Announcement

Collapse
No announcement yet.

ap.exe Malware or safe ?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • ap.exe Malware or safe ?

    Hi,
    IMF has flagged up C:\Users\alex|apdata\local\mdnslib\ap.exe
    inyone can advise if this is a false positive or something to delete ?
    Regards Alex

  • #2
    Hi alex,

    Thanks for your feedback.

    It is better to paste the report of IMF to your post, which will give details of the flagging.

    You can upload to www.wikisend.com and give the link here, or send IObit your suspicious file, and then IObit can further investigate it. At the same time, you can upload your suspicious file to www.virustotal.com for analyzing, and post your analysis report.

    Cheers.
    enoskype

    - Beauty lies in the eye of the beholder and belongs to the man who can appreciate it. -

    Comment


    • #3
      ap.exe Is it or isn't it ?

      Hi,
      IMF reported the file ap.exe (Found in c:\appdata\local\mdnslib) as malware in a scan but then reports it as safe when I uploaded it to cloud. It seems strange that one part of the IMF program sees differently than another. I wonder if anyone has any thoughts or explanation for this.
      Regards Alex

      Comment


      • #4
        Alex,

        You didn't post the Virus Total report, but I think this might be it :
        http://www.virustotal.com/file-scan/...b87-1314715599

        Definitely looks like a false positive, as only the packer is flagged by 2 engines and another sees suspicious. I don't know which program creates that file, but it's been around for a few years.

        Sandbox report here :
        http://www.threatexpert.com/report.a...694bfdf65c4677
        (packer detected by Kaspersky and that's it...)
        Is it winter yet ?

        Comment


        • #5
          Hi So_Sad
          Thanks for the input. I agree that it seems to be a false positive. What I don't get though is why iOBit is still flagging it if it has been around so long.
          Thanks again, Alex

          Comment


          • #6
            Hi Alex,

            I'm sure they can correct it, if you send them the file (see enoskype's post above).

            Depending on the vendor, you're likely to get false positives on files simply because of their packing, which malware writers use a lot. Not all files are individually looked at before they are added to a database. Seems as though the IMF db and cloud analyze differently..
            Is it winter yet ?

            Comment


            • #7
              Originally Posted by So_sad
              Hi Alex,

              I'm sure they can correct it, if you send them the file (see enoskype's post above).
              Depending on the vendor, you're likely to get false positives or
              (Spam link removed) files simply because of their packing, which malware writers use a lot. Not all files are individually looked at before they are added to a database. Seems as though the IMF db and cloud analyze differently..
              Mostly, anti-virus tools identify it as malware. I used Sophos previously and it identified it as Mal/Generic-S. Ap.exe is loaded during the Windows boot process, but as far as I know it's not a Windows system file. the technical security rating is 63% dangerous on the File net portal. Any idea where it comes from?
              Last edited by Scannan; Aug. 7th, 2019, 15:37.

              Comment


              • #8
                moonkrj
                (WARNING)
                Any more spam and you will be banned.
                To err is Human. To really mess things up you need a PC.

                Comment

                Working...
                X