Jump to content

FP: GoogleEarthSetup.exe

daledoc1

By daledoc1
in File Detections

 Share

Recommended Posts

daledoc1

daledoc1

Posted
Posted

Hi:

Just got a FP hit on an earlier version of the GoogleEarth setup file that's been on the computer for months.

https://www.virustot...sis/1348584368/

Virustotal:

SHA256: e9f6b43113ea1cc4e4dbb590ed6f436f07fe9cbd1bf403f6b2bdbb5df72da120 File name: GoogleEarthSetup-old.exe Detection ratio: 0 / 43 Analysis date: 2012-09-25 14:46:08 UTC ( 1 minute ago )

EDIT: My bad! I forgot to run the MBAM developer scan before I ignored the file that was detected on the original scan. So, I don't suppose it's of any use to you now, but I've attached it anyway. Sorry!

Thanks!

daledoc1

PS The setup file for the most recent version of the program is NOT detected by MBAM. Moreover, it's an outdated version of the program, so I can just delete the file from my downloads folder.

GoogleEarthSetup-old.zip

mbam-log-2012-09-25 (10-17-37).txt

mbam-log-2012-09-25 (09-42-26).txt

Link to post
Share on other sites
daledoc1

daledoc1

Posted
  • Author
Posted

Hi, again:

Just re-scanned with the current defs (2012.09.26.04) and the file was no longer detected.

So, even though I didn't hear back confirming it was a FP, I'll assume that was the case or that it was some sort of one-off MBAM hiccup.

Since it was an older version of the GoogleEarth setup file, I'll go ahead and delete it from the machine, anyway.

Thanks,

daledoc1

Link to post
Share on other sites
daledoc1

daledoc1

Posted
  • Author
Posted

Hi, AdvancedSetup:

Yes, I had already done that yesterday (see the original post) -- the first attached log with the earlier time stamp was the original, the later one was the /dev mode scan after restoring the file. :)

And the zipped file is attached, and virustotal said it was clean (0/43). :)

I knew it had to be a FP, as the file had been on the computer for months and was only detected the one time, yesterday AM.

Today's Quick scan, with the file restored to the downloads folder and with this AM's definitions, was clean.

Anyway, I think it might be a moot point, as it was an older, outdated version of the program that I don't need.

(The current version of the GE installer never was detected.)

Sorry for the trouble.

Thanks!

daledoc1

PS The only weird observation is that Sophos AV blocked a download of the current version of GoogleEarth the other day on a colleague's computer, detecting it as the same trojan. That rig was not running MBAM, but it does seem that several Google exe files are being (falsely) detected by a number of security apps these days?

I can

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.