Windows 8.1 update with KB2894853
some workstations (10.1) detected virus in windows update this afternoon. thx.
Date: 2014-03-12 16:38:29+08:00
Host: xxxxxxxxx
Computer name: xxxxxxxxxxx
User account: SYSTEM
Product: F-Secure Anti-Virus (OID: 1.3.6.1.4.1.2213.12)
Severity: security alert (5)
Message: Malicious code found in file C:\Windows\WinSxS\Temp\PendingRenames\af468071ce3dcf0172000000d810f816.x86_windows-defender-nis-service_31bf3856ad364e35_6.3.9600.16452_none_b2b0d59e2e728367_nisipsplugin.dll_8f755bb5.
Infection: Gen:Trojan.Heur.fu!@xuJXcqli
Action: The file was quarantined.
Comments
-
HI Twong,
Thanks for the report. Could you please submit the sample to our lab so that we can investigate this detection further.
https://analysis.f-secure.com/portal/login.html
Provide the subscription ticket(TXXXXXX) via private message for follow up.
-
HI Twong,
You can try and use the unquar tool to retrieve the quarantine file at the origin of the detection.
However be sure to take precautions handling potentially dangerous files.
Make sure you are restoring the correct files from the quarantine. There is a chance that the quarantine contains malware and you might risk real infection by releasing these items.
-
Hello,
I think this situation illustrates a problem with F-Secure products.
The text of virus alert says filename "XYZ" was quarantined because of malware "PQRS" infection. However, the alerts fails to say the file in quarantine has MD-5 or SHA-1 checksum "123456ABCDE".
Because of this, everybody has a more difficult job trying to find out if the alert is about a real virus or a false positive. It would be so much easier to have MD5 or SHA1 info handy, which can be queried on the "virustotal.com" website.
(File names can change easily and virus names mean almost nothing, because malware taxonomy has never been standardized among the antivirus vendors. The only tangible info would be cryptographic hash checksums, which F-Secure malware alerts fail to provide. Please correct this issue in FSAV 11.52!)
Best regards: Tamas Feher, Hungary.