Realtek audio drivers for Gigabyte mobo detected as Trojan.Agent (FP?)

[Scott720]

Hi,

MBAM is returning the file mb_driver_audio_realtek_azalia.exe as Trojan.Agent. I downloaded this file directly from my motherboard manufacturer while doing weekly maintenance. Conducted custom file scans (using context menu) prior to opening it with Kaspersky and Spybot S&D - neither found a threat. Im thinking this is either a FP, or the heuristics is just a bit aggressive on .exe files. Here is a developer log from the scan:

Database version: v2012.01.16.01

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Scott :: AVA-375908-1 [administrator]

Protection: Disabled

1/16/2012 8:52:01 AM

mbam-log-2012-01-16 (08-52-01).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 298356

Time elapsed: 3 minute(s), 42 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Users\Scott\Local Settings\Temporary Internet Files\mb_driver_audio_realtek_azalia.exe (Trojan.Agent) -> Quarantined and deleted successfully. [68e985acc79592a4fbf651466a9837c9]

(end)

I am unable to upload a copy of the file in .RAR format, as requested. Even compressed, this file is 98 MB in size, well in excess of the 20 MB allowed. Please advise should you need any further information, and thank you for your time.

-Scott

[shadowwar]

Can you give us a link to where to download the file from?

[Scott720]

Certainly, and thanks for the quick response. This file can be downloaded from Gigabyte at the following URL:

http://download.gigabyte.us/FileList/Driver/mb_driver_audio_realtek_azalia.exe

[shadowwar]

Thanks. This will be fixed in the next database update.

[shadowwar]

One other thing to mention. You may have an slight issue with your system. There should never be an exe's files in this folder. This def is a heurisistic based on that rule. A normal working windows will simply not allow them to be saved there unless a program bypasses this and does it on purpose. If you browse to this folder it may look like they are in there but in actuallity they are located deeper in as below. This def has been around for 3 years and this is the first false positive report we had of it. Did you use any download manager maybe?

Normally all temp files/downloaded .exe's are stored inside randomly named folders deeper in the temporary internet files.

example:

C:\Users\Scott\Local Settings\Temporary Internet Files\Content.ie5\043w3jy9\mb_driver_audio_realtek_azalia.exe

They would never be legitly stored here:

C:\Users\Scott\Local Settings\Temporary Internet Files\

Is this the only file you had a problem with?