Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

False Positive or Actual Infection?


  • Please log in to reply
5 replies to this topic

#1 HighTide1

HighTide1

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:03:08 AM

Posted 03 February 2016 - 05:32 PM

Hello fellow BleepingComputer users! Wow, its been a while since I've last visited this forum. Until recently, I've been keeping up with the advice given to me in my last main issue, Powelik, and my laptop has been running smoothly. However, recently, or more accurately, this morning, my ESET detected 2 variants of Kryptik.JIV, in the form of winconfig.exe and winconfignt.exe, two executables tied to my installation of jGrasp. What I am confused with, though, is whether these files were a false positive, or actual detection. On my laptop, I've verified the existence of those files in a legitimate installation, and the "detections" themselves were from a folder than was created by me, but unmodified for months. I've run Malware-Bytes Anti-Rootkit, along with ESET, and they seem to have no further problems. But, what I'm mainly concerned with is whether this was an actual infection or a false flag, so that I can determine if I really need to change my passwords. I'm mainly confused as to where I could have gotten the trojans from, as I've disabled Javascript for all websites I don't trust, and I don't actual visit many.



BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:08 AM

Posted 03 February 2016 - 05:44 PM

I suggest you post in Eset forum: https://forum.eset.com/

Attach files in question.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 HighTide1

HighTide1
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:03:08 AM

Posted 03 February 2016 - 06:07 PM

I... I can't figure out how to upload files in this editor. And I'm a bit fearful of restoring the files from quarantine to upload them... Any advice?



#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:08 AM

Posted 03 February 2016 - 08:17 PM

If you're sure those files came from jGrasp, which is a clean program, make a new post at Eset, provide download link: http://www.jgrasp.org/ and mention those two files names. They'll check it out.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 HighTide1

HighTide1
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:03:08 AM

Posted 03 February 2016 - 08:39 PM

How do I upload files to this post though? I've tried My Media, but I'm not given an option to upload a file. I've also run ESET on a past version of the file, which was the same size, and it didn't trigger. I'm just confused.



#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:08 AM

Posted 03 February 2016 - 08:44 PM

You don't need to upload anything. Please re-read my previous reply.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users