Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Faergor

Pages: 1 [2] 3
16
RogueKiller / Trojan Flystudio False positive or real?
« on: April 05, 2019, 12:50:56 am »
Hello,
I scanned my computer with roguekiller, eset online scanner,malwarebytes, malwarebytes mbar.
Malwarebytes Mbar found this as infected file. File located in winrar folder called Default.SFX.
I uploaded file to virustotal and more antivirus programs picked it up.
https://www.virustotal.com/#/file/0a2484026f989bbc29caba5873ac9c0a64ecad529b76f08a50cb1ec470b04453/detection

Then I scanned my computer with Malwarebytes and it caught this:

Trojan.FlyStudio, C:\PROGRAMDATA\MALWAREBYTES' ANTI-MALWARE (PORTABLE)\DEFAULT.SFX-K.MBAM, No Action By User, [8009], [664683],1.0.10008
Trojan.FlyStudio, C:\PROGRAMDATA\MALWAREBYTES' ANTI-MALWARE (PORTABLE)\DEFAULT.SFX-U.MBAM, No Action By User, [8009], [664683],1.0.10008
Trojan.FlyStudio, C:\WINDOWS\TEMP\AVAST_ASH2\WINRAR ARCHIVER (64 BIT)\WINRAR-X64-570CZ.EXE, No Action By User, [8009], [664683],1.0.10008

I am attaching the file.
Is this please false positive or real? Thanks.

17
RogueKiller / Re: [PUM.StartMenu (Potentially Malicious)]
« on: February 18, 2019, 10:19:19 pm »
Oh,ok,so its safe :).
Thanks a lot, again :D

18
RogueKiller / Re: [PUM.StartMenu (Potentially Malicious)]
« on: February 18, 2019, 10:35:03 am »
This is the second log.

19
RogueKiller / [PUM.StartMenu (Potentially Malicious)]
« on: February 18, 2019, 10:34:40 am »
Hello, I scanned my computer with roguekiller and it showed this, is this please false positive?

I have 2 logs, one was found at first, and other one later, I dont think they are identical.

I will upload another log in next reply.

20
RogueKiller / Re: MBR:Yurn-A (RTK) in new RGK signatures
« on: February 15, 2019, 08:38:01 pm »
Ok:)
I am very very sorry for asking so many questions. I think I may be annoying with them sometimes. I am kind of a person who needs reassurement and explanation :).

I greatly appreciate your help and support. Thanks a lot.
In that case I will completely ignore the detection :)

21
RogueKiller / Re: MBR:Yurn-A (RTK) in new RGK signatures
« on: February 15, 2019, 07:28:56 pm »
Oh, ok, so in other words:
It is a line of code you put in rgk signatures that is used to detect specific viruses, such as the one that showed up on avast and avg.

1. So, it was not virus at all that I found, but only line  of code you put in signatures used to detect it.
2. So I never had virus at all?
3. Why have they mentioned that detection was real and not false positive then?
4. Should I ignore this detection completely, im safe,right?:)

Thanks and again sorry for so many questions, this freaked me out.

22
RogueKiller / Re: MBR:Yurn-A (RTK) in new RGK signatures
« on: February 15, 2019, 06:50:44 pm »
I received reply from AVG.

"Hello,

Thank you for contacting AVG.

Our virus specialists have been working on this request and they confirmed this detection is correct.

We understand it is unpleasant, and we will be happy to analyze the file again as soon as it matches our guidelines. Please refer to the following article about the AVG virus policy"


I think they mean the file was not false positive, but actual virus.
I uploaded the file here:
https://www.avg.com/en-us/false-positive-file-form

I had a false positive form picked. I explained the issue to them as well. That happened yesterday.

1.You guys of course scanned the file unzipped,right? It is not detectable when zipped.
2.have they made a mistake with the detection? I think they say it is a real threat, while you say its not.

