Amon detecting 2 TrojanHunter files

Discussion in 'NOD32 version 2 Forum' started by MichaelJH, Apr 2, 2006.

Thread Status:
Not open for further replies.
  1. MichaelJH

    MichaelJH Registered Member

    Joined:
    May 20, 2005
    Posts:
    27
    Location:
    California, USA
    The newest build of TH v4.5 creates a randomly named file, and keyfinder.exe that are being detected as Win32/PSWTool.RAS.A application.

    Both files are created in a temp directory.

    Any suggestions.
     
    Last edited: Apr 2, 2006
  2. Magnus Mischel

    Magnus Mischel Security Expert

    Joined:
    Oct 24, 2002
    Posts:
    185
    TrojanHunter doesn't create a file called keyfinder.exe... that file must come from somewhere else.

    Edit: If TrojanHunter is scanning a zip or rar archive that containes a file called keyfinder.exe then that is why the files are being created in the temp folder.
     
  3. siliconman01

    siliconman01 Registered Member

    Joined:
    Mar 6, 2003
    Posts:
    780
    Location:
    West Virginia (USA)
    Last edited: Apr 2, 2006
  4. Inspector Clouseau

    Inspector Clouseau AV Expert

    Joined:
    Apr 2, 2006
    Posts:
    1,329
    Location:
    Maidenhead, UK
    And AMON detects it during unpacking process. When you enable Archiv Scanning in NOD32 a nod32 on demand scan will find this too.
     
  5. MichaelJH

    MichaelJH Registered Member

    Joined:
    May 20, 2005
    Posts:
    27
    Location:
    California, USA
    Thanks for all the replies and good info. The keyfinder.exe file is explained, and I'll find it and remove it. Still wondering about the randomly named file that NOD alerted on, but will see if removing the keyfinder solves the problem.

    Magnus, as a loyal TH user for years, I appreciate your response. The NOD alert indicated the files were created by TH, and it seemed a fp by NOD.
     
  6. MichaelJH

    MichaelJH Registered Member

    Joined:
    May 20, 2005
    Posts:
    27
    Location:
    California, USA
    Removed an unused zip file, problem solved.

    Resolved: Think before posting!
     
  7. Lollan

    Lollan Registered Member

    Joined:
    Feb 2, 2006
    Posts:
    288
    I get the feeling you used Magic jellybean on this system. ;)
     
Thread Status:
Not open for further replies.