HoggyDog Posted February 22, 2015 Report Posted February 22, 2015 (edited) In the WideFS.zip download, my anti-malware program reported that the file WideFS Closer.exe contains Trojan.GenericKD.2079676. I submitted it to them for confirmation, and they just reported back that it was a false positive detection, and issued an update to their database. I tried to change the Title of this thread but the forum won't let me do that. Edited February 26, 2015 by HoggyDog
Ian P Posted February 22, 2015 Report Posted February 22, 2015 http://totalhash.com/analysis/bb35384a793600a2c6aa55709cbdceed2cabf910"Generic". "Suspicious". I'm afraid that it looks like your "beautiful" AV package has almost certainly generated a false positive... Which is normally Symantec's job! A search for more details about "Trojan.GenericKD.2079676" reveals nothing but that page, this forum post and a lot of other posts with similar, but non-identical references. Most of them are stated as false positives, with a few being actual threats. Rather amusingly, according to one AV website which didn't recognise 2079676, but did recognise "Trojan.GenericKD", the name is a term used by Microsoft Security Essentials (which says this isn't malware) and it should be removed by running MalwareBytes (which says this isn't malware). Pete is on holiday at present, so won't be able to comment, but it is definitely worth sending the files (or download links) to your AV provider, so that they can either investigate the included malware if it is present, or improve their detection routines if it is a false positive. Cheers, Ian P.
mgh Posted February 23, 2015 Report Posted February 23, 2015 If it contains a trojan why are you the only one to have problems?
Ian P Posted February 23, 2015 Report Posted February 23, 2015 Take a look at the link I posted, mgh - it shows the response of many different AV scanners to the file. A handful report it as being a "generic" trojan or "suspicious", which apart from zero-day attacks (which this clearly isn't, as the file has been in use for a while), pretty much always means it's a false positive. You'll notice that serial offender Symantec says the file is "suspicious.MH690". According to their site; "Suspicious.MH690 is a detection technology designed to detect entirely new malware threats without traditional signatures. This technology is aimed at detecting malicious software that has been intentionally mutated or morphed by attackers." (http://www.symantec.com/security_response/writeup.jsp?docid=2008-121617-3748-99) In other words, it's a heuristic detection. It looks like it might be a virus, which again means either a zero-day infection, or a false positive. As it cannot be a zero-day attack (i.e. released within the last few hours and as yet not assigned its own malware IDs by the AV companies) then it's a false positive. Ian P.
HoggyDog Posted February 23, 2015 Author Report Posted February 23, 2015 If it contains a trojan why are you the only one to have problems? Gee, I don't know! Why am I?
mgh Posted February 23, 2015 Report Posted February 23, 2015 Gee, I don't know! Why am I? Because it's a false positive. Kaspersky, MalwareBytes, Mcafee, and Microsoft Security Essentials (and others) state it isn't a virus.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now