After recent definition updates, I did a full scan and AdAware has determined that 3 of my backup motherboard installers contain a trojan!

This is very unlikely, unless the Asus website is infected.
All instances are actually separate copies of the same file - AsusSetup.exe

Clip from log file:
Removed items:
Description: E:\Asus M4N78SE Motherboard\ASUSUpdt_V7.16.01_XPVistaWin7.zip:ASUSUpdt_XPVistaWin7/AsusSetup.exe Family Name: Win32.TrojanDropper.Delf Engine: 1 Clean status: Success Item ID: 1649233 Family ID: 1385 MD5: efa28f4b57cda60ad6e038d1e3e90b57
Description: E:\Asus M4N78SE Motherboard\ProbeII_V10472_XPVistaWin7.zip:ProbeII_V10472_XPVistaWin7/AsusSetup.exe Family Name: Win32.TrojanDropper.Delf Engine: 1 Clean status: Success Item ID: 1649233 Family ID: 1385 MD5: 393bd8a05d8ab2bc7d72b91269b6e82a

Quarantined items:
Description: E:\Asus M4N78SE Motherboard\Manual\NIS2008_Guide\AsusSetup.exe Family Name: Win32.TrojanDropper.Delf Engine: 1 Clean status: Success Item ID: 1649233 Family ID: 1385 MD5: 554685db743f669d9f4a9b8451da6da8

I have attached a zip of the offending .exe file, which is probably perfectly OK.

Star

Somebody else recently reported ASUS file detections:

http://www.lavasoftsupport.com/index.php?showtopic=27584

I noticed that, but it was in the wrong forum, so that report would not be checked out!!

It is quite important that backup installers do not get deleted by this kind of problem!

Indeed - that's why I advised the user to post here - twice. Not sure why he didn't, but maybe your doing so will help him out too.

Hello StarStryder

Thank you for reporting this. We will investigate the files and if they are found to be false positives they will be removed from detection with the next definition file update.


Regards
LS Anders

Thanks, LS

I assume that the adjustments have been made to the defs, as AsusSetup.exe files no longer get deleted when I do a full scan.

Yes, that issue is fixed.
Thanks for reporting the issue

LS Pekka

Lavasoft Malware Labs