Messages

1

RogueKiller / Re: ===> False Positives <===

« on: September 09, 2024, 09:16:30 PM »

Actually, I was busy with something completely different and came across this article...

https://www.adlice.com/google-chrome-secure-preferences/

...which in turn made me curious about RogueKiller.

I used it on my main system (Win10x64 Pro) and found a (single) malware (see also attached report): In the file folder C:\Program Files\Firefox is supposedly the "potential malware" PUP.Ghokswa. I uninstalled Firefox completely and reinstalled it - result: PUP.Ghokswa is still (or again) in the file folder C:\Program Files\Firefox.

I then ran RogueKiller in three VMs: Win7x64, Win8.1x64 and Win10x64. In all three VMs, RogueKiller found the "potential malware" PUP.Ghokswa in the file folder C:\Program Files\Firefox (see attached reports*).

Can I assume that these reports are false positives?

Regards,
Ransom

* Although RogueKiller offers to export a report as a text file, this does not work. It only works as a *.json file. The text files here were converted with the following online converter:

https://products.aspose.app/cells/de/conversion/json-to-text