Possible False Detection, Or Real Malware

Hi,


I have this program showing up as possible malware , but desinfection is impossible.


[system]=]HKEY_USERS\S-1-5-21-73586283-706699826-1801674531-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TYPEDURLS\url1=]C:\PROGRAM FILES\WINDOWS TRUST\RESSOURCES\MS.TFRAMEWORK.EXE


It is named MS.TFRAMEWORK.EXE in the Windows Trust\Ressources file of Program Files.


Here is the complete adress it sends back to.


Tried uploading it but your system shows "Upload failed. You are not permitted to upload this type of file". Cannot copy or paste it. If I try to slide it in this windows, it proposes either to execute or save it.


Thank you for the help.


detail of "valeur de hachage" don't know what it is, but shows up in file properties


CRC32 397D1372


MD5 C03F45CD829D553070412C864268DC73


SHA-1 B98896FB3BD5F41A25A6F4A35E8B446F9C664AB3

Comments

  • Hi,


    I have this program showing up as possible malware , but desinfection is impossible.


    [system]=]HKEY_USERS\S-1-5-21-73586283-706699826-1801674531-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TYPEDURLS\url1=]C:\PROGRAM FILES\WINDOWS TRUST\RESSOURCES\MS.TFRAMEWORK.EXE


    It is named MS.TFRAMEWORK.EXE in the Windows Trust\Ressources file of Program Files.


    Here is the complete adress it sends back to.


    Tried uploading it but your system shows "Upload failed. You are not permitted to upload this type of file". Cannot copy or paste it. If I try to slide it in this windows, it proposes either to execute or save it.


    Thank you for the help.


    detail of "valeur de hachage" don't know what it is, but shows up in file properties


    CRC32 397D1372


    MD5 C03F45CD829D553070412C864268DC73


    SHA-1 B98896FB3BD5F41A25A6F4A35E8B446F9C664AB3


    Sorry, ignore the sentence in bold fonts. Just stupid of me... ;-)


    The rest of the post is correct.


    Thank you for taking time with it.

  • Please find the file, put it in a password-protected archive (with the password infected) and attach the archive to the topic.


    Cris.

  • Please find the file, put it in a password-protected archive (with the password infected) and attach the archive to the topic.


    Cris.


    Hi Cris,


    What do you mean by put it in an archive and password protect it?


    I attached with the first post, and from what I understand I shouldn't have, but I do not know how to do what you ask.


    Can you give me a little more info.


    Thank you for helping me out.


    Chris


  • Hello Cris,


    Have you had any luck in analysing this file?


    Thank you for keeping me posted,


    Chris

  • Hello Cris,


    Have you had any luck in analysing this file?


    Thank you for keeping me posted,


    Chris


    Hello Cris,


    Still no luck with this file?


    Keeps poping up as threat but I can only erase it by hand, and if it is a valid file, I'll be in deep doodoo!!


    Thanks for getting back to me.


    Chris

  • Hello Chris,


    Sorry for not responding, but analysing files is not my job, as I'm not a Virus Analyst for BitDefender.


    I will, however, try to contact someone to take a look at this sample.


    Cris.

  • Hello Chris,


    Sorry for not responding, but analysing files is not my job, as I'm not a Virus Analyst for BitDefender.


    I will, however, try to contact someone to take a look at this sample.


    Cris.


    Thank you Cris, I thought this was the place to put the files with which we had a problem.


    Thank you for letting me know,


    Thankfully, Chris

  • Thank you Cris, I thought this was the place to put the files with which we had a problem.


    Thank you for letting me know,


    Thankfully, Chris


    Good morning!


    Is there anybody from the tech side on this forum?


    Can anybody give me an answer as to the exact nature of the file I have deposited in this section?


    It has been over 10 days now that I've been solliciting help from you guys!


    Thank you for looking it up and answering me.

  • Hello,


    The file has been analyzed, and it was declared to be clean. Detection should be removed in a few hours.


    We apologize for the delay, and thank you for reporting it.


    Cris.

  • Hello,


    The file has been analyzed, and it was declared to be clean. Detection should be removed in a few hours.


    We apologize for the delay, and thank you for reporting it.


    Cris.


    Thank you cris, luckily you were around.


    Thanks fot the help, keep up the good work,


    Chris

  • alexcrist
    alexcrist
    edited December 2008

    You're welcome.


    Detection has already been removed after the last update I made to my BitDefender. :)


    Topic closed. If you want it to be reopened, please send a PM to one of the Moderating Team members.


    Cris.


    EDIT: Moved to "False positive reporting"

This discussion has been closed.