 |
 | Is wupdmgr.exe a Trojan? |  |
|
zhengpeng
|
|
Hi, everyone!
I just installed ClamWin, and a first scan give the following: C:\WINDOWS\system32\wupdmgr.exe: BC.Heuristic.Trojan.SusPacked.BF-6.B FOUND Clicking the executable just lunched IE and directed me to Windows Update web page. Does anyone have any idea of this file? If it were a trojan, what should I do? How could I reinstall the original wupdmgr.exe? Thanks in advance. ZP |
|||||||||||
|
|||||||||||||
 |
| |
|
GuitarBob
|
|
Those byte code (BC) heuristic detections like that have a greater false positive rate than an exact signature detection. It is not a good idea to click on a detected executable! You can verify the file by uploading it to Jotti at https://virusscan.jotti.org/en or Virus Total athttps://www.virustotal.com/ on the web. Either one will scan your file with multiple AV scanners (incluidng the Clam AV engine used by ClamWin). If several AV scanners (besides Clam AV) see an infection, it is probably true. I like to see a couple of these AVs verify an infection: Avast, Avira, Bit Defender, NOD 32, and Sophos. You can also sometimes get an MD5 hash of the file and Google that to see what the web says about it. Jotti and Virus Total will provide the long MD5 hash for you. You will not find any information about very new virus files though, so this is not reliable for new viruses.
If the detection turns out to be a false positive, upload it to Clam AV, starting at https://www.clamav.net/lang/en/sendvirus/ on the web. When you get to the upload form, use the false positive designation and describe the virus in the comments section. Clam will adjust their signature within a couple of days. If the file is infected, you mikght could use Google to find a clean version. ClamWin has an infected files option to quarantine, report only (the default), or remove (do not use-to prevent false positive wipeouts). ClamWin has protection against quarantine/removal of false positive detections for Windows system files for users of Windows 7 and Vista computers but not for older ones. Regards, |
|||||||||||
|
|||||||||||||
|
| It seems to be a false positive | |
|
zhengpeng
|
|
Thank you for the helpful advice, Bob.
I use both virustotal and jotti. Here comes the result: MD5: e1cf8ced169bdaa097ad750bd1449252 Date first seen: 2009-03-24 06:32:23 (UTC) Date last seen: 2011-03-24 02:47:21 (UTC) Detection ratio: 1/41 The file is uploaded to Clam AV. |
|||||||||||
|
|||||||||||||
|
| |
|
GuitarBob
|
|
Thank you for uploading the false positive. You will be helping out outher ClamWin users.
The heuristic detections are valuable, but they just identify files that are likely to contain a virus. Unfortunately, virus writers use the same software as "good" developers, so once in a while, there are false positives. Regards, |
|||||||||||
|
|||||||||||||
|
 | Is wupdmgr.exe a Trojan? | |
|
|||
|
|
|
Powered by phpBB © phpBB Group
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.