Project: 7010 (Run 0, Clone 108, Gen 56)

[Robby_Firefox]

Hello,

Not sure if this is the right area to post this. Right now, am running Project 7010, 0-108-56 apparently with no issues.

However, am also running SuperAntiSpyware (SAS) in the background. It tagged a number of files as suspicious Trojan Agents. The main problem is "Trojan.Agent/Gen-Krptik.Process". Some of the ones (did not list them all) noted in a SAS popup include:

c:\program files\FAHClient\LIB\GKT-2.0\2.10.0\ENGINES\LIBPIXMAP.DLL
c:\program files\FAHClient\LIB\GKT-2.0\2.10.0\ENGINES\LIBEZLOOKS.DLL
c:\program files\FAHClient\WIN32API.PYD
c:\program files\FAHClient\_CTYPES.PYD
c:\program files\FAHClient\SELECT.PYD
c:\program files\FAHClient\_SOCKET.PYD
c:\program files\FAHClient\LIBPANGOCARIRO-1.0.0.DLL
c:\SYSTEM VOLUME INFORMATION\_RESTORE{c.....}

I would assume those are false positives, thus I can train the SAS and antivirus software to ignore them. Correct?? So far, I do not think the SAS interfered with this or previous jobs run here.

Thanks,
Robby of Team Firefox

[7im]

Yes, likely a false positive. Many of the latest scanners are overly aggresive, and have been reported here. NOD, Norton, Avast, etc, in various versions have all has false positives with fah files.

However, I cannot rule out that a virus has not attached itself to the normally virus free fah files. As a sanity check, please run one of the free online AV scans to double check, or use a trial copy of something like Avast.

[Macaholic]

Free online virus tools for verification - JOTTI and Virus Total. Similar thread here.

[bruce]

A far as a false positive on files from a specific WU like Project: 7010 (Run 0, Clone 108, Gen 56), there are always going to be data (binary) files with more or less random bit patterns but they'll be in the \WORK folder. Most people simply disable scanning of that folder.

The files that you're reporting are inside of \Program files\FAHClient which should only be created/modified during the installation procedure after receiving Admin permissions to install. FAH (or other programs) should not be run with Admin permissions, thereby providing no opportunity for the executable files to be infected.

Is the first scan since you installed FAH?

[Robby_Firefox]

Hello, am using AVAST! Internet Security as the main anti-virus client on this computer. Have heard about problems with it and other scanners. Think I have it set to ignore FAH directories. Will add FAH to the ignore list on the SuperAntiSpyware program too.

Sorry but didn't let you know I am using Windows XP Pro, with only one account active (administrative). Am aware of dangers of running processes under Admin permissions. A few years ago at work, one of our folks using Admin privileges did a simple Google search (using I.E.) for printer drivers. The site he went to did some nasty stuff to that PC, installed a new "anti-virus" program which of course founds all kinds of infection; which it would 'remove' for a fee. McAfee on that machine was as useless as a t-shirt in front of a firing squad. Our IT guy managed to get rid of that infection.

I'll probably go the Windows 7 way by the year's end. That'll help minimize those type of problems..

Thanks for the good advice!
Robby