9 Replies Latest reply on Jul 16, 2013 3:45 PM by Peter M

    HP file detected as trojan - False positive?

      File name - Shortcut.dll

      Location - C:\Program Files (x86)\Hewlett-Parkard\HP TCS

       

      This was detected by McAfee Total Protection software as being a trojan. (Trojan-FBOH!6FB3AEEB38F4)

       

      Can anyone give me a 100% confirmation if this detection was just false positive or was the file really a malicious virus/malware?

        • 1. Re: HP file detected as trojan - False positive?
          Peter M

          To get them to double check if it's a correct analysis or not you need to ask them.   To me it sounds like it's a false detection.

           

          Here's how:  https://community.mcafee.com/thread/2016

          • 2. Re: HP file detected as trojan - False positive?

            I believe that it is also worth mentioning that I reformatted my computer after the detection and the same threat was detected (in the same location) after I had reset it to factory settings. I cannot find much information about this particular trojan on the Internet - what could be a possible reason for this?

            • 3. Re: HP file detected as trojan - False positive?
              Peter M

              McAfee may have tightened security nsomewhat and what was not detected originally now is.   I'm surprised though that is wasn't detected as an unknown under the  usual Artemis header.

               

              Message was edited by: Ex_Brit on 15/07/13 11:47:10 EDT AM
              • 4. Re: HP file detected as trojan - False positive?

                How come its surprising?

                • 5. Re: HP file detected as trojan - False positive?
                  Peter M

                  Well it must have been recognized as an existing malware, usually this sort of detection gets an Artemis label which means the labs are investigatiing whether or not it's real.

                   

                  Only the labs can really clarify this though.

                  • 6. Re: HP file detected as trojan - False positive?

                    File Name            Findings                      Detection                    Type        Extra

                    --------------------|------------------------------|---------------------------- |------------|-----

                    shortcut.dll        |current detection            |trojan-fboh!6fb3aeeb38f4    |Trojan      |no


                    current detection [shortcut.dll]                                         


                      The file submitted is malware that can be detected with curred DAT files. It is

                    recommended that you update your DAT and engine files and scan your computer again.


                    Note –                                                                 


                    Due to the prevalence of network gateway AV products, it is important that all

                    submissions be zipped and the zip file password-protected (password - infected). Some

                    products will reject an email that contains a virus that is not sent in this way. In

                    addition, often we receive a file that appears not to have been infected, to find

                    later that the file was infected when it left the sender, and was cleaned somewhere

                    along the line.                                                           


                    Regards,                                                                 




                    McAfee Labs                                            

                     

                     

                    Got this as an automated reply, not sure what to do?

                    • 7. Re: HP file detected as trojan - False positive?
                      Peter M

                      If you feel it's a false finding, reply to that email keeping everything intact except add the word FALSE in front of the header.

                      • 8. Re: HP file detected as trojan - False positive?

                        Hello again, just so that I can get a rough idea, how long does it usually take for mcafee labs to reply after replying to the automatic email?

                        • 9. Re: HP file detected as trojan - False positive?
                          Peter M

                          There should be an auto-response almost immediately.  The human response varies and can be a couple of days up to a few weeks.   The last I heard was they were short staffed so it's anyone's guess at the moment.