Author Topic: What to do with this threat? (Read 4475 times)

CXF · « **on:** April 27, 2010, 07:16:23 PM »

Here is a screenshot of whats going on.

When I tried to move it to the vault it says action denied and it also gives me an error for any other action that I try to do. Do I just need to delete it?

Thanks!

DavidR · « **Reply #1 on:** April 27, 2010, 07:31:54 PM »

Schedule a boot-time scan (if you don't have a 64bit OS) and that should get round the access denied as before windows starts, it shouldn't be in use. Once the alert happens in the boot-time scan send it to the chest.

However, before you do that, what is the full path and file name, check the report file for the scan you did and copy and paste the details of the alert.

Do you know what this file is for (faerie solitaire oberon-wt.exe) ?

CXF · « **Reply #2 on:** April 27, 2010, 07:42:25 PM »

Quote from: DavidR on April 27, 2010, 07:31:54 PM

Schedule a boot-time scan (if you don't have a 64bit OS) and that should get round the access denied as before windows starts, it shouldn't be in use. Once the alert happens in the boot-time scan send it to the chest.

However, before you do that, what is the full path and file name, check the report file for the scan you did and copy and paste the details of the alert.

Do you know what this file is for (faerie solitaire oberon-wt.exe) ?

No I have no idea what this file is for.

CXF · « **Reply #3 on:** April 27, 2010, 07:45:12 PM »

Theres the path name.

Pondus · « **Reply #4 on:** April 27, 2010, 07:48:04 PM »

Game (Faerie Solatire) from Oberon media
http://corp.oberon-media.com/

Xtreeme2 · « **Reply #5 on:** April 27, 2010, 07:49:13 PM »

Maybe is a False Positive. Send this file to virus total...

CXF · « **Reply #6 on:** April 27, 2010, 08:04:52 PM »

How do I do that?

DavidR · « **Reply #7 on:** April 27, 2010, 08:25:08 PM »

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page. You can't do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

- avast5 - Create a folder called Suspect in the C:\ drive. Now exclude that folder in the File System Shield, Expert Settings, Exclusions, Add, type (or copy and paste) C:\Suspect\* That will stop the File System Shield scanning any file you put in that folder. Now enter the chest again and Extract the file to the Suspect folder and upload it to VT.

patroni · « **Reply #8 on:** May 13, 2010, 10:24:15 PM »

I got the same detection in the same file as the OP.

here is the virus total result
http://www.virustotal.com/analisis/33e4b29e1b6bef0aa914ee88b8dc4f92d508fa6cc619dab668d51d91d030ac6c-1273781637

It's on an an almost out of the box HP laptop.
I did install some dodgy stuff a few hours before running the scan.

So is this a false positive?

Author Topic: What to do with this threat? (Read 4475 times)

CXF

What to do with this threat?

DavidR

Re: What to do with this threat?

CXF

Re: What to do with this threat?

CXF

Re: What to do with this threat?

Pondus

Re: What to do with this threat?

Xtreeme2

Re: What to do with this threat?

CXF

Re: What to do with this threat?

DavidR

Re: What to do with this threat?

patroni

Re: What to do with this threat?