Jump to content

possible false positive


gpigeon

Recommended Posts

Hi,

I'm getting a Trojan.Banker on a Setup.exe I created using InstallShield for my company.

McAfee did not detect this so I would like to know how I can determine if it's a false positive.

I'm including the log but is there a way to cross reference the long number in brackets added to the log

with the developer switch to something internal in my Setup.exe?

I can't include my Setup.exe because I work for a government contractor with security restrictions.

thanks in advance for your help!

mbam_log_2010_12_23__14_17_00_.txt

Link to post
Share on other sites

Hi,

I'm getting a Trojan.Banker on a Setup.exe I created using InstallShield for my company.

McAfee did not detect this so I would like to know how I can determine if it's a false positive.

I'm including the log but is there a way to cross reference the long number in brackets added to the log

with the developer switch to something internal in my Setup.exe?

I can't include my Setup.exe because I work for a government contractor with security restrictions.

thanks in advance for your help!

Link to post
Share on other sites

If you want to use root as a storage folder us the ignore list on any FPs there, we don't let you get away with much there and in other root folders where files should not be executed.

Thanks for the reply.

I'm not storing this exe at root level and there are many other non-FP exes at the same folder level as this one.

Is there anything I can search for in the exe with a binary editor to confirm the FP?

Link to post
Share on other sites

Thanks for the reply.

I'm not storing this exe at root level and there are many other non-FP exes at the same folder level as this one.

Is there anything I can search for in the exe with a binary editor to confirm the FP?

I mean it was declared a trojan but I would like to know how to tell if it's real or a FP.

There must be something within the exe to look for with a binary editor.

thanks again!

Link to post
Share on other sites

I mean it was declared a trojan but I would like to know how to tell if it's real or a FP.

There must be something within the exe to look for with a binary editor.

thanks again!

I uploaded another log from our build server.

I noticed any machine I run the scan on reports the same registry key as being infected. Is this real or another FP?

Also, there are a few .DAT files reported as containing the trojan. Are they being used by the scanner and possibly

why we're getting the hit on the exe?

mbam_log_2010_12_27__10_18_45_.txt

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.