Author Topic: Tr.TechSupportScam detected  (Read 6369 times)

0 Members and 2 Guests are viewing this topic.

June 01, 2018, 03:35:25 PM

mark_a_l

  • Newbie

  • Offline
  • *

  • 3
  • Reputation:
    0
    • View Profile
Tr.TechSupportScam detected
« on: June 01, 2018, 03:35:25 PM »
Not sure where to post this, but I just got this detection for the first time. I am using the portable version so I am not sure where the log file is kept.

In any case it said the folder C:/Users/XXXX/AppData/Local/WindowsUpdate detected TR.TechSupportScam (XXXX is my profile name). I could find no reference to this that named malware with Google, and the folder and the contents tempauthcab.cab are dated 2012 and has a Microsoft signature.  False positive?

Reply #1June 02, 2018, 03:08:36 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: Tr.TechSupportScam detected
« Reply #1 on: June 02, 2018, 03:08:36 PM »
Hi Mark,

Welcome to Adlice.com forum and thanks for your feedback.
If the file is signed, this is likely a false positive. Could you please attach RogueKiller JSON report with your next reply ?

To export a report, go to the "History" tab, then to the "Scan Reports" section.
There, do a double click on the report where this item has been detected, then click on the "Export json" button and save it on your desktop.

Regards.

Reply #2June 02, 2018, 07:26:03 PM

mark_a_l

  • Newbie

  • Offline
  • *

  • 3
  • Reputation:
    0
    • View Profile
Re: Tr.TechSupportScam detected
« Reply #2 on: June 02, 2018, 07:26:03 PM »
Here is the file. The other detections are "normal" and I always just ignore them.  I ran some other malware detection on that same folder and none hit on it. V 12.12.15.0 and prior did not hit on this folder.


Reply #3June 02, 2018, 09:45:25 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: Tr.TechSupportScam detected
« Reply #3 on: June 02, 2018, 09:45:25 PM »
Hi Mark,

Thanks.
Is your computer part of an enterprise network ? Could you please zip the whole WindowsUpdate folder and attach the produced archive with your next reply ?

Regards.

Reply #4June 03, 2018, 05:43:09 AM

mark_a_l

  • Newbie

  • Offline
  • *

  • 3
  • Reputation:
    0
    • View Profile
Re: Tr.TechSupportScam detected
« Reply #4 on: June 03, 2018, 05:43:09 AM »
No it is not. Just a regular Windows 7 install.  Attached is the a zipped file of the whole folder.

Reply #5June 03, 2018, 06:58:43 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: Tr.TechSupportScam detected
« Reply #5 on: June 03, 2018, 06:58:43 PM »
Hi Mark,

Thanks for your feedback. This is indeed a false positive.
We will whitelist this detection as soon as possible.

Regards.