Jump to content

False positive on Process Lasso


bitsum
 Share

Recommended Posts

User reported false positive on Process Lasso as 'trojan.agent.gen'. (no further details yet).

 

Probably affected report builds:

32-bit Workstation - https://bitsum.com/files/processlassosetup32.exe

64-bit Workstation - https://bitsum.com/files/processlassosetup64.exe

 

Ancillary builds possibly affected:

32-bit Server Edition - https://bitsum.com/files/server/processlassosetup.exe

32-bit Server Edition - https://bitsum.com/files/server/processlassosetup64.exe

 

Domains:

https://bitsum.com

https://processlasso.bitsum.com

 

Thank you for your prompt attention to this matter!

 

Link to post
Share on other sites

Hi,

Thanks for checking, and sorry no false positive was found in them. I will direct the user here and request logs.

 

Since those were clean, it's *possible* it came from our auto-update module as well, which is definitely a likely false positive candidate since it's an SFX package:

 

URLs:

bitsum.com/files/auto/pl4sfx.exe

bitsum.com/files/auto/64/pl4sfx.exe

http://bitsum.com/files/auto/pl4sfx_server.exe

http://bitsum.com/files/auto/64/pl4sfx_server.exe

 

Thanks!

Link to post
Share on other sites

I really appreciate you taking this matter seriously and apologize we haven't hit the source of the false positive yet. The user has not responded back (maybe scared away, I dunno).

 

We DID have a report of the SAME detection name on our CPUEater Demo (which induces a high load to show off our ProBalance algorithm) by Clean.Mx, though VirusTotal doesn't show any false positive with MalwareBytes, only 3 of 63 scanners, and those 3 of low quality. Also, our digital signature and time-stamp is in-tact on both the following.

https://bitsum.com/files/CPUEaterDist32.exe

https://bitsum.com/files/CPUEaterDist64.exe

 

If you could please check these LAST TWO, then I will get out of your hair, satisfied if there was a problem, it has been resolved, unless I hear from the user with more info, or get any other data.

Thanks!

Link to post
Share on other sites

I have the same detection on my system; XP Home SP3 and Process Lasso v8.2.

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/15/2015
Scan Time: 9:38:24 AM
Logfile:
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.09.15.04
Rootkit Database: v2015.08.16.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Russ

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 301032
Time Elapsed: 5 min, 11 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Warn

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 1
Trojan.Agent.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Pr, "C:\Program Files\Process Lasso\processgovernor.exe", , [62ced06003885bdbd5c09039c24255ab]

Registry Data: 5
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|AntiVirusDisableNotify, 1, Good: (0), Bad: (1),,[979972be4d3e9e98a592194d1aebbc44]
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UpdatesDisableNotify, 1, Good: (0), Bad: (1),,[7ab663cd0883e94d18215b0b768f1ae6]
PUM.Hijack.StartMenu, HKU\S-1-5-21-1292428093-1220945662-682003330-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED|Start_ShowHelp, 0, Good: (1), Bad: (0),,[ee4262ce7219c3736d392245b05523dd]
PUM.Hijack.StartMenu, HKU\S-1-5-21-1292428093-1220945662-682003330-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED|Start_ShowMyDocs, 0, Good: (1), Bad: (0),,[ce62151b5b307db9f3b50760ee17af51]
PUM.Hijack.StartMenu, HKU\S-1-5-21-1292428093-1220945662-682003330-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|StartMenuLogoff, 1, Good: (0), Bad: (1),,[aa86f23e9deef541515b22459a6b58a8]

Folders: 1
PUP.Optional.APNToolBar.Gen, C:\Documents and Settings\All Users\Application Data\APN\APN-Stub, , [be7253dd810aa096b01c1be2e71b946c],

Files: 1
Trojan.Agent.Gen, C:\Program Files\Process Lasso\ProcessGovernor.exe, , [62ced06003885bdbd5c09039c24255ab],

Physical Sectors: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.