Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Help, Is This A False Positive? Win32.trojan.downloader.banload.awy


  • Please log in to reply
4 replies to this topic

#1 Guest_RiceoRony_*

Guest_RiceoRony_*

  • Guests
  • OFFLINE
  •  

Posted 09 January 2008 - 09:33 PM

Hi, I'm new to the forum!

I just recently formatted my computer about 2 weeks ago and have been reinstalling all components.

After using Zone alarm security suite version 7.1 for Windows Vista, it detected win32.trojan.downloader.banload.awy

The stated infected file is FP_AX_CAB_INSTALLER.EXE which is located in C:\Windows\DownloadedProgramFiles\

A few sites state that this new file is from Adobe for the flash player, and gives the exact folder where it should be located.

Is this a false positive? Or is the file truly infected? Thanks.

My operating system is Windows Vista Home Premium, and my computer is a thinkpad T61

BC AdBot (Login to Remove)

 


m

#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,713 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN

Posted 11 January 2008 - 12:16 AM

Welcome to BC RiceRoni :flowers:

Here are two sites where you can upload the file. These sites will scan it with multiple scanners. This is generally a good idea if you are unsure about a file.

http://virusscan.jotti.org/

http://www.virustotal.com/

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,595 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:11 PM

Posted 11 January 2008 - 12:21 AM

Please post the results of the file scan in your next reply.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 Guest_RiceoRony_*

Guest_RiceoRony_*

  • Guests
  • OFFLINE
  •  

Posted 11 January 2008 - 10:29 AM

Well I submitted the file to ZoneAlarm and their labs determined it was a false positive,

"As of version 9.0.115.0 (November 21, 2007), swflash.cab from Adobe contains a silent/switchless installer named FP_AX_CAB_INSTALLER.exe. This new installer contains the Flash Player ActiveX files which were previously wrapped into swflash.cab directly."

So unlike all previous versions of Adobe flash player, this new file seems to facilitate the download of necessary components for the player.

:thumbsup:

thanks for your help though guys!

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,595 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:11 PM

Posted 11 January 2008 - 01:55 PM

That's good news. Thanks for posting the findings.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users