cancel
Showing results for 
Search instead for 
Did you mean: 

Trojan Detection - what is it telling me?

Jump to solution
Trojan Detection - what is it telling me?

We had a detection today listed as Trojan-FLOM!12DF1F1EB1A4. It appears to have been introduced via a USB drive. It was found in scanning these files all detected as the infection above.

SanDiskSecureAccess.exe
System Volume Information.exe
FOUND.000.exe
6050 db 5_files.exe

The thing that bothers me about this, is that I can find no data on the threat detection or what it is or what it does or if there are other actions that should be taken.

If another machine got this that did not have protection, what would have occurred?

1 Solution

Accepted Solutions
McAfee Employee jess_arman
McAfee Employee
Report Inappropriate Content
Message 4 of 4

Re: Trojan Detection - what is it telling me?

Jump to solution

@User27605043 Since McAfee Quaratined files are encrypted with a proprietary McAfee encryption format, and we are McAfee and are capable of reversing the .bup file format, you can safely collect the sample directly from your C:\Quarantine folder, and submit in the required password protected .zip package as described in the previously linked KB68030.

 

Was my reply helpful?

If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?

3 Replies
McAfee Employee jess_arman
McAfee Employee
Report Inappropriate Content
Message 2 of 4

Re: Trojan Detection - what is it telling me?

Jump to solution

@User27605043 The answer of what would have occurred cannot be provided by detection name alone and without you submitting a sample of the file detected from your quarantine for sandbox analysis via VIL (virus information library) request. If you'd like to move forward with such a request, please be aware that it is the lowest-severity level request as the suspicious file is being successfully detected, protecting your environment, so it may take some time for you to get a detailed response. Instructions for submitting a sample for analysis can be found in KB68030 and you're also welcome to discuss your options in more detail with Technical Support by giving us a call.

If you have ATD in your environment, you would be able to do this analysis and receive a full behavioral analysis report, in-house.

 

Was my reply helpful?

If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?

Re: Trojan Detection - what is it telling me?

Jump to solution

OK assuming the detected files were deleted but also added the the local Quarantine folder. How to I restore that file (or files) from Quarantine to submit.

I am assuming with AV processes running it would be detected and deleted as soon as it was restored. If I turn off the McAfee processes I will not be able to access the restore from McAfee Quarantine GUI.

I believe the files stored in Quarantine are encrypted so it would need to be decrypted by the GUI? Or can the encrypted file be zipped and sent?

 

McAfee Employee jess_arman
McAfee Employee
Report Inappropriate Content
Message 4 of 4

Re: Trojan Detection - what is it telling me?

Jump to solution

@User27605043 Since McAfee Quaratined files are encrypted with a proprietary McAfee encryption format, and we are McAfee and are capable of reversing the .bup file format, you can safely collect the sample directly from your C:\Quarantine folder, and submit in the required password protected .zip package as described in the previously linked KB68030.

 

Was my reply helpful?

If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator