Author Topic: Trojan Flystudio False positive or real?  (Read 7214 times)

0 Members and 1 Guest are viewing this topic.

April 05, 2019, 12:50:56 AM

Faergor

  • Newbie

  • Offline
  • *

  • 48
  • Reputation:
    0
    • View Profile
Trojan Flystudio False positive or real?
« on: April 05, 2019, 12:50:56 AM »
Hello,
I scanned my computer with roguekiller, eset online scanner,malwarebytes, malwarebytes mbar.
Malwarebytes Mbar found this as infected file. File located in winrar folder called Default.SFX.
I uploaded file to virustotal and more antivirus programs picked it up.
https://www.virustotal.com/#/file/0a2484026f989bbc29caba5873ac9c0a64ecad529b76f08a50cb1ec470b04453/detection

Then I scanned my computer with Malwarebytes and it caught this:

Trojan.FlyStudio, C:\PROGRAMDATA\MALWAREBYTES' ANTI-MALWARE (PORTABLE)\DEFAULT.SFX-K.MBAM, No Action By User, [8009], [664683],1.0.10008
Trojan.FlyStudio, C:\PROGRAMDATA\MALWAREBYTES' ANTI-MALWARE (PORTABLE)\DEFAULT.SFX-U.MBAM, No Action By User, [8009], [664683],1.0.10008
Trojan.FlyStudio, C:\WINDOWS\TEMP\AVAST_ASH2\WINRAR ARCHIVER (64 BIT)\WINRAR-X64-570CZ.EXE, No Action By User, [8009], [664683],1.0.10008

I am attaching the file.
Is this please false positive or real? Thanks.

Reply #1April 05, 2019, 12:19:45 PM

Faergor

  • Newbie

  • Offline
  • *

  • 48
  • Reputation:
    0
    • View Profile
Re: Trojan Flystudio False positive or real?
« Reply #1 on: April 05, 2019, 12:19:45 PM »
I would  also like to ask.
Avast was mentioned here:
Trojan.FlyStudio, C:\WINDOWS\TEMP\AVAST_ASH2\WINRAR ARCHIVER (64 BIT)\WINRAR-X64-570CZ.EXE, No Action By User, [8009], [664683],1.0.10008

Could it have been modified somehow and therefore roguekiller reports it as old version, or does it report it incorrectly? Thanks

Reply #2April 05, 2019, 04:34:12 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: Trojan Flystudio False positive or real?
« Reply #2 on: April 05, 2019, 04:34:12 PM »
Hi Faergor,

This this the output of a MBAM log, not a RogueKiller one.
However, this file looks suspicious, so I advise you to open a new thread on Malwarebytes forum to check this out.

Regards.

Reply #3April 06, 2019, 03:57:17 PM

Faergor

  • Newbie

  • Offline
  • *

  • 48
  • Reputation:
    0
    • View Profile
Re: Trojan Flystudio False positive or real?
« Reply #3 on: April 06, 2019, 03:57:17 PM »
Sure,thanks :).

Reply #4April 08, 2019, 10:32:19 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: Trojan Flystudio False positive or real?
« Reply #4 on: April 08, 2019, 10:32:19 PM »
Hi Faergor,

You are very welcome.

Regards.