Search the Community
Showing results for tags 'trojan.kovter'.
Hello, I wasn't exactly sure where it was appropriate to post this, but I believe I have stumbled upon a false positive. Upon booting my PC, MBAM's daily scan informed me of a Trojan.Kovter in AppData\Local\Temp. In response to this, I ran a deeply thorough scan using MBAM, HitmanPRO, FRST, and FSS with no detections. I also went back and verified the processes running in Process Explorer, since I regularly check what's running on my machine anyway. Nothing about my computer use has been out of the ordinary for this to occur, so I have hypothesized two possible scenarios: A) A false positive B) WinRAR's license advertisements have delivered a successful payload. Scenario B sounds highly unlikely since this has been ongoing thing for some time and I have yet to notice anything outside the ordinary. The following is enclosed with this post: HitmanPRO: Default Scan log; free one-time scan. FRST: The FRST.txt and Addition.txt The following parameters have generated this log: Whitelist: Drivers Internet Processes Registry Services Optional Scan: Addition.txt List BCD 90 Days Files FSS: FSS.txt The following parameters have generated this log: RpcSs and PlugPlay Internet Services Security Center/Action Center System Restore Windows Defender Other Services MBAM: The initial log which triggered the alert, the thorough scan conducted thereafter, and the latest real-time protection logs against the IP's displaying the advertisements (I have others from previous instances of when I used WinRAR, but as I mentioned, up until now it has been benign). For all of the above (MBAM) logs, I have included both the text and xml formats of said logs. I was going to also upload the file in question to VirusTotal as an additional verification, but I decided against it due to the ambiguity of its threat status. Logs.7z