blueshark Posted December 27, 2007 SuperAntiSpyware just detected a Trojan.Downloader-KRDPDRE, but it's in a folder I can't access. I want to upload it to VirusTotal to check it out. Trojan.Downloader-KRDPDRE C:\$ISR\2\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\JGAMEENP.SYS I believe it's in one of my FD-ISR snapshots and when I click on the folder, it says access denied. I am the only user with an Admin account. Please help me get to the file to see if it is a false positive. Thanks, blueshark Share this post Link to post Share on other sites
SUPERAntiSpy Posted December 28, 2007 SuperAntiSpyware just detected a Trojan.Downloader-KRDPDRE, but it's in a folder I can't access. I want to upload it to VirusTotal to check it out.Trojan.Downloader-KRDPDRE C:\$ISR\2\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\JGAMEENP.SYS I believe it's in one of my FD-ISR snapshots and when I click on the folder, it says access denied. I am the only user with an Admin account. Please help me get to the file to see if it is a false positive. Thanks, blueshark You would have to alter your permissions on the ISR folder, but I would not recommend doing that as you may damage the snapshot. If you do a quick Google search, you can see that file comes up lots of times: http://www.google.com/search?hl=en&q=JG ... gle+Search It's an infection. Share this post Link to post Share on other sites
blueshark Posted December 28, 2007 Hi, I booted up to that snapshot and found the file and uploaded it to VirusTotal. Here are the results 8/32. http://www.virustotal.com/resultado.htm ... 7b8fc2f7d5 The only thing I have added to that snapshot is my legal Battlefront game I have had for over a year. Ewido micro also didn't find anything. How do I get the file to you for analysis? Thanks, blueshark Share this post Link to post Share on other sites
SUPERAntiSpy Posted December 28, 2007 Hi, I booted up to that snapshot and found the file and uploaded it to VirusTotal. Here are the results 8/32. http://www.virustotal.com/resultado.htm ... 7b8fc2f7d5 The only thing I have added to that snapshot is my legal Battlefront game I have had for over a year. Ewido micro also didn't find anything. How do I get the file to you for analysis? Thanks, blueshark Looks like it indeed is an infection. Share this post Link to post Share on other sites
blueshark Posted December 28, 2007 This says it could be copy protection. I'm still hoping I'm clean. http://www.dslreports.com/forum/remark,15263193 Should I submit it to CastleCops? Thanks for your replies . Share this post Link to post Share on other sites