Software feedback > RogueKiller

===> False Positives <===

<< < (87/87)

Curson:
Hi Trombyl,

Thanks for your feedback.
This is indeed a false positive. It's now fixed in the latest signatures package.

You can safetly restore the deleted  files and folders from the quarantine.
Sorry for the inconvenience.

Regards.

Toomuch_:
Here are three false positives on my pc, virustotal does not report an infection on any of these files. I Believe these files are part of Absolute Home and office stolen computer tracker:

RogueKiller Anti-Malware V14.8.4.0 (x64) [Jan 13 2021] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.19042) 64 bits
Started in : Normal mode
User : samid [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Signatures : 20210203_130952, Driver : Loaded
Mode : Standard Scan, Scan -- Date : 2021/02/06 23:03:56 (Duration : 00:04:59)
Switches : -minimize

いいいいいいいいいいいい Processes いいいいいいいいいいいい

いいいいいいいいいいいい Process Modules いいいいいいいいいいいい

いいいいいいいいいいいい Services いいいいいいいいいいいい

いいいいいいいいいいいい Tasks いいいいいいいいいいいい

いいいいいいいいいいいい Registry いいいいいいいいいいいい

いいいいいいいいいいいい WMI いいいいいいいいいいいい

いいいいいいいいいいいい Hosts File いいいいいいいいいいいい

いいいいいいいいいいいい Files いいいいいいいいいいいい
[Tr.DoubleAgent (Malicious)] (file) rpcnetp.exe -- C:\Windows\System32\rpcnetp.exe -> Found
[Tr.DoubleAgent (Malicious)] (file) rpcnetp.exe -- C:\Windows\SysWOW64\rpcnetp.exe -> Found
[Tr.DoubleAgent (Malicious)] (file) rpcnetp.dll -- C:\Windows\SysWOW64\rpcnetp.dll -> Found

いいいいいいいいいいいい Web browsers いいいいいいいいいいいい

いいいいいいいいいいいい Antirootkit : 0 (Driver: Loaded) いいいいいいいいいいいい



Curson:
Hi Toomuch_,

Thanks for your feedback and welcome to Adlice.com Forum.
Could you please make an archive of these three files and attach it with your next reply ?

They are indeed part of Absolute Computrace, which can be used with malicious intents : Absolute Computrace Revisited
Is a Computrace module displayed in your computer BIOS/EFI ?

Regards.

Toomuch_:
Here are the three files attached and compressed. Absolute was offered by my OEM manufacturer at the time of purchase HP (Spectre X360). I installed it myself, so I assume it will show up in the UEFI however, I haven't checked. I can say that my laptop is still active and being tracked on the Absolute web portal.



Curson:
Hi Toomuch_,

Thanks for your feedback again.

These files are indeed part of the legit Absolute software. However, since these files can be present on computers where the user has not installed the software (Kaspersky's article) or was even used maliciously (bootkit Lojax, see Lojack Becomes a Double-Agent) we decided not to remove the detections.

However, it will now be classified as PUP (Potentially Unwanted Software) in lieu of Trojan since, like in your case, it can have legitimate purposes.
Thank for your understanding.

Regards.

Navigation

[0] Message Index

[*] Previous page

Go to full version