Jump to content

Realtek audio drivers for Gigabyte mobo detected as Trojan.Agent (FP?)


Recommended Posts


MBAM is returning the file mb_driver_audio_realtek_azalia.exe as Trojan.Agent. I downloaded this file directly from my motherboard manufacturer while doing weekly maintenance. Conducted custom file scans (using context menu) prior to opening it with Kaspersky and Spybot S&D - neither found a threat. Im thinking this is either a FP, or the heuristics is just a bit aggressive on .exe files. Here is a developer log from the scan:

Database version: v2012.01.16.01

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Scott :: AVA-375908-1 [administrator]

Protection: Disabled

1/16/2012 8:52:01 AM

mbam-log-2012-01-16 (08-52-01).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 298356

Time elapsed: 3 minute(s), 42 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Users\Scott\Local Settings\Temporary Internet Files\mb_driver_audio_realtek_azalia.exe (Trojan.Agent) -> Quarantined and deleted successfully. [68e985acc79592a4fbf651466a9837c9]


I am unable to upload a copy of the file in .RAR format, as requested. Even compressed, this file is 98 MB in size, well in excess of the 20 MB allowed. Please advise should you need any further information, and thank you for your time.


Link to post
Share on other sites

  • Staff

One other thing to mention. You may have an slight issue with your system. There should never be an exe's files in this folder. This def is a heurisistic based on that rule. A normal working windows will simply not allow them to be saved there unless a program bypasses this and does it on purpose. If you browse to this folder it may look like they are in there but in actuallity they are located deeper in as below. This def has been around for 3 years and this is the first false positive report we had of it. Did you use any download manager maybe?

Normally all temp files/downloaded .exe's are stored inside randomly named folders deeper in the temporary internet files.


C:\Users\Scott\Local Settings\Temporary Internet Files\Content.ie5\043w3jy9\mb_driver_audio_realtek_azalia.exe

They would never be legitly stored here:

C:\Users\Scott\Local Settings\Temporary Internet Files\

Is this the only file you had a problem with?

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.