Jump to content


Photo

FraudTool.Win32.AVSoft(v) - ERDNT.exe Fals Positive?


  • Please log in to reply
8 replies to this topic

#1 BWarriner

BWarriner

    Advanced Member

  • Members
  • PipPipPip
  • 62 posts

Posted 03 March 2012 - 04:23 PM

The latest build (11614?) caught this .exe which I believe is part of the ERUNT backup registry tool.

Skipped items:
Description: c:\windows\erdnt\4-5-2011\erdnt.exe Family Name: FraudTool.Win32.AVSoft (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 89afdd29832aa923926bdd4b5f5243d5

Attached Files



#2 akcan

akcan

    Newbie

  • Members
  • Pip
  • 6 posts

Posted 06 March 2012 - 01:42 PM

AD-AWARE Pro caught this Trojan(?) during a deep scan today and i don´t have ERUNT on my computer.

#3 CeciliaB

CeciliaB

    Volunteer

  • Moderator
  • 7703 posts

Posted 06 March 2012 - 02:56 PM

Hi akcan,

Many files can be reported as FraudTool.Win32.AVSoft(v) and only a few are false positives. Please, follow the guide http://www.lavasofts...showtopic=18033 to give Lavasoft all the information they need to be able to investigate if it is a false positive in your case.

#4 BWarriner

BWarriner

    Advanced Member

  • Members
  • PipPipPip
  • 62 posts

Posted 06 March 2012 - 07:14 PM

Cecilia, can you respond to my original query please?

#5 akcan

akcan

    Newbie

  • Members
  • Pip
  • 6 posts

Posted 06 March 2012 - 07:16 PM

HI!
Unfortunately i have already removed the file. It seems to be rather complicated to send the information to Lavasoft.
Why not just dubbelclic the Ad-Awareicon on the clipboard and then go to "quarantine"?

#6 BWarriner

BWarriner

    Advanced Member

  • Members
  • PipPipPip
  • 62 posts

Posted 06 March 2012 - 07:55 PM

akcan, can you please create a separate thread for your issue so I can get a more expedited response for mine?

#7 CeciliaB

CeciliaB

    Volunteer

  • Moderator
  • 7703 posts

Posted 06 March 2012 - 07:57 PM

Cecilia, can you respond to my original query please?

Sorry BWarriner, I don't do malware research. I have not seen LS Andy in the forum this week, he probably has missed your post and I will send him an email.

#8 LS Andy

LS Andy

    Lavasoft Staff/Forum Overlord

  • Root Admin
  • 1535 posts

Posted 07 March 2012 - 09:52 AM

Hi BWarriner,

Thanks for your report. This was a false positive and will no longer be detected by Ad-Aware. Please update your definition file.

Regards,

Andy
Lavasoft Malware Labs
unsolicited@tenalia.com

#9 BWarriner

BWarriner

    Advanced Member

  • Members
  • PipPipPip
  • 62 posts

Posted 08 March 2012 - 12:16 AM

Thanks.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users