Possible False Positive - Mischel Internet Security Forum

Jobs | About | Blog | Contact

Download TrojanHunter Now
Free 30-day trial!

Latest TrojanHunter Version:
TrojanHunter 5.2

Order Now
License file delivered within minutes.

Welcome, Guest. Please Login or Register.

Mar 12^th, 2010, 6:49am

   Mischel Internet Security Forum
   TrojanHunter
   TrojanHunter Scanner (Moderators: Helena, Gavin_Coe, Magnus)
   Possible False Positive

« Previous topic | Next topic »

Pages: 1

Notify of replies

Send Topic

Author

Topic: Possible False Positive (Read 428 times)

lykkegaard
Newbie

Gender:

Posts: 10

Possible False Positive
« on: Jun 21^st, 2009, 10:07am »

Quote

Modify

OS: Vista SP1
Ruleset datestamp: 2009-06-20

Found trojan file: C:\Windows\meta4.exe (Agent.4305)
Found trojan file: C:\Windows\MOTA113.exe (Agent.4320)

I will submit asap

Lykkegaard

IP Logged

Gavin_Coe
Trojan Analyst

Gender:

Posts: 2710

Re: Possible False Positive
« Reply #1 on: Jun 21^st, 2009, 10:26pm »

Quote

Modify

Hi,

These are both heavily packed or encrypted files and reek of malware but they are NOT. I will post more soon

Here are the results showing that while not much is clearly identified, the consensus is malware to some scanners

http://www.virustotal.com/analisis/7939dfbfe0860998c18a2949d7cc177e9fe39 3886aa4160887adf7a48f9a503c-1244532225

http://www.virustotal.com/analisis/350f4d9c3a9d016394a35152eb13ddfb9df62 5171eec838f71937da2c8d498c6-1245512536

« Last Edit: Jun 21^st, 2009, 11:56pm by Gavin_Coe »

IP Logged

Gavin_Coe
Trojan Analyst

Gender:

Posts: 2710

Re: Possible False Positive
« Reply #2 on: Jun 22^nd, 2009, 12:09am »

Quote

Modify

Lets let the files speak for themselves..

meta4.exe : Tagger for mp4's - uses iTunes format

MOTA113.exe : MOTA113 is an MP4/MOV ATOMchanger 1.13

Both files confirmed clean and will update again now. "Todays" update can be later

IP Logged