Sign in to follow this  
mlcvli

Trojan.Win.32.Patched.aa!A2

Recommended Posts

Howdy y'all

I'm running Windows Vista Home Premium 32-bit, don't know which service pack or platform. I've got AVG free v. 9 ; A-Squared free v. 4.5 ; Windows Defender and Windows Firewall.

I've been to the AVG forum and other users have submitted the dodgy files to them. A message was posted on that forum on behalf of the AVG team yesterday at 11.40. The post confirms that the Trojan horse Generic 17.ASTI was a false alarm removed with virus database update released on 2010-04-07 23:03:41 CET.

I was not able to save the report due to the sequence of events - I visited the A2 forum and followed the advice about updating and re-scanning before I read the post about always saving a report.

The detection was as described by Holio in the post yesterday at 1.05 pm.

I'm sorry I was not able to send you a copy of the file in question. On the information you have received from other users, do you believe this to be a false positive? Does the fact that the Trojan does not show up on the A2 smart scan mean it is safe to eg do some online banking?

Share this post


Link to post
Share on other sites

Hi mlcvli,

I was answering your post in http://support.emsisoft.com/topic/1734-win32-trojan/

where you did not stated the file flagged but only the detection name

Thanks for creating a separate case as it was suggested

Since you are referring to the case by Holio and you did not have the consequences as he had after quarantining system file and there are no flaggings then the False positive was fixed by the latest update

... Does the fact that the Trojan does not show up on the A2 smart scan mean it is safe...

That is why such thighs are called False Positives -that is an Error on behalf of the security therefore you cannot call it a Trojan because it is not

for the future, as you've read already if you are not sure (especially when the flaggings are in the system area) in addition to saving the report - submit the items to the developers for analysis

My regards

Share this post


Link to post
Share on other sites

Hi Lynx,

Thanks for the advice. I've been thru quite a few posts on this and other forums and have saved some of the information for future reference. I'm reasonably confident about saving and attaching a report of anything similar if I'm ever confronted by it. I'm just not entirely sure about submitting the items to the developers for analysis. Could you put me in the picture as to what's involved in that?

Thanks again

mlcvli

Share this post


Link to post
Share on other sites
... I'm just not entirely sure about submitting the items to the developers for analysis. Could you put me in the picture as to what's involved in that?...

You are welcome

You can find all descriptions if you search a forum and/or read the Help file

this thread for example describes that and a bit more

Just to make it easier for you here are some details for the items listed there (reply #4):

1) when you have a detection – select the item; Right-Click and choose “Submit as false alert” from the pop-up menu.

You need to rescan after updates. You can use Custom Scan of the folder or even ShellExtension scan if the file was flagged as a Trojan for example. You don't need full scan all the time;

2) <<Submit file>> button if the item was quarantined.

Quarantined items are automatically rescanned unless the option set as “No re-scan”

If “Manual” you will get the dialogue for confirming rescanning.

If the update brought the fix for FPs -such then item(s) are restored by the Software;

3) the e-mail method mentioned: send attachment to [email protected]

Before submitting, create a password protected archive (ZIP or RAR) containing the file(s). Make sure the main body of the email contains the password for the compressed archive.

See description about archiving in this OffTopic thread

I hope the above makes it more “transparent”

My regards

P.S. there is such thing as submitting "New Malware". Please read what that means here

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.