Author Topic: FP_AX_CAB_INSTALLER.exe came up as a Trojan (Is this an FP?)  (Read 18263 times)

0 Members and 1 Guest are viewing this topic.

Mickey Way

  • Guest
FP_AX_CAB_INSTALLER.exe came up as a Trojan (Is this an FP?)
« on: March 01, 2010, 05:17:18 AM »
Hi. I just updated my computer to the most current update 100228-1 and ran a full scan.  It found this file (FP_AX_CAB_INSTALLER.exe) in C/Windows/Downloaded Program Files.  The file date is 10/5/2008.  I moved it to the Virus Chest, but am not sure what to do next.  If I'm not mistaken, it's a common driver file for audio and video support.

Is this a False Pos?

Let me know if I need to send more supporting data.

Thanks!

Jtaylor83

  • Guest
Re: FP_AX_CAB_INSTALLER.exe came up as a Trojan (Is this an FP?)
« Reply #1 on: March 01, 2010, 05:32:43 AM »
This is a false positive because it's a Flash Player ActiveX Installer.

please upload to VirusTotal or VirScan.Org and post results.

Mickey Way

  • Guest
Re: FP_AX_CAB_INSTALLER.exe came up as a Trojan (Is this an FP?)
« Reply #2 on: March 01, 2010, 07:53:19 AM »
Well, I tried 5 times to restore the file so I could upload it to Virus Total, but it does not return to it's original location even though the window says "Action was completed successfully!".  And, it's not a hidden file, I have my explorer set  to "show hidden files".  I even tried a reboot after the restore to see if that helps. Is there another way to either restore the file or upload it from the chest?

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37644
  • F-Secure user
Re: FP_AX_CAB_INSTALLER.exe came up as a Trojan (Is this an FP?)
« Reply #3 on: March 01, 2010, 07:59:13 AM »

Onix

  • Guest
Re: FP_AX_CAB_INSTALLER.exe came up as a Trojan (Is this an FP?)
« Reply #4 on: March 01, 2010, 08:03:20 AM »
Well, I tried 5 times to restore the file so I could upload it to Virus Total, but it does not return to it's original location even though the window says "Action was completed successfully!".  And, it's not a hidden file, I have my explorer set  to "show hidden files".  I even tried a reboot after the restore to see if that helps. Is there another way to either restore the file or upload it from the chest?
What's your OS?If you have Vista or 7,maybe the problem is with UAC.Try to extract the file to another place(for example to desktop).

Mickey Way

  • Guest
Re: FP_AX_CAB_INSTALLER.exe came up as a Trojan (Is this an FP?)
« Reply #5 on: March 01, 2010, 08:31:09 AM »
Thanks Onix.  That worked perfectly!  (I'm running XP SP3.)  Moving it to the desktop revealed it to be the Adobe Flash Player installer.

I ran it through Virus Total and the result is 0/41.

Even thought it cleared Avast on Virus Total, it still registers as a Trojan if I spot test it.  I'll wait until the next AVS update and check it again.

(I know that it is no longer a necessary file and I can just delete it.)

Mickey Way

  • Guest
Re: FP_AX_CAB_INSTALLER.exe came up as a Trojan (Is this an FP?)
« Reply #6 on: March 01, 2010, 08:55:47 AM »
I just ran it through VirScan.org and their results are "Scanner results : 79% Scanner(s) (30/38) found malware!".  The Avast result shows it as "Win32:Dialer-1314 [Trj]".

So, one site shows as FP and the other site shows as Malware.

(I'm not going to sweat it.  Like I said above, I can just delete it.)

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37644
  • F-Secure user
Re: FP_AX_CAB_INSTALLER.exe came up as a Trojan (Is this an FP?)
« Reply #7 on: March 01, 2010, 09:04:56 AM »
Does the scanners on VirusTotal and Virscan have the same VPS update ?

Mickey Way

  • Guest
Re: FP_AX_CAB_INSTALLER.exe came up as a Trojan (Is this an FP?)
« Reply #8 on: March 01, 2010, 09:13:00 AM »
VirScan says; Avast Engine Version 4.7.4, Sig Version 090604-0.

VT says; Avast Version 4.8.1351.0, Last Update 2010.02.23.




« Last Edit: March 01, 2010, 09:18:23 AM by Mickey Way »

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37644
  • F-Secure user
Re: FP_AX_CAB_INSTALLER.exe came up as a Trojan (Is this an FP?)
« Reply #9 on: March 01, 2010, 09:24:40 AM »
You can also try........to be moore confused ....... ;D
Jotti http://virusscan.jotti.org/en
ThreatExpert http://www.threatexpert.com/submit.aspx

Mickey Way

  • Guest
Re: FP_AX_CAB_INSTALLER.exe came up as a Trojan (Is this an FP?)
« Reply #10 on: March 01, 2010, 09:39:51 AM »
Why not.

Jotti results (from 8 Aug 09) 0/21.

TE results are slower than spam...in other words, they haven't arrived in my mailbox ATT.

(EDIT) Here they are now.  I'll attach for those who know how to understand this because I don't.
« Last Edit: March 01, 2010, 09:58:07 AM by Mickey Way »

2of9

  • Guest
Re: FP_AX_CAB_INSTALLER.exe came up as a Trojan (Is this an FP?)
« Reply #11 on: April 20, 2011, 06:38:08 PM »
I"m getting many PCs w/ BSOD 000000c0 or 0000000C.  McAfee's latest Stinger Removal Tool deleting "FakeAlert Virus and Trojan" embedded inside the FP_AX_CAB_INSTALLER.EXE though more files must be involved if reinfection occurs.  i didn't find anything unusual w/ HJT.  Many of my PCs were affected weeks earlier by an undetected Vundo variant.  Don't know if any relationship exists.
http://www.mcafee.com/us/downloads/free-tools/stinger.aspx
 
More on this phenomena - FAKE Updaters at: 
http://forum.bkis.com/showthread.php?p=528
http://news.softpedia.com/news/Trojan-Masquerades-as-Adobe-Reader-Updater-Component-138453.shtml

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37644
  • F-Secure user
Re: FP_AX_CAB_INSTALLER.exe came up as a Trojan (Is this an FP?)
« Reply #12 on: April 20, 2011, 06:46:24 PM »
@2of9  this thread is more then a year old..

if you need help start a new