False positive on probably unknown STEALTH.CRYPT.TSR.DRIVER?

Proactive Services · Jun 17, 2011

I've had a few alert emails along the lines of:

C:\windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPA451.tmp\System.DirectoryServices.AccountManagement.dll contains probably unknown STEALTH.CRYPT.TSR.DRIVER virus.

C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPD347.tmp\System.DirectoryServices.AccountManagement.dll contains probably unknown STEALTH.CRYPT.TSR.DRIVER virus.

Are these false positives or genuine? I didn't even think stealth TSRs were still around! I cannot get my hands on the computers at the moment so haven't got a copy of the file to play with.

marcw · Jun 18, 2011

I have the same file in my quarantine. I've submitted the file to ESET for analysis. So far no feedback.

The Hammer · Jun 18, 2011

marcw said:

I have the same file in my quarantine. I've submitted the file to ESET for analysis. So far no feedback.
Click to expand...

I don't believe they provide user feedback.

marcw · Jun 18, 2011

So how does find out if it's a FP then?

toxinon12345 · Jun 18, 2011

marcw said:

So how does find out if it's a FP then?
Click to expand...

sending to samples@eset[dot]sk

Log in or Sign up

False positive on probably unknown STEALTH.CRYPT.TSR.DRIVER?

Proactive Services Registered Member

marcw Registered Member

The Hammer Registered Member

marcw Registered Member

toxinon12345 Registered Member

Log in or Sign up

False positive on probably unknown STEALTH.CRYPT.TSR.DRIVER?

Proactive Services Registered Member

marcw Registered Member

The Hammer Registered Member

marcw Registered Member

toxinon12345 Registered Member

Useful Searches