Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Agent/Gen-Downloader? False positive?


  • Please log in to reply
20 replies to this topic

#1 ohehunoi

ohehunoi

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:25 PM

Posted 11 February 2014 - 07:56 PM

Hi, I've been getting a Trojan.Agent/Gen-Downloader when running a scan using SuperAntiSpyware on Windows Vista (avast anti-virus and windows update all up to date) and the infected file is "drsupdate.17186803_RUNASUSER" in the "C:\ProgramData\NVIDIA\Updatus\Packages\000054c3" folder.

 

I had to format my computer and install everything again but this time install Windows 8 since I'm a bit paranoid and thought maybe Vista is vulnerable. But again this file showed up even though I had an anti-virus installed. I think it's installing by itself since it's a NVIDIA update for my video card but not sure. I tried scanning it using SuperAntiSpyware and it was clean but when I uploaded the file to virus total dot com, only SuperAntiSpyware showed up with the same Trojan.Agent/Gen-Downloader.

 

Is this a false positive? I'm just too confused because I'm not sure if it's a false positive or not since it says "Signed file, verified signature" on virus total but yet my SuperAntiSpyware isn't detecting it but it was detecting it when I had Windows Vista? Help would be appreciated.


Edited by ohehunoi, 11 February 2014 - 07:58 PM.


BC AdBot (Login to Remove)

 


#2 ohehunoi

ohehunoi
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:25 PM

Posted 11 February 2014 - 08:31 PM

Bump.

 

Anyone knows how to figure out if this is a false positive or not?



#3 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,230 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:09:25 AM

Posted 11 February 2014 - 09:07 PM

It is a safe file name and location... it seems legit. Some sites like System Explorer call it safe, I agree.

 

edit: superantispyware seems to be pinging this file... but no others.  It's non-essential, just rename it and put aside for if you need it later, if you are paranoid..


Edited by TsVk!, 11 February 2014 - 09:16 PM.


#4 ohehunoi

ohehunoi
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:25 PM

Posted 11 February 2014 - 09:19 PM

It is a safe file name and location... it seems legit. Some sites like System Explorer call it safe, I gree.

 

edit: superantispyware seems to be pinging this file... but no others.  It's non-essential, just rename it and put aside for if you need it later, if you are paranoid..

 

Oh okay... If it was a real legit threat then other scanners would detect it right?

 

I'm just wondering because I changed all of my passwords when I first saw the threat on superantispyware few days ago



#5 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,230 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:09:25 AM

Posted 11 February 2014 - 09:27 PM

I would say so, as it has been around a long time the signatures would have been passed to all the major anti-virus companies, many would recognise it now if it were a threat.



#6 ohehunoi

ohehunoi
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:25 PM

Posted 11 February 2014 - 09:39 PM

I would say so, as it has been around a long time the signatures would have been passed to all the major anti-virus companies, many would recognise it now if it were a threat.

 

Okay thank you. Is there a reason my superantispyware app isn't detecting it now but on virustotal and other online file virus scanners, superantispyware although updated with latest definition is still detecting it?



#7 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,230 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:09:25 AM

Posted 11 February 2014 - 09:49 PM

SuperAntiSpyware probably hasn't updated its definitions on VirusTotal et al...



#8 ohehunoi

ohehunoi
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:25 PM

Posted 11 February 2014 - 09:57 PM

SuperAntiSpyware probably hasn't updated its definitions on VirusTotal et al...

 

Oh because it said Update 20140212 but thanks for your assistance.



#9 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,230 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:09:25 AM

Posted 11 February 2014 - 10:09 PM

no problems :thumbup2:



#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,124 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:25 PM

Posted 11 February 2014 - 10:23 PM

You can submit the file(s) directly to SUPERAntispyware for further analysis as follows:
  • Launch SUPERAntispyware.
  • From the Main Menu, click System Tools & Program Settings.
  • Under System Tools, click Submit Malware Samples.
  • Browse to the location of the file, click on it to highlight and click Open to send it to the malware research team.
Alternatively you can report it at the False Positives Forum but they will probably ask you to submit a sample.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 ohehunoi

ohehunoi
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:25 PM

Posted 11 February 2014 - 11:43 PM

You can submit the file(s) directly to SUPERAntispyware for further analysis as follows:

  • Launch SUPERAntispyware.
  • From the Main Menu, click System Tools & Program Settings.
  • Under System Tools, click Submit Malware Samples.
  • Browse to the location of the file, click on it to highlight and click Open to send it to the malware research team.
Alternatively you can report it at the False Positives Forum but they will probably ask you to submit a sample.

 

 

no problems :thumbup2:

 


Thanks again but one last question. I was told to download HitmanPro and try to run that just to make sure its a false positive. Do you think it's worth doing that?



#12 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,230 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:09:25 AM

Posted 11 February 2014 - 11:54 PM

can't possibly hurt. let us know how you get along.



#13 ohehunoi

ohehunoi
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:25 PM

Posted 12 February 2014 - 12:00 AM

can't possibly hurt. let us know how you get along.

 

Okay is it a known application that I can trust to run though? Never heard of it



#14 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,230 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:09:25 AM

Posted 12 February 2014 - 12:28 AM

Yes, it is known and trusted. It is an advanced malware removal tool.



#15 ohehunoi

ohehunoi
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:25 PM

Posted 12 February 2014 - 12:38 AM

Yes, it is known and trusted. It is an advanced malware removal tool.

 

Okay. Done a default scan with HitmanPro and nothing was found so should be okay right? Thanks for your assistance.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users