Desert Rider wrote:
> I downloaded a patch from HP (Hewlitt Packard) for a fix for HP
> Director on a HP 1310 PSC printer. I scanned the downloaded exe with
> Active Virus Shield (resident), AntiVirus Lab online scanner and
> Kaspersky online scanner. They all came up clean.
>
> When I went to install the patch Active Virus Shield popped an alert
> that Trojan.Win32.KillFiles.nu had been detected in the HPGPD.exe file
> in the directory C:\DOCUME~1\XXXXXXX\LOCALS~1\Temp\207354\. This has
> to be the a file extracted from the original patch file. I deleted the
> file and obviously that aborted the install of the patch.
>
> Is this a false positive being generated by Active Virus Shield?
> Should I skip the deletion of the above file and then submit the
> HPGPD.exe file to online scanners for analysis?
>
> I confirmed that the HP site I downloaded from was a legitimate HP
> site.
>
> TIA for any comments.
it's impossible for us to say with certainty that it's a false positive,
but if it's definitely from hp's site then the chances of it being a
false positive are pretty good...
the best way to resolve the uncertainty would be to submit the file to
your anti-malware vendor for analysis - if it is a false alarm then they
can not only tell you but possibly even fix the problem... if it's not a
false alarm then probably they saved you from some problems down the line...
--
"it's not the right time to be sober
now the idiots have taken over
spreading like a social cancer,
is there an answer?"
FAQ
Profile
Private Messages
Log in