What should I do? Ignore what they said? How come it showed up as a virus and they claim its real?
Thanks :)


23
RogueKiller / Re: MBR:Yurn-A (RTK) in new RGK signatures
« on: February 15, 2019, 04:44:23 pm »
One thing popped my mind.
Stupid question, Im sure for 99,99% that you did,but:
You scanned the file I uploaded unzipped,right?:D

I was not able to detect it with avast when it was zipped, once I unzipped it, it was detected by avast right away (the previous versions that were detectable)

Thanks and sorry for so many (and some stupid) questions :D

24
RogueKiller / Re: MBR:Yurn-A (RTK) in new RGK signatures
« on: February 15, 2019, 12:02:39 pm »
Thanks a lot :D.
You guys are doing a great job.
Sorry for asking so many questions and making sure. Appreciate it a lot:)

25
RogueKiller / Re: MBR:Yurn-A (RTK) in new RGK signatures
« on: February 15, 2019, 11:33:34 am »
No,not anymore.
I have newer signature 20190210_151546 and I no longer detect it with avast. I sent file mbr to avast and avg yesterday and explained issue to them.
Still waiting until they let me know result of analysis and hopefully exclude this.

Ok,so,2 questions:
1.is there possibility that perhaps this mbr file got infected on my computer?
OR
2. My mbr file was false positive all along? Have you please scanned the file I uploaded here (the one that was being flagged as a virus) and can you confirm that my file was false positive all along and certainly was not infected?
It was never found by anything other than avast.

Thanks :D just want to make sure that my file was never infected in first place.

26
RogueKiller / Re: MBR:Yurn-A (RTK) in new RGK signatures
« on: February 14, 2019, 08:40:44 pm »
I downloaded 20190214_084435 signature and it still shows same virus.
I uploaded the file here for analysis.
I sent avg and avast email regarding this issue as well, hopefully they will resolve this.

I am going to look if there is newer signature after this one, you mentioned that you fixed this.

I will try and let you know if it will still show up :D

27
RogueKiller / Re: MBR:Yurn-A (RTK) in new RGK signatures
« on: February 14, 2019, 05:42:10 pm »
great,thanks mate :)

28
RogueKiller / Re: MBR:Yurn-A (RTK) in new RGK signatures
« on: February 14, 2019, 05:24:58 pm »
I know, it is part of the signature database, but could version of this file be malicious?
Can you scan this file I uploaded please and verify if this is real or false positive?
I mean, if by any chance it slipped through your radar when you were uploading the signatures, or if not, then if it got infected on my computer by something else?

I downloaded even newer database today, half an hour ago, so I suppose this hould be safe, but perhaps older one was unsafe.

29
RogueKiller / MBR:Yurn-A (RTK) in new RGK signatures
« on: February 14, 2019, 04:27:03 pm »
Hi, I had no problems before, but I downloaded the newest signatures 20190213_112737, and I found in C:\ProgramData\Roguekiller\signatures\mbr a thing called MBR:Yurn-A (RTK) this trojan, or whatever it is.
It was found by avast.

I am for some reason no longer even able to upload anything to virustotal, it says "Please answer the following puzzle to help us prevent abuse", doesnt let em upload either that mbr file or any other to virustotal.

I commonly scan my computer with roguekiller, avast, eset online scanner (its a one time scan only), malwarebytes and mbar. Nothing was found. Only avast found this file.
Thanks

I am uploading this file here to this post,can you please check it? Thanks

edit: I was able to upload file to virustotal,and it found this:
https://www.virustotal.com/#/file/81f2e7a10c7f5b46134756822c22d363659d1ead7999a75373a8f165d1b7309f/detection

file is flagged as same virus by both avg and avast, but nothing else.

30
Thanks a lot buddy :). Appreciate your help.
One last question: what is HJ.Name actually? What kind of infection is it and what damage does it cause?

Ofc,you said it is very likely to be false positive.
But if it wasnt, and it was real,what does it do? Thanks a lot :)

Pages: 1 [2] 3