Jump to content
IObit Forum
Top Free Driver Updater Tools Best 25 PC Optimization Software Best 22 Antimalware Best 22 Uninstaller Software IObit Coupons & Discount Offers PC Optimizer Mac Boost Advice IObit Coupons A Good Utility Program From IObit IObit Promo Codes IObit Coupon Codes IObit Coupons and Deals FAQs Driver Booster Pro Review

ap.exe Malware or safe ?


Recommended Posts

Hi alex,

 

Thanks for your feedback.

 

It is better to paste the report of IMF to your post, which will give details of the flagging.

 

You can upload to www.wikisend.com and give the link here, or send IObit your suspicious file, and then IObit can further investigate it. At the same time, you can upload your suspicious file to www.virustotal.com for analyzing, and post your analysis report.

 

Cheers.

Link to comment
Share on other sites

ap.exe Is it or isn't it ?

 

Hi,

IMF reported the file ap.exe (Found in c:\appdata\local\mdnslib) as malware in a scan but then reports it as safe when I uploaded it to cloud. It seems strange that one part of the IMF program sees differently than another. I wonder if anyone has any thoughts or explanation for this.

Regards Alex

Link to comment
Share on other sites

Alex,

 

You didn't post the Virus Total report, but I think this might be it :

http://www.virustotal.com/file-scan/report.html?id=709cf44e009b36823317581e902cfd908ca4382df091871cc0622d44e1e2eb87-1314715599

 

Definitely looks like a false positive, as only the packer is flagged by 2 engines and another sees suspicious. I don't know which program creates that file, but it's been around for a few years.

 

Sandbox report here :

http://www.threatexpert.com/report.aspx?md5=e208e8d66462dc9538694bfdf65c4677

(packer detected by Kaspersky and that's it...)

Link to comment
Share on other sites

Hi Alex,

 

I'm sure they can correct it, if you send them the file (see enoskype's post above).

 

Depending on the vendor, you're likely to get false positives on files simply because of their packing, which malware writers use a lot. Not all files are individually looked at before they are added to a database. Seems as though the IMF db and cloud analyze differently..

Link to comment
Share on other sites

  • 7 years later...
Originally Posted by So_sad

Hi Alex,

 

I'm sure they can correct it, if you send them the file (see enoskype's post above).

Depending on the vendor, you're likely to get false positives or (Spam link removed) files simply because of their packing, which malware writers use a lot. Not all files are individually looked at before they are added to a database. Seems as though the IMF db and cloud analyze differently..

Mostly, anti-virus tools identify it as malware. I used Sophos previously and it identified it as Mal/Generic-S. Ap.exe is loaded during the Windows boot process, but as far as I know it's not a Windows system file. the technical security rating is 63% dangerous on the File net portal. Any idea where it comes from?

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...