Download TrojanHunter Now
Free 30-day trial!
Latest TrojanHunter Version:
TrojanHunter 5.0
Order Now
License file delivered within minutes.
Welcome, Guest. Please Login or Register.
May 16th, 2008, 2:43am
   Mischel Internet Security Forum
   Malware
   Trojans (Moderators: Helena, Gavin_Coe, Magnus)
   TrojanHunter found Boqr.100		 « Previous topic | Next topic »
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print
   Author  Topic: TrojanHunter found Boqr.100  (Read 223 times)
newyorkjet
Newbie
*





   


Posts: 7
TrojanHunter found Boqr.100
« on: Mar 25th, 2008, 3:38am »		 Quote Quote  Modify Modify
TrojanHunter flagged Boqr.100 this morning:
 
Found trojan file: C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S4I2F1.EXE (Boqr.100)
 
Found trojan file: C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r30591\E_S4I2 F1.EXE (Boqr.100)
 
Double checked with AVG8 and SuperAntiSpyware - found nothing. Is this a False positive?
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5270
Re: TrojanHunter found Boqr.100
« Reply #1 on: Mar 25th, 2008, 4:30am »		 Quote Quote  Modify Modify
It certainly looks like it is a false positive.  Would you please submit the file E_S4I2 F1.EXE to Mischel Internet Security for final analysis.  Gavin will correct the rulesets accordingly.  The link below describes how to submit a file.
 
http://www.misec.net/forum/board/FAQ/1139308293
 
Are you sure your rulesets are up-to-date?
 
This FP was fixed some time back supposedly.  If you are a licensed user, run LiveUpdate to obtain the latest rulesets.
 
If you are non-licensed, manually update your rulesets via the instructions on the link below.
 
http://www.misec.net/trojanhunter/updating/
 
« Last Edit: Mar 25th, 2008, 5:14am by siliconman01 » IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
newyorkjet
Newbie
*





   


Posts: 7
Re: TrojanHunter found Boqr.100
« Reply #2 on: Mar 25th, 2008, 5:54am »		 Quote Quote  Modify Modify
Thanks siliconman01 for such a speedy response - another good reason for using TrojanHunter.
 
File zipped, passworded and sent to misec.net as requested.
 
I am a licensed user and updated this morning.Earlier scans (last week) did not report a problem with the file.
 
Marianna's file was E_S4I2K1.EXE  and not E_S4I2F1.EXE- maybe that's why the FP on my machine wasn't picked up?
 
Thank you.
 
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5270
Re: TrojanHunter found Boqr.100
« Reply #3 on: Mar 28th, 2008, 12:12am »		 Quote Quote  Modify Modify
newyorkjet,
 
Has this False Positive been fixed for you?
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
newyorkjet
Newbie
*





   


Posts: 7
Re: TrojanHunter found Boqr.100
« Reply #4 on: Mar 28th, 2008, 4:01am »		 Quote Quote  Modify Modify
Not yet Siliconman01.
 
I updated this morning to 27 March updates.
 
Regards
newyorkjet
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5270
Re: TrojanHunter found Boqr.100
« Reply #5 on: Mar 28th, 2008, 4:14am »		 Quote Quote  Modify Modify
Sorry, I'll get on the horn again.  Embarassed
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
newyorkjet
Newbie
*





   


Posts: 7
Re: TrojanHunter found Boqr.100
« Reply #6 on: Apr 3rd, 2008, 1:19am »		 Quote Quote  Modify Modify
Siliconman01, shall I resend the file to misec.net again? I don't know if it was received in good order.
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5270
Re: TrojanHunter found Boqr.100
« Reply #7 on: Apr 3rd, 2008, 1:39am »		 Quote Quote  Modify Modify
Yes, please re-send it.  Be sure it is zipped prior to sending.
 
I'll again holler for the gurus to fix this false positive.
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5270
Re: TrojanHunter found Boqr.100
« Reply #8 on: Apr 3rd, 2008, 1:59am »		 Quote Quote  Modify Modify
Also, you can add this file to your Ignore List if you want to.  I honestly do not know why it is taking so long for it to be fixed.   Embarassed
 
The link below shows how to add a file to the Ignore list.
 
http://www.misec.net/forum/board/FAQ/1204215058
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
Magnus
Administrator
*****



Ad astra per aspera.

   
WWW  

Posts: 4076
Re: TrojanHunter found Boqr.100
« Reply #9 on: Apr 3rd, 2008, 6:41am »		 Quote Quote  Modify Modify
Hi,
 
I've just uploaded a new rule file that should fix this. Can you confirm you are no longer getting this false positive after running LiveUpdate?
IP Logged
newyorkjet
Newbie
*





   


Posts: 7
Re: TrojanHunter found Boqr.100
« Reply #10 on: Apr 3rd, 2008, 7:17am »		 Quote Quote  Modify Modify
All fixed now - many thanks siliconman01 and Magnus.
 
Regards
newyorkjet
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5270
Re: TrojanHunter found Boqr.100
« Reply #11 on: Apr 3rd, 2008, 10:39am »		 Quote Quote  Modify Modify
Very glad you are finally fixed up .  Wink
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print

« Previous topic | Next topic »
Search
Members
Login
Register