Download TrojanHunter Now
Free 30-day trial!
Latest TrojanHunter Version:
TrojanHunter 5.0
Order Now
License file delivered within minutes.
Welcome, Guest. Please Login or Register.
Jul 5th, 2008, 7:10pm
   Mischel Internet Security Forum
   Malware
   Trojans (Moderators: Helena, Gavin_Coe, Magnus)
   False Positive?		 « Previous topic | Next topic »
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print
   Author  Topic: False Positive?  (Read 336 times)
allenfr
Newbie
*





   


Posts: 5
False Positive?
« on: Sep 23rd, 2007, 3:36pm »		 Quote Quote  Modify Modify
I am running version 4.5, Build 918 with the 9-22-2007 update.  I ran a scan of my system last night and it identified two files - er.dll and tltran.dll - that are part of Turbo Tax 1999, 2000, 2001, and 2002 as containing trojans (Exploit.MS06-001.100).
 
I've been running Trojan Hunter since 6/24/2004 and scan my system between once/week to once/month and these have never been flagged before - I wonder if these aren't false positives?
 
Thanks,
Frank
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5468
Re: False Positive?
« Reply #1 on: Sep 24th, 2007, 12:29am »		 Quote Quote  Modify Modify
Based on the names, these appear to be false positives; however, name only is not enough to make the determination.  Please submit these two files er.dll and tltran.dll to Mischel Internet Security for analysis.  The link below describes how to submit a file.
 
http://www.misec.net/forum/board/FAQ/1139308293
 
It is recommended that you upgraded from V4.5 of TrojanHunter to V5.0.  
 
http://www.misec.net/forum/board/TrojanHunter/1189327431
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
allenfr
Newbie
*





   


Posts: 5
Re: False Positive?
« Reply #2 on: Sep 24th, 2007, 11:08am »		 Quote Quote  Modify Modify
I'll read the instructions/submit these two files, as requested, but you should know the following as well:
 
1. These two files have been on my system since March 2000.  I pulled the original Turbo Tax CD for my 1999 taxes and found these two files on it, so I copied/expanded the ones on the CD and ran a file compare against the ones that might be false positives and they match!  I don't think anybody was thinking about trojans back in 2000 - we had just gotten over the MS Word virus and were plagued with a rapidly increasing number of viruses at that time.
 
2. None of the other scans I've done with Trojan Hunter over the past 3 years (since I purchased my licenses) have found these files to be a problem.
 
Based on these two factors, I highly doubt that the two files are trojans - I think they are false positives, but I'll submit them so you verify and/or correct your updates accordingly!
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5468
Re: False Positive?
« Reply #3 on: Sep 24th, 2007, 11:56am »		 Quote Quote  Modify Modify
I suspect that your points are valid.  I've emailed Gavin about your thread/post here.  The submitted files will assist him in correcting the false positive rules.  
 
TrojanHunter was hard at work in 2000.  Except back then it was 5-10 or so trojans a month being discovered.  Cheesy
« Last Edit: Sep 24th, 2007, 11:59am by siliconman01 » IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
Gavin_Coe
Trojan Analyst
*****





   
WWW  

Posts: 1899
Re: False Positive?
« Reply #4 on: Sep 24th, 2007, 7:24pm »		 Quote Quote  Modify Modify
Thanks, these are fixed  Grin
IP Logged
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print

« Previous topic | Next topic »
Search
Members
Login
Register