« previous next »
Pages: [1]   Go Down

Author Topic: False positive sdlaunch.exe / HPOV_SP17_Start_Client.exe ?  (Read 2521 times)

0 Members and 1 Guest are viewing this topic.

synrst

  • Guest
False positive sdlaunch.exe / HPOV_SP17_Start_Client.exe ?
« on: August 13, 2008, 03:38:34 PM »
Hello,

While scanning my corporate laptop with my Avast U3 scanner (updated today, Thorough scan), it marked the following files as malware:

C:\Program Files\Hewlett-Packard\OpenView\service desk 4.5\client\bin\HPOV_SP17 Start Client.exe   INFECTED: Win32:Trojan-gen {Other}
C:\Program Files\Hewlett-Packard\OpenView\service desk 4.5\client\bin\sdlaunch.exe   INFECTED: Win32:Trojan-gen {Other}
C:\WINDOWS\system32\HPOV\HPOV_SP17 Start Client.exe   INFECTED: Win32:Trojan-gen {Other}
C:\WINDOWS\system32\HPOV\StartupScript HPOV_SP17.exe   INFECTED: Win32:Trojan-gen {Other}
C:\WINDOWS\system32\HPOV\StartupScript HPOV_SP9.exe   INFECTED: Win32:Trojan-gen {Other}

These files belong to the HP Openview ServiceDesk client tool.
Havent used this tool for months, suddenly they are marked as trojans.

Uploading a few of them to www.virustotal.com gives a result of 6/36 as marked bad:

File sdlaunch.exe received on 08.13.2008 14:40:01 (CET)
Current status: finished
Result: 6/36 (16.67%)

Antivirus     Version     Last Update     Result
AhnLab-V3   2008.8.13.0   2008.08.13   -
AntiVir   7.8.1.19   2008.08.13   -
Authentium   5.1.0.4   2008.08.12   -
Avast   4.8.1195.0   2008.08.12   Win32:Trojan-gen {Other}
AVG   8.0.0.161   2008.08.13   -
BitDefender   7.2   2008.08.13   Trojan.Generic.162059
CAT-QuickHeal   9.50   2008.08.12   -
ClamAV   0.93.1   2008.08.13   -
DrWeb   4.44.0.09170   2008.08.13   -
eSafe   7.0.17.0   2008.08.12   Suspicious File
eTrust-Vet   31.6.6030   2008.08.13   -
Ewido   4.0   2008.08.13   -
F-Prot   4.4.4.56   2008.08.12   -
F-Secure   7.60.13501.0   2008.08.13   -
Fortinet   3.14.0.0   2008.08.13   -
GData   2.0.7306.1023   2008.08.13   Win32:Trojan-gen
Ikarus   T3.1.1.34.0   2008.08.13   -
K7AntiVirus   7.10.412   2008.08.12   -
Kaspersky   7.0.0.125   2008.08.13   -
McAfee   5359   2008.08.12   -
Microsoft   1.3807   2008.08.13   -
NOD32v2   3352   2008.08.13   -
Norman   5.80.02   2008.08.13   -
Panda   9.0.0.4   2008.08.13   Suspicious file
PCTools   4.4.2.0   2008.08.12   -
Prevx1   V2   2008.08.13   -
Rising   20.57.22.00   2008.08.13   -
Sophos   4.32.0   2008.08.13   -
Sunbelt   3.1.1542.1   2008.08.13   -
Symantec   10   2008.08.13   -
TheHacker   6.3.0.3.046   2008.08.13   -
TrendMicro   8.700.0.1004   2008.08.13   PAK_Generic.001
VBA32   3.12.8.3   2008.08.13   -
ViRobot   2008.8.13.1335   2008.08.13   -
VirusBuster   4.5.11.0   2008.08.12   -
Webwasher-Gateway   6.6.2   2008.08.13   -

Some of the files are identical to each other (exact MD5 hash) and have been send to virus@avast.com for further analysis.

Please investigate.
Logged

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: False positive sdlaunch.exe / HPOV_SP17_Start_Client.exe ?
« Reply #1 on: August 13, 2008, 03:42:58 PM »
Seems false positives... hope they correct, as usual, this very soon.
Logged
The best things in life are free.
Pages: [1]   Go Up
« previous next »