Jump to content

Recommended Posts

Hi,

This morning, several of our computers have quarantined “QTtool Lite.exe”, which seems to be a Dell Backup and Recovery tool. Is this a possible false positive or a legit threat?  I attached a screenshot of the detection from the Malwarebytes Management Console.

Please advise.

 

 

qttoollite.JPG

Link to post
Share on other sites

Just ran this file through virustotal and it had a 2/61 detection ratio with CMC saying Trojan.Win32.Generic!O and Invincea result being virus.win32.sality.at. The only other thing virustotal detected was the Signature verification was out of its validity period. Would that make MB throw a red flag? 

Other information is this QTtool Lite was only detected on Dell E7240 models. Currently only our UK systems have had their daily scan so I will be posting more results as of 11AM EST for all of our US systems that will scan as well.

Edited by TigerRisk-SI
Link to post
Share on other sites

15 minutes ago, TigerRisk-SI said:

Just ran this file through virustotal and it had a 2/61 detection ratio with CMC saying Trojan.Win32.Generic!O and Invincea result being virus.win32.sality.at. The only other thing virustotal detected was the Signature verification was out of its validity period. Would that make MB throw a red flag? 

Other information is this QTtool Lite was only detected on Dell E7240 models. Currently only our UK systems have had their daily scan so I will be posting more results as of 11AM EST for all of our US systems that will scan as well.

Please see the attachment of results from virustotal. There were 3 detection's this time from a completely different file on a different system that hasn't been scanned by MB.

Capture.PNG

Link to post
Share on other sites

It was not fixed in v2017.05.10.02

5/10/2017 1:15:53 AM Database upgraded to version v2017.05.10.02
5/10/2017 2:00:00 AM Executing scheduled scan
Threat Detected

v2017.05.10.03 came out around 4:00AM CST
v2017.05.10.04 came out around 6:00AM CST
v2017.05.10.05 came out around 9:00AM CST

Can we get confirmation this has been remediated?

Link to post
Share on other sites

On one of the clients' PCs, I restored QT Tool Lite.exe and ran a full scan on it. It didn't quarantine the item this time. The database during the scan was v2017.05.10.06. I'm going to try the other PCs.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.