The following file appears to contain a trojan (don't worry, I won't upload it!)

A0005469.dll

DAT File

4KB

A-squared detected it today. I'm conscious that A2 does point to some objects that are FPs so I checked at VirusTotal and 4 of their scanners flagged it and that's confirmation enough for me. I didn't save the report so I can't tell you which ones indicated that it is an infected file.

I'd like to delete it if possible but I imagine that it's not a wise move and thought I'd ask here first. Is it safe to delete this file do you think?


Cheers,

River

Just leave it in the quarantine...it ain't going anywhere.
If it is an FP you'll be able to restore it later.
Googling the file name didn't return many hits, just two, and those indicated it might be a data miner, so perhaps it isn't an FP.
I'd do another scan or two with different scanners just to be sure.

{QUOTE->
Googling the file name didn't return many hits, just two, and those indicated it might be a data miner, so perhaps it isn't an FP.
I'd do another scan or two with different scanners just to be sure. <-QUOTE}

I noticed that Tarq. Just two results in a convoluted HJT (?) log. Not great late night reading. Thanks for the response.

Cheers,

River

:thumb:

Which four scanners at Virus Total flagged it? Could stil be a FP.

I have been reading this thread to know how my security setup would solve this problem.

Problem :
1. I don't have "A2" or any other scanner.
2. So I don't even know if that file "A0005469.dll" would be on my harddisk or not.
3. I don't have to question myself : Is it a false/positive or not ? Do I have to delete it or not ? Because I don't even know if the file is on my harddisk, but suppose it is on my harddisk.

The worst part is that this file must have been on your harddisk for quite some time and could have done its evil job already, if it is an infection.
I have that problem too, when nothing stops the installation.

My solution :
1. I have Anti-Executable on my computer. Two possibilities :
a. The file "A0005469.dll" is whitelisted, nothing would happen.

b. The file "A0005469.dll" is not whitelisted, AE would have stopped it immediately as an unauthorized executable, because .dll is considered as an executable by AE.

2. Suppose I wouldn't have Anti-Executable. In that case I'm in the same situation as Riverrun, but I still have to remove this file or not and I still need an answer to these annoying questions and I don't have "A2" and this will happen on reboot.
Two possibilities :

a. The file "A0005469.dll" doesn't exist in my archive, then it will be removed automatically during reboot, which means it was malware for sure or at least an object that doesn't belong on my harddisk.

b. The file "A0005469.dll" does exist in my archive, then it will remain on my harddisk during reboot, which means it was a false/positive.

I know it is a different kind of security, but it worked and even without AE.