Adlice forum
Software feedback => RogueKiller => Topic started by: mark_a_l on June 01, 2018, 03:35:25 PM
-
Not sure where to post this, but I just got this detection for the first time. I am using the portable version so I am not sure where the log file is kept.
In any case it said the folder C:/Users/XXXX/AppData/Local/WindowsUpdate detected TR.TechSupportScam (XXXX is my profile name). I could find no reference to this that named malware with Google, and the folder and the contents tempauthcab.cab are dated 2012 and has a Microsoft signature. False positive?
-
Hi Mark,
Welcome to Adlice.com forum and thanks for your feedback.
If the file is signed, this is likely a false positive. Could you please attach RogueKiller JSON report with your next reply ?
To export a report, go to the "History" tab, then to the "Scan Reports" section.
There, do a double click on the report where this item has been detected, then click on the "Export json" button and save it on your desktop.
Regards.
-
Here is the file. The other detections are "normal" and I always just ignore them. I ran some other malware detection on that same folder and none hit on it. V 12.12.15.0 and prior did not hit on this folder.
-
Hi Mark,
Thanks.
Is your computer part of an enterprise network ? Could you please zip the whole WindowsUpdate folder and attach the produced archive with your next reply ?
Regards.
-
No it is not. Just a regular Windows 7 install. Attached is the a zipped file of the whole folder.
-
Hi Mark,
Thanks for your feedback. This is indeed a false positive.
We will whitelist this detection as soon as possible.
Regards.