F-SecureOnlineScanner detected as BScope.Trojan.Conteban


F-SecureOnlineScanner.exe from https://www.f-secure.com/es/home/products#free

has a trojan by VirusTotal and YOMI as BScope.Trojan.Conteban

MD5 9fe20be80fe84afe3410f468d0a4446d

SHA-1 7a21d6fa1f913be39ddeaa16997c4caf6b721a2b

SHA-256 678cefce5fece0ffc76e692a403ec2060c5a27771a89f9fca9848938df732015

Vhash 096056655d15556128z64dz3pz

Authentihash 156efa845cc344141d0e211aeca27cb03cee4190462669314506232447d82131

Imphash e0ba9f4e82f13f8475c0a7696a7747b6

SSDEEP 196608:yVHJoLZUBPeRwFbCVDE0UYjvYyeNahbA8SyKo/:yVY6BPeWiE0ljvYy8ahbqyKi

File type Win32 EXE

Magic PE32 executable for MS Windows (GUI) Intel 80386 32-bit

File size 9.34 MB (9794976 bytes)


How its possible?




  • Ukko
    Ukko Posts: 3,604 Superuser


    I am only an F-Secure user (their home solutions).

    Sounds that it can be a false positive ( https://www.f-secure.com/v-descs/false_positive.shtml  ) detection by VBA32. And wrong suspicion by another company. Actually, only VBA32 with detection name "BScope.Trojan.Conteban". And second company with generic name about suspicion that it is malware.

    Since other engines with no detection - maybe these two are mistakes. Maybe you could try to contact them and to report about it.

    Alternatively, you can try to submit executable to F-Secure Labs for doublecheck with mention virustotal results:

    •  www.f-secure.com/en/business/support-and-downloads/submit-a-sample

    However current detection by VBA32 is only their claim/suspicion and not a real indication of any malicious payload with F-Secure Online Scanner. 


This discussion has been closed.