some workstations (10.1) detected virus in windows update this afternoon. thx.
Date: 2014-03-12 16:38:29+08:00
Computer name: xxxxxxxxxxx
User account: SYSTEM
Product: F-Secure Anti-Virus (OID: 220.127.116.11.4.1.2213.12)
Severity: security alert (5)
Message: Malicious code found in file C:\Windows\WinSxS\Temp\PendingRenames\af468071ce3dcf0172000000d810f816.x86_windows-defender-nis-service_31bf3856ad364e35_6.3.9600.16452_none_b2b0d59e2e728367_nisipsplugin.dll_8f755bb5.
Action: The file was quarantined.
Thanks for the report. Could you please submit the sample to our lab so that we can investigate this detection further.
Provide the subscription ticket(TXXXXXX) via private message for follow up.
i cannot find the file in the computer.
i tried to download the KB2894853 from Microsoft but the download file is OK.
Now more than 10 workstations detected the infection.
You can try and use the unquar tool to retrieve the quarantine file at the origin of the detection.
However be sure to take precautions handling potentially dangerous files.
Make sure you are restoring the correct files from the quarantine. There is a chance that the quarantine contains malware and you might risk real infection by releasing these items.
I think this situation illustrates a problem with F-Secure products.
The text of virus alert says filename "XYZ" was quarantined because of malware "PQRS" infection. However, the alerts fails to say the file in quarantine has MD-5 or SHA-1 checksum "123456ABCDE".
Because of this, everybody has a more difficult job trying to find out if the alert is about a real virus or a false positive. It would be so much easier to have MD5 or SHA1 info handy, which can be queried on the "virustotal.com" website.
(File names can change easily and virus names mean almost nothing, because malware taxonomy has never been standardized among the antivirus vendors. The only tangible info would be cryptographic hash checksums, which F-Secure malware alerts fail to provide. Please correct this issue in FSAV 11.52!)
Best regards: Tamas Feher, Hungary.
This topic has been closed due to inactivity. If you would like to discuss this topic further, please start a new post.
You can reference this topic in your post by adding this link:
Visit the Community
Check our Forums or How-to & FAQs for advice or answers
View User Guides
Refer to our getting started guides and product manuals
Talk to our Support and get answers to your questions