cancel
Showing results for 
Search instead for 
Did you mean: 
mpinkett
Level 7

HP file detected as trojan - False positive?

File name - Shortcut.dll

Location - C:\Program Files (x86)\Hewlett-Parkard\HP TCS

This was detected by McAfee Total Protection software as being a trojan. (Trojan-FBOH!6FB3AEEB38F4)

Can anyone give me a 100% confirmation if this detection was just false positive or was the file really a malicious virus/malware?

0 Kudos
9 Replies
exbrit
Level 21

Re: HP file detected as trojan - False positive?

To get them to double check if it's a correct analysis or not you need to ask them.   To me it sounds like it's a false detection.

Here's how:  https://community.mcafee.com/thread/2016

0 Kudos
mpinkett
Level 7

Re: HP file detected as trojan - False positive?

I believe that it is also worth mentioning that I reformatted my computer after the detection and the same threat was detected (in the same location) after I had reset it to factory settings. I cannot find much information about this particular trojan on the Internet - what could be a possible reason for this?

0 Kudos
exbrit
Level 21

Re: HP file detected as trojan - False positive?

McAfee may have tightened security nsomewhat and what was not detected originally now is.   I'm surprised though that is wasn't detected as an unknown under the  usual Artemis header.

Message was edited by: Ex_Brit on 15/07/13 11:47:10 EDT AM
0 Kudos
mpinkett
Level 7

Re: HP file detected as trojan - False positive?

How come its surprising?

0 Kudos
exbrit
Level 21

Re: HP file detected as trojan - False positive?

Well it must have been recognized as an existing malware, usually this sort of detection gets an Artemis label which means the labs are investigatiing whether or not it's real.

Only the labs can really clarify this though.

0 Kudos
mpinkett
Level 7

Re: HP file detected as trojan - False positive?

File Name            Findings                      Detection                    Type        Extra

--------------------|------------------------------|----------------------------|------------|-----

shortcut.dll        |current detection            |trojan-fboh!6fb3aeeb38f4    |Trojan      |no


current detection [shortcut.dll]                                         


  The file submitted is malware that can be detected with curred DAT files. It is

recommended that you update your DAT and engine files and scan your computer again.


Note –                                                                 


Due to the prevalence of network gateway AV products, it is important that all

submissions be zipped and the zip file password-protected (password - infected). Some

products will reject an email that contains a virus that is not sent in this way. In

addition, often we receive a file that appears not to have been infected, to find

later that the file was infected when it left the sender, and was cleaned somewhere

along the line.                                                           


Regards,                                                                 




McAfee Labs                                            

Got this as an automated reply, not sure what to do?

0 Kudos
exbrit
Level 21

Re: HP file detected as trojan - False positive?

If you feel it's a false finding, reply to that email keeping everything intact except add the word FALSE in front of the header.

0 Kudos
mpinkett
Level 7

Re: HP file detected as trojan - False positive?

Hello again, just so that I can get a rough idea, how long does it usually take for mcafee labs to reply after replying to the automatic email?

0 Kudos
exbrit
Level 21

Re: HP file detected as trojan - False positive?

There should be an auto-response almost immediately.  The human response varies and can be a couple of days up to a few weeks.   The last I heard was they were short staffed so it's anyone's guess at the moment.

0 Kudos