Forum Thread: Secunia Trojan

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
PSI

This thread has been marked as locked.
rvr2352 Secunia Trojan
Member 8th Mar, 2010 19:35
Ranking: 0
Posts: 4
User Since: 12th Jan, 2008
System Score: N/A
Location: N/A
Vipre has blocked a Trojan which it attributes to Secunia.
It refers to it as a known bad application.
I've never encountered an action vs Secunia. I've included the clipboard readout which I hope you can decipher. Please know that I am not an expert.

<?xml-stylesheet type='text/xsl' href='APDetails.xslt' version='1.0'?><APEvent APEventID="{8187E6BA-7B17-4349-A622-467FE14E8A0C}" EventDateTime="2010-03-08T10:59:56" SchemaVersion="" DefaultConfig="true" EventTypeEnum="2" TimeoutInSeconds="0" MonitorID="2003" MsgID="{092508B7-99A6-42D3-90D3-0F1D68CE8BFA}" MonitorTypeEnum="2" RecommendScan="true" SDKVersion="3.1.2848" ThreatDefVersion="5792" IsAllowOk="true" IsAllowAlwaysOk="true" IsBlockOk="true" IsBlockAlwaysOk="true" IsQuarantineOk="true" EventActorEnum="2">
<ParentProcess FilePath="C:\Program Files\Secunia\PSI\psi.exe" PID="416" FileSize="900816" MD5="" CRC8="05FE7A3165C10000" KnownAsEnum="0" ThreatID="0" AddedToUserKnown="false" Company="Secunia" FileVersion="1.5.0.1" ProductName="Secunia PSI" ProductVersion="1.5.0.1" Description="Secunia PSI" Copyright="Copyright (c) Secunia 2007-2009. All rights reserved." />
<LaunchMonitor FilePath="" FileSize="0" MD5="" CRC8="" KnownAsEnum="0" ThreatID="0" AddedToUserKnown="false" Company="" FileVersion="" ProductName="" ProductVersion="" Description="" Copyright="" />
<RegistryMonitor RegKey="" ValueName="" ValueData="" KnownAsEnum="0" />
<FileMonitor FilePath="C:\Program Files\GnuWin32\bin\psexec.exe" MD5="" CRC8="0F20FA50FB840000" KnownAsEnum="2" ThreatID="4150696" Company="Sysinternals - www.sysinternals.com" FileVersion="1.63" ProductName="Sysinternals PsExec" ProductVersion="1.63" Description="Execute processes remotely" Copyright="Copyright (C) 2001-2005 Mark Russinovich" />
<FinalDispositionInfo DispositionEnum="2" AuthorityEnum="2" QuarantineStatusCode="1" QID="" UserName="" ErrorEnum="0" />
</APEvent>


Any ideas? Steve

BigDave_39 RE: Secunia Trojan
Member 8th Mar, 2010 20:24
Score: 0
Posts: 177
User Since: 26th Nov 2008
System Score: N/A
Location: Washington, DC, US
It is a false positive, it happens from time to time with these anti-virus programs. They are known to flag solid and safe applications as something bad...

You should report it to the vendor of your antivirus, since their program or virus signatures are broken.

--
Big Dave
Was this reply relevant?
+0
-0
This user no longer exists RE: Secunia Trojan
Member 9th Mar, 2010 09:04
Hi,

I can absolutely assure you that the PSI is not malware and does not contain a trojan. I've reported this to the Vipre support team, and we should hopefully have it clear up pretty soon.

Thank you for reporting this.
Was this reply relevant?
+0
-0
This user no longer exists RE: Secunia Trojan
Member 15th Mar, 2010 13:41
Hi,

This is t he reply I received from the Vipre support team:

"We target the file psexec.exe from Sysinternals. It is not malicious at all, but we do target admin tools, I.T. tools, risk tools, etc in our enterprise definitions as network admins want to know if these types of tools exist on their networks. This is not a false positive, but you can set this category to "allowed" or "report only" in the Vipre enterprise console. Let me know if you have any further questions."'

Hope this helps.
Was this reply relevant?
+0
-0

This thread has been marked as locked.