Trojan warning - but always again...

Mi37St72Mi37St72 Posts: 1 New Member
edited October 5 in F-Secure SAFE

Hello,

since 4 days, I receive a message from F-Secure about 10 Minutes after starting my system that says, a trojan was found, and I should restart the system to remove it. After the restart, same thing happens. According to the log, a malicous file was found and removed (TROJAN.TR/AD.FIREHOOKER.BU) , the path is in trhe windows/temp/ - directory, and a system restart is required to remove. Searching the system with other programs didn't recover any Malware. Could this be a false alarm, and where can I see which file causes the problem?

Thank you!

Comments

  • KauffixiKauffixi Posts: 1 New Member

    Hello everywhere,

    The same problem, no solution.

    I have scanned the system with various other programmes, but no malware was found.

    F-Secure still is warning, want´s a reboot, but nothing changes.

    ???

    Stay healthy and safe

    Kauffixi

    Mi37St72
  • UkkoUkko Posts: 2,995 Superuser

    Hello,

    Sorry for my reply. I am only an F-Secure user (their home solutions).

    Before my suggestions about own potential troubleshoot steps - I can to suggest to contact their official Support Channel (for example, web-chat) or to transfer detected item to F-Secure SAS:

    Could this be a false alarm, and where can I see which file causes the problem?

    Perhaps, it could be a false positive detection. At least, based on multiple recent discussions about this certain detection. However, sounds that the reason for detection is somewhat really suspicious.

    How I can to understand the situation:

    Something is detected under Windows/Temp folder. So, there is a dropped file or downloaded by something from somewhere. Since it is a system (temporary) folder and detection itself is about critical view - restart is requested. However, then 'something' is retriggered.

    It is possible to try check whether situation is depends on certain steps or not. For example, occurs only after launching web-browser; only with network connection (so, it is not what is on the file system already); only after launching certain application and so on.

    So, as a general steps - you could check some browser's addons or extensions (what if something is suspicious there or recently updated). I am not quite  sure about detection name [TROJAN.TR/AD.FIREHOOKER.BU] - whether "AD" is a random or means adware type. If all is fine with browsers - then to check system Task Scheduler about any scheduled tasks and if there is something strange enough. In addition, maybe good to check some DNS settings and hosts file.

    However, the most useful is to contact F-Secure official Support or directly F-Secure Labs (F-Secure SAS) and to transfer quarantined item. This way - it will be clear whether it is a false positive or not. You could to provide (checkbox 'I want to give more details about this sample and to be notified of the analysis results') more information and your email  - so you will receive a response about.

    Thanks! And sorry for my English.

    Mi37St72
Sign In or Register to comment.