Trojan Horse Downloader.Zlob.HUT = False Positive?

Discussion in 'malware problems & news' started by smokeyjoe, Feb 17, 2007.

Thread Status:
Not open for further replies.
  1. smokeyjoe

    smokeyjoe Registered Member

    Joined:
    Feb 17, 2007
    Posts:
    5
    Hello! I've searched all over and cannot find anything regarding this issue, except here - http://www.hard-h2o.com/vertema/63818.html - but I can't read Spanish :((

    Anyway, I did a virus scan with AVGFree 7.5.441 last night and when I woke this morning I noticed it found the above "trojan" at this location - C:\Program Files\Logitech\G-series Software\SDK\LCDSDK_1.02.218.zip.

    I just unstalled a new G15 keyboard about a week ago along with the accompanying G-series software. This zip file comes on the installation CD. AVG quarantined the trojan, but I am unable to "heal" it. I restored the object back to it's original location and I have rerun a scan (after updating my virus database) and nothing is showing up now. It appears that everything is ok now, but for peace of mind I would like to know if anyone has/had a similar issue?

    I am very wary about what I put on my cpu and something like this worries me. I had another false positive with a-squared about a month ago, but was able to locate a thread on their forums acknowledging the error. I can't find anything similar on AVG's forums.

    thanks for any help:)
     
  2. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    That Spanish site doesn´t say anything useful :(
    Trojans can´t be healed unlike viruses.
    If nothing is being detected right now, it´s likely that it was a FP fixed by Grisoft.
     
  3. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    try also to scan your file at virustotal.com ;)
     
  4. smokeyjoe

    smokeyjoe Registered Member

    Joined:
    Feb 17, 2007
    Posts:
    5
    Well, I went ahead and just deleted the zip file after I restored it even though AVG does not say it is a Trojan anymore.

    Also went to virustotal.com (handy site btw, thanks) and sent the .zip directly from my Logitech G-Series Keyboard software installation CD.. here are the results

    http://www.virustotal.com/vt/en/resultadof?eb2b3fa86d3e6ab4e47cc0255a587a35

    This software is for the g15 keyboard. Maybe there is something in the way it accesses parts of the cpu to display info on the small LCD screen that some a/v people find as trojan-like?? I don't know, I am not the most computer tech savvy person.. I think I will post on the Logitech forums also.

    thanks guys
     
    Last edited: Feb 18, 2007
  5. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    well, the results can't be accesed following the link you've provided, but is any other AV detecting it ?
     
  6. smokeyjoe

    smokeyjoe Registered Member

    Joined:
    Feb 17, 2007
    Posts:
    5
    oops, I knew I should have tested the link.. yes, a few of the other AV's did detect it. I also posted this on Logitech forums with no response so far
     
  7. coach_again

    coach_again Registered Member

    Joined:
    Feb 21, 2007
    Posts:
    8
    Location:
    Baton Rouge,LA
    You may want to check and make sure these guys-->pmmon.exe & pmsngr.exe aren't hanging around also. :thumb:
     
  8. smokeyjoe

    smokeyjoe Registered Member

    Joined:
    Feb 17, 2007
    Posts:
    5
    Nope, they are not there. And no response form Logitech..
     
Loading...
Thread Status:
Not open for further replies.