HitmanPro blocked F-secure file

Paulus1979
Paulus1979 Posts: 7 Explorer

HitmanPro 3.8.0. just gave me the following warning.

Are you aware of a problem with this file?

 

 

Malware _____________________________________________________________________

C:\ProgramData\F-Secure\GUTS2\capricorn-win64\1549003233\aeoffice.dll
Size . . . . . . . : 1.011.680 bytes
Age . . . . . . . : 0.1 days (2019-02-01 08:52:14)
Entropy . . . . . : 7.3
SHA-256 . . . . . : 42DD96085BE703DB739F694F433BF03E9BFF07DDE81CA9659EB39F2A439524C7
Product . . . . . : AVOFFICE
Publisher . . . . : Avira Operations GmbH & Co. KG
Description . . . : Avira Engine Module for Windows
Version . . . . . : 8.4.10.8
LanguageID . . . . : 0
> Kaspersky . . . . : HEUR:Trojan.Win32.Generic
Fuzzy . . . . . . : 98.0

Comments

  • nanonyme
    nanonyme Posts: 145 Path Finder

    Hey, 

    Running two antivirus programs on same machine is completely unsupported, they may well detect each other's virus databases as viruses preventing either from protecting you. 

  • bjm_
    bjm_ Posts: 11 Observer
    HitmanPro is on-demand second opinion scan tool. Not real-time. Not AV
  • nanonyme
    nanonyme Posts: 145 Path Finder

    Hey, 

    The same applies for also on-demand scanning, it's not limited to real-time scanning. Databases and engines are quite likely to trigger false positive detections and removing those makes the antivirus software detect less things. 

  • Ukko
    Ukko Posts: 3,770 Superuser

    Hello,

     

    Sorry for my reply. I am only an F-Secure user (their home solutions).

     

    Just interesting:

    Does your experience still show that HitmanPro partner engine detects an F-secure file as 'potentially' malicious? Or it was one-time experience?

     

    Based on your log and item SHA-256 hash - this file has been corrupted(?). At least, digital code signing signature/cert were.

    Perhaps this is possible if the item was during writing/creation (temporary or even update); interrupted during update/create/write; broken item (temporary trouble).

    Otherwise, item is modified or tricked during certain stage. What is a little be strange for home use situation.

    And likely that troubles with signature verification was a reason for generic detection (HEUR:Trojan.Win32.Generic).

     

    Maybe if your experience is still about such a detection (or if the original item is still available) - possible to check it manually. What is state of file's digital signature?

     

    My own experience and "aeoffice.dll" are about valid situation probably (though, I check it with beta F-Secure SAFE solution). At least, the file is signed normally; and HitmanPro did not detect after a brief check.

    But as was suggested with other replies - detection of each other's signatures is most likely a probable situation. Although my own steps in this kind of situation with detection are attempts to contact F-Secure Labs:

    and the company that detects the item.

     

    Thanks!

This discussion has been closed.
Feedback on New Design