Author Topic: cardinst.exe infectado por Win32:Dh-A [Heur]  (Read 3093 times)

0 Members and 1 Guest are viewing this topic.

Offline eliss

  • Newbie
  • *
  • Posts: 6
cardinst.exe infectado por Win32:Dh-A [Heur]
« on: February 16, 2018, 05:59:52 PM »
Avast antivirus detects that file C:\Windows\ExternalAP\Drivers\CardReader\IOI\Setup.exe|>{app}\cardinst.exe 
is infected by  Win32:Dh-A [Heur]

In the drop-down I can not choose Chest or delete, just leave Automatic.

I press button solve and it tells me that done, but if I scan again the problem reappears.

How can I solve it?

Offline Azraelbuc

  • Jr. Member
  • **
  • Posts: 31
Re: cardinst.exe infectado por Win32:Dh-A [Heur]
« Reply #1 on: February 16, 2018, 11:22:48 PM »
The card reader comes with a read-only small memory space already in that has its drivers available for install.
So either what you got is indeed infected and there is absolutely nothing you can do about it since it came like that from the manufacturer or it's a false positive. To see if it's a false positive just copy the file on your desktop and upload it to one of the online antivirus test sites and check it there.
But since it's a card reader and those have been fully supported since XP i don't see any reason why there would be a need for its drivers - so my guess it's a piege a cons. So destroy it and get a legit one.

Offline eliss

  • Newbie
  • *
  • Posts: 6
Re: cardinst.exe infectado por Win32:Dh-A [Heur]
« Reply #2 on: February 19, 2018, 05:31:49 PM »
Thanks for the reply.

I have looked at the file (Avast Antivirus calls "cardinst.exe" but in this folder there is no file with this name, there are "setup.exe") and the modification date is from 2010. All this time Avast Antivirus no detect problem, last week yes. But only Avast Antivirus, others Antivirus no.

I have downloaded another antivirus (Kaspersky free) and a antimalware (Zemana antimalware), I scan this file specifically and I've also scan the whole PC and not detect any virus.

So, it's a false positive?

Is it better to replace the file with a new one, anyway? Where can I get the file that is reliable and has no problems?

Thanks in advance and apologies for my lousy English




Offline Asyn

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 71794
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: cardinst.exe infectado por Win32:Dh-A [Heur]
« Reply #3 on: February 20, 2018, 05:21:18 AM »
Test the file at VT (https://www.virustotal.com) and post the link to the result here.
Win 8.1 [x64] - Avast PremSec 21.8.6586.IBC [UI.666] - EEK - Firefox ESR 78.14 [NS/uBO/PB] - TB 91.1
Avast-Tools: Secure Browser 93.0 - Cleanup 21.3 - SecureLine 5.13 - Driver Updater 21.3 - CCleaner 5.84
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline eliss

  • Newbie
  • *
  • Posts: 6
Re: cardinst.exe infectado por Win32:Dh-A [Heur]
« Reply #4 on: February 20, 2018, 07:25:59 PM »
Today when I scan with Avast Antivirus not detect virus. Anyway, to make sure I've done what you told me and in the result, the first time 2 engines (Ikarus and TrendMicro-HouseCall) detect problems, I hit button Reanalyze and then only 1 engine ( Ikarus) detect problem.

The link to result:
https://www.virustotal.com/#/file/2cc294d8aa5a2d7c5c2dcf1c2f7b64558fe5f523f5e99131616d69242f064ae9/detection

In the same folder (...CardReader\IOI\), there are other file "AsusSetup.exe" and I upload too, the result is:
https://www.virustotal.com/#/file/982a41b4dcc4953a123dda20f139f304a8edbc8c2a7008f19a2933b7477d8a9e/detection

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37099
Re: cardinst.exe infectado por Win32:Dh-A [Heur]
« Reply #5 on: February 20, 2018, 07:45:03 PM »
Quote
History
Creation Time   1992-06-19 22:22:17
First Seen In The Wild   2012-10-28 08:53:58
First Submission   2014-04-23 00:59:40
Last Submission   2018-02-20 18:17:04
Last Analysis   2018-02-20 18:17:04


File Version Information
Copyright                                                                                                      
Product   Smart Card Reader Driver and Card Icon Program             
Description   Smart Card Reader Driver and Card Icon Program Setup       
File Version   1.0.7.73           
Comments   This installation was built with Inno Setup.


Quote
History
Creation Time   2007-05-29 12:02:30
First Seen In The Wild   2007-05-29 14:02:30
First Submission   2013-01-04 09:13:31
Last Submission   2018-02-20 18:34:11
Last Analysis   2018-02-20 18:34:11


File Version Information
Copyright   Copyright (C) 2006 ASUS
Product   AsusSetup
Description   AsusSetup
File Version   1.0.19.7


False Positives



Offline eliss

  • Newbie
  • *
  • Posts: 6
Re: cardinst.exe infectado por Win32:Dh-A [Heur]
« Reply #6 on: February 21, 2018, 06:44:21 PM »
Oh great! Thanks for the help  :D