

 

SUPERAntiSpyware Malware Research

Share this post

Link to post
Share on other sites

SAS Malware Research   

SAS Malware Research
Posted

Thank you for sending me that file. I believe I have found the cause of the false detection. I have adjusted the definition database, and that file should no longer be detected as of database version 12036 (which will be released this afternoon).

 

Update to version 12036 and scan again (a restart of SAS may be necessary).

 

Please let me know if this solves the false detection, or if you have any other questions or concerns,

SUPERAntiSpyware Malware Research

Share this post

Link to post
Share on other sites

Victor2K   

Victor2K
Posted

okay. Thanks for helping it. Will do that right now

 

EDIT: SAS updated me for the previous database version (12035), thus still gives the file as a virus. The 12036 did not appeared for me to be updated at the SAS upgrade check

Share this post

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0
Go To Topic Listing
×
×
  • Create New...