Trojan in SP2 Update??

jojomart · Post by **jojomart** » Tue Feb 05, 2013 4:54 pm

I downloaded and installed the Paint Shop Pro X5 SP2 update and when Super Anti-Spyware did it's scan last night, it found this:

Trojan.Agent/Gen-FakeAlert[Local]
C:\USERS\OWNER\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\LOW\CONTENT.IE5\UJ7TK17X\PSPX5_SP2[1].EXE

The program got rid of it, but what the heck??

Joelle · Post by **Joelle** » Tue Feb 05, 2013 5:09 pm

I scanned the saved download with Avast and it said "No Threat Found".

Joëlle

jojomart · Post by **jojomart** » Tue Feb 05, 2013 5:21 pm

It wouldn't show in the download because it is something that happens as it's being installed, otherwise it wouldn't be in the temporary data file.

df · Post by df » Tue Feb 05, 2013 6:07 pm

Why is there a [1]? That usually indicates that this is a second file of the same name within the same folder (Windows adds a [1] or (1) to differentiate which came second). Is there a file without that somewhere else? If so, why didn't Super-Antispyware hit on that? Is it the exact same size?

jojomart · Post by **jojomart** » Tue Feb 05, 2013 6:17 pm

When the pop up started downloading the file from Corel, it got about 30% done and then it froze up. I clicked on the link to download it manually and it brought up IE instead of Firefox, so I cancelled the download and copied the link into Firefox to re-download it. After that, I just double clicked the .exe file on my hard drive to install it. That may be why there was the [1] there, but I can't imagine that that would be the reason for it to be named a Trojan.

df · Post by df » Tue Feb 05, 2013 6:42 pm

If SAS didn't find any of the other downloads as trojans then I'd just chalk it up to a false positive result from SAS. It happens. If it happens more than rarely then you may look into it further.

edit: The reason ie was brought up the first time was because that's what is set as your default browser in Windows. You can have FireFox (or whatever) set as default if you don't wish to invoke ie in the future, but it's just a minor annoyance for most.

jojomart · Post by **jojomart** » Tue Feb 05, 2013 7:01 pm

No, IE isn't my default browswer, Firefox is and always has been.

Radim · Post by **Radim** » Thu Feb 07, 2013 10:17 am

I often use service like VirusTotal.com for file(s) not digitaly signed.

There is also SUPERAntiSpyware (https://www.virustotal.com/file/bd00e95 ... 360228153/)

but my experience over years is that, that not only this *security* tool is too offensive sometimes and I get in 10-15 % of scanned files false possitive. You can also report to developers of sofware... Or you can wait while (1-2 week/s) for updated database...

JStanley · Post by **JStanley** » Wed Feb 20, 2013 10:00 pm

df wrote:Why is there a [1]? That usually indicates that this is a second file of the same name within the same folder (Windows adds a [1] or (1) to differentiate which came second). Is there a file without that somewhere else? If so, why didn't Super-Antispyware hit on that? Is it the exact same size?

Regarding browser caches, especially Internet Explorer's Temporary Internet Files, this is technically incorrect...

That being said, this is most likely a false positive.

sdcigarbear · Post by **sdcigarbear** » Sat Feb 23, 2013 2:48 am

No virus detected with Panda Cloud Antivirus as of Wednesday night when I downloaded SP2.

Alludo USER to USER Web Board

Trojan in SP2 Update??

Trojan in SP2 Update??

Re: Trojan in SP2 Update??

Re: Trojan in SP2 Update??

Re: Trojan in SP2 Update??

Re: Trojan in SP2 Update??

Re: Trojan in SP2 Update??

Re: Trojan in SP2 Update??

Re: Trojan in SP2 Update??

Re: Trojan in SP2 Update??

Re: Trojan in SP2 Update??