Jump to content

Possible false positive in C:\Program Files (x86)\SysInternals\ntfsinfo.exe


Recommended Posts

Detected today, last run full scan 2 mo ago. . Temp securing of file was to lock file in place and disable all read and execute, including admin, SYSTEM etc. OS: Windows 8.1/64bit.

Other info (why I think possible false positive):

  • I don't run as admin unless changing config, to insert the OS itself would need to be compromised.
  • Browsing is done with Noscript, Addblock
  • Separate firewall at network entrance to house.
  • ntfsinfo64.exe showed up clean
  • Dates on ntfsinfo64.exe and ntfsinfo.exe are 3 minutes apart, matching pattern with other dates in SysInternals directory and date relations between 64bit executable and 32bit executable.
  • Sizes are very similar between ntfsinfo64.exe and ntfsinfo.exe with the 64bit version being slightly larger, also matching relation between other 32bit and 64bit files in that directory.
  • Recently updated database, previous database did not flag this file.

Bruce J.

Detection of Program Files(x86)-SysInternals-ntfsinfo.exe as Malware.txt ntfsinfo.zip

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.