Jump to content

Recommended Posts

Hi,

This morning, several of our computers have quarantined “QTtool Lite.exe”, which seems to be a Dell Backup and Recovery tool. Is this a possible false positive or a legit threat?  I attached a screenshot of the detection from the Malwarebytes Management Console.

Please advise.

 

 

qttoollite.JPG

Share this post


Link to post
Share on other sites

Same on my end. 4 machines in row. Would like to know if it is indeed an issue or a f/p.

Share this post


Link to post
Share on other sites

Same issue here. This is a Dell out-of-the-box application part of Dell Backup and Recovery Manager. Has anyone run mbam.exe /developer and uploaded the log files yet?

Share this post


Link to post
Share on other sites

Just ran this file through virustotal and it had a 2/61 detection ratio with CMC saying Trojan.Win32.Generic!O and Invincea result being virus.win32.sality.at. The only other thing virustotal detected was the Signature verification was out of its validity period. Would that make MB throw a red flag? 

Other information is this QTtool Lite was only detected on Dell E7240 models. Currently only our UK systems have had their daily scan so I will be posting more results as of 11AM EST for all of our US systems that will scan as well.

Edited by TigerRisk-SI

Share this post


Link to post
Share on other sites

Same issue here--US systems. Latitude models 3440 / 3450.

Edited by skyppy

Share this post


Link to post
Share on other sites
15 minutes ago, TigerRisk-SI said:

Just ran this file through virustotal and it had a 2/61 detection ratio with CMC saying Trojan.Win32.Generic!O and Invincea result being virus.win32.sality.at. The only other thing virustotal detected was the Signature verification was out of its validity period. Would that make MB throw a red flag? 

Other information is this QTtool Lite was only detected on Dell E7240 models. Currently only our UK systems have had their daily scan so I will be posting more results as of 11AM EST for all of our US systems that will scan as well.

Please see the attachment of results from virustotal. There were 3 detection's this time from a completely different file on a different system that hasn't been scanned by MB.

Capture.PNG

Share this post


Link to post
Share on other sites

I emailed Malwarebytes Corporate Support after posting this and they replied back stating that this is a false positive and that this will be fixed in the next database update v2017.05.10.02.

Share this post


Link to post
Share on other sites

It was not fixed in v2017.05.10.02

5/10/2017 1:15:53 AM Database upgraded to version v2017.05.10.02
5/10/2017 2:00:00 AM Executing scheduled scan
Threat Detected

v2017.05.10.03 came out around 4:00AM CST
v2017.05.10.04 came out around 6:00AM CST
v2017.05.10.05 came out around 9:00AM CST

Can we get confirmation this has been remediated?

Share this post


Link to post
Share on other sites

On one of the clients' PCs, I restored QT Tool Lite.exe and ran a full scan on it. It didn't quarantine the item this time. The database during the scan was v2017.05.10.06. I'm going to try the other PCs.

Share this post


Link to post
Share on other sites

I restored QT Tool Lite.exe on the PCs and did a full scan on them. No threats detected now after restoration of the file.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.