Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware Or False Positive?


  • Please log in to reply
2 replies to this topic

#1 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:03:09 AM

Posted 23 July 2008 - 12:05 PM

I have just done a scan with Kasperky AV, i changed all the scan settings to their highest and it found these 5 infections:

deleted: Trojan program Trojan-Downloader.Win32.CWS.fp File: C:\WINDOWS\SoftwareDistribution\Download\1edecfd398679471b89bb28b61fc583a1a19f244//PE_Patch/common\update.exe
deleted: Trojan program Trojan-Downloader.Win32.CWS.fp File: C:\WINDOWS\SoftwareDistribution\Download\30aee677e35c6a0669ba22afb9b63923e7c5d226//PE_Patch//CAB-file.cab/update\update.exe
deleted: Trojan program Trojan-Downloader.Win32.CWS.fp File: C:\WINDOWS\SoftwareDistribution\Download\3e4a91bc1328a49b3e4cb88c71ec696b9e147936//PE_Patch//CAB-file.cab/common\update.exe
deleted: Trojan program Trojan-Downloader.Win32.CWS.fp File: C:\WINDOWS\SoftwareDistribution\Download\525c6b6ee42e7a3ac28f488b00c6289a7281a71d//PE_Patch/update\update.exe
deleted: Trojan program Trojan-Downloader.Win32.CWS.fp File: C:\WINDOWS\SoftwareDistribution\Download\9c5b7af77a669a7388262248a95f9616b80d787e//PE_Patch//CAB-file.cab/common\update.exe

I have had no problems with my computer and my HijackThis log is clean, i have also done scans with MBAM, Spybot, Dr Web
and Ad-Aware which found nothing. I can't find any information on this Trojan so is it a false positive? and should i restore them if
so?

unite.jpg


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,914 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:09 PM

Posted 23 July 2008 - 07:42 PM

Hello try submitting them to Jotti's malware scan and/or Virustotal

the results will help a lot in determining that.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 syler

syler
  • Topic Starter

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:03:09 AM

Posted 23 July 2008 - 08:27 PM

Hey Boopme

I forgot to mention i did try submitting one of them to Virustotal when i found the infection and it came up infected by
Kaspersky(Obviously) and GData Which had the same name as Kaspersky for the infection. I have just submitted that
file again and the rest of them and they have come back clean, so i guess it was a false positive and that Kaspersky are
on the ball :thumbsup:

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users