Jump to content

FP on HP photosmart?


myrti

Recommended Posts

Hi,

possible/probable false positive on the HP photosmart essential. The file is downloadable here: ftp.hp.com/pub/united-states/pse/pse_350_enu.exe

When the file is located in Temporary Internet Files, it gets detected as trojan.agent. No detection when it resides in another location (eg T:\)

The log:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4117

Windows 5.1.2600 Service Pack 2

Internet Explorer 6.0.2900.2180

5/19/2010 2:01:12 PM

mbam-log-2010-05-19 (14-01-12).txt

Scan type: Quick scan

Objects scanned: 109361

Time elapsed: 1 minute(s), 32 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Documents and Settings\myrti\Local Settings\Temporary Internet Files\pse_350_enu.exe (Trojan.Agent) -> No action taken. [C53626311C55A2193448C2597797B227]

regards myrti

Link to post
Share on other sites

Is your VM set to violate the typical structure to make getting at the files easier?

C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\****SYSTEM FOLDERS***\pse_350_enu.exe

This is where the file goes in a real environment. Nothing other than system folders goes into TIF root. MBAM wont let you get away with much in TIF root as no normal circumstances puts files there and explorer cant browse it normally when the current user matches the folder you are in. Instead of the system folders explorer will jump right to the actual files in the system folders making file in the real TIF root invisible.

HP is super common and we have millions of users. If this was a real FP this would not be the first report.

Link to post
Share on other sites

Hi,

No I haven't changed anything on my VM, but I am still running IE6 on it.

I originally got alerted to this because of this thread at BC where the file was deleted: http://www.bleepingcomputer.com/forums/topic317515.html

While looking for a possible matching file, I found HP PhotoSmart and tried to download it, which left me with the detection I posted.

This being said, deleting a file from a temp folder is not a big issue and I doubt many people will actually be bothered by it, besides the occasional helper that needs to identify the file. :)

I consider this an FP and that's why I posted it here. If you want to share this point of view is your choice. I can totally understand when you decide not to follow up on this since the presence of the file will have no further impact on the PC after it has (or not) been run through IE.

regards myrti

Link to post
Share on other sites

It would seem that HP does not want you to actually get your hands on this file (by selecting a drop location explorer cant get to) or they have made some kind mistake in drop location .

Seems I am going to have to work around their ineptitude .

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.