Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PE_Rom.dll trojan - not sure if it's a false positive


  • This topic is locked This topic is locked
2 replies to this topic

#1 korlat

korlat

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:33 PM

Posted 30 December 2015 - 05:35 PM

Hi

 

I have a windows 7 operating system and have mcafee total protection as well as MBAM (malwarebytes anti-malware).

 

On startup of my machine and occasionally when running, mcafee informs me it has quarantined a trojan - Artemis! - 9E52F321A396. This file is continually re-created, and has been quarantined multiple times.

 

I don't know if this is a false positive or not.

 

Other points to note -

 

I see no other signs of an infection.

 

MBAM does not flag this file as a trojan.

 

The file is edited so that when i startup, the file size is 5109KB and then changed to a size of 1024KB - when the file size is 1024KB mcafee quarantines it.

 

I searched online and read other posts on this forum and believe the PE_Rom.dll file is related to my ASUS motherboard and the ASUS suite software i have installed.

 

If i run Asus ez update the file is changed back to a 5109KB size and the update appears to run ok (nothing requires updating)

 

I upload both files 1029KB and the 5109Kb to virus total - the 5109KB - 0/54 detection - the 1029Kb - 7/54 detection list of results where

- AVware - Trojan.Win32.Generic!BT

- Comodo - UnclassifiedMalware

- Mcafee - RDN/Generic.dx

- Mcafee-GW-Edition - RDN/Generix.dx

- Sophos - Mal/Generic-S

- Symantec - Trojan.Gen.SMH.2

- VIPRE - Trojan.Win32.Generic!BT

 

Does anyone know if this is a real infection or just a false positive? I searched a few of the register key locations where previous PE_rom.dll viruses created register keys and i see none of these.

 

Any help appreciated

 

Thanks

 



BC AdBot (Login to Remove)

 


#2 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:02:33 PM

Posted 01 January 2016 - 10:57 AM

Hi

 

With the information you have provided I believe you will need help from the malware removal team. I would like you to start a new thread HERE and include a link to this thread. Please make sure that you read the information about getting started before you start your thread.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient. Help is on the way!


Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#3 korlat

korlat
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:33 PM

Posted 01 January 2016 - 06:35 PM

Hi

 

I have created the thread in the linked topic

 

http://www.bleepingcomputer.com/forums/t/601043/pe-romdll-trojan-not-sure-if-its-a-false-positive/

 

Thanks for your response


Edited by korlat, 01 January 2016 - 06:57 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users