« previous next »
Pages: [1]   Go Down

Author Topic: Hmm...  (Read 3729 times)

0 Members and 1 Guest are viewing this topic.

Offline kyuuketsuki_kurai

  • Jr. Member
  • **
  • Posts: 88
Hmm...
« on: February 22, 2015, 03:41:11 PM »
The last couple days avast has been detecting a file that appears to be part of my Rosetta Stone program. I have Japanese 1, 2, and 3 and Chinese 1 installed. They were bought directly from Rosetta Stone over a year ago. However, the program regularly updates itself.
Near as I can tell, it is a legitimate file, however, VirusTotal is showing 6 detections on it. https://www.virustotal.com/en/file/c735862820c2a1092d360a4a7aa209365fca535f25d7a8543f6c9a8f7db73d5b/analysis/1424615391/
The file in question is:
C:\ProgramData\Rosetta Stone\Language Training\Content\data\72\2\722ed38d94614eec5d65fe50f0be4183f727d605
avast is detection it as "SWF: Malware-gen [Trj]"
Since it's a flash animation, my first thought was that it was due to the recent issues Flash has had with exploits, however, if this were the case, I would expect many many more detections from these folders.
Thoughts?
Logged
Alienware 17, Windows 10, Intel Core i7-4700MQ, 8GB RAM, Avast 19.2, Chrome 72.0 64-bit

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37547
  • Not a avast user
Re: Hmm...
« Reply #1 on: February 22, 2015, 03:56:14 PM »
Seems like a FP    First submission 2015-01-22 14:00:27 UTC ( 1 month ago )

Report it here  https://support.avast.com  >  avast virus lab
Logged

Offline kyuuketsuki_kurai

  • Jr. Member
  • **
  • Posts: 88
Re: Hmm...
« Reply #2 on: February 22, 2015, 04:23:13 PM »
Will do. Just wanted feedback, since VT threw up a few other detections. Thanks!
Logged
Alienware 17, Windows 10, Intel Core i7-4700MQ, 8GB RAM, Avast 19.2, Chrome 72.0 64-bit

Offline kyuuketsuki_kurai

  • Jr. Member
  • **
  • Posts: 88
Re: Hmm...
« Reply #3 on: February 28, 2015, 07:10:05 PM »
I reported as a FP 6 days ago, and it's still flagging?
Logged
Alienware 17, Windows 10, Intel Core i7-4700MQ, 8GB RAM, Avast 19.2, Chrome 72.0 64-bit

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37547
  • Not a avast user
Re: Hmm...
« Reply #4 on: February 28, 2015, 07:21:55 PM »
Quote from: kyuuketsuki_kurai on February 28, 2015, 07:10:05 PM
I reported as a FP 6 days ago, and it's still flagging?
test the file at VT again .... click rescan for a fresh result
Logged

Offline kyuuketsuki_kurai

  • Jr. Member
  • **
  • Posts: 88
Re: Hmm...
« Reply #5 on: March 01, 2015, 03:28:01 PM »
Logged
Alienware 17, Windows 10, Intel Core i7-4700MQ, 8GB RAM, Avast 19.2, Chrome 72.0 64-bit

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33915
  • malware fighter
Re: Hmm...
« Reply #6 on: March 01, 2015, 04:41:49 PM »
Hi kyuuketsuki_kura,

If you received a pop-up warning for Exploit SWF_c while you were surfing a website, chances are that the malware was blocked and there's nothing to remove.
Did that program download originally had some Conduit-like junkware bundled with it ?
It is an Adware detection on the Comodo signed Installer.

polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline kyuuketsuki_kurai

  • Jr. Member
  • **
  • Posts: 88
Re: Hmm...
« Reply #7 on: March 03, 2015, 06:57:49 PM »
This isn't on a website. As I said, this file is:
C:\ProgramData\Rosetta Stone\Language Training\Content\data\72\2\722ed38d94614eec5d65fe50f0be4183f727d605
The file is extensionless, but is actually a Flash animation used by the program.
Rosetta Stone isn't bundled with anything. It was originally installed via disc, and it updates automatically.
Logged
Alienware 17, Windows 10, Intel Core i7-4700MQ, 8GB RAM, Avast 19.2, Chrome 72.0 64-bit
Pages: [1]   Go Up
« previous next »