Announcement

Collapse
No announcement yet.

Notepad.exe

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Notepad.exe

    Hi Folks,

    IMF v3.3 has detected "notepad.exe" as an intruder. Following, I am copying the scan register:
    OS: Windows XP
    Version: 3.3.0.8
    Database Version: 1483
    Scan Mode:Manual
    Time Elapsed: 01:00:21
    Objects Scanned: 62332
    Threats Found: 1
    Save Time: 7/10/2015 09:29:06 a.m.

    |Name|Type|Description|ID|
    Trojan.Agent, FILE, C:\WINDOWS\system32\NOTEPAD.EXe, 4101673

    Any comment about it?
    Is it a "false-positive"? I think so...

    Regards,

    Fraulf
    Oct. 07, 2015 - 1042H

  • #2
    Hi fraulf, welcome to IObit Forum!

    Although notepad.exe is a genuine MS file and it may be false positive, the capital letters in your file (NOTEPAD.EXe) makes me suspicious.

    Please upload the file to VirusTotal and give the link of the report in your next post.

    Also, for further investigation by IObit, load the file to Wikisend (compressed as a zip file with password infected) and give the link in your next post.

    Cheers.
    enoskype

    - Beauty lies in the eye of the beholder and belongs to the man who can appreciate it. -

    Comment


    • #3
      Hi Enoskype,


      Thinking in that way, the first time when IMF reported the same situation, I copyied the file from another computer, WXP SP3, and "checked" it as you saw: renamed it with capital letters but one, in order to know if the detection is or not a false-positive.

      Is there any way to warn/correct IMF to do not detect "notepad.exe" again as a Trojan Agent? I mean, as a some kind of "exception".

      Thank you so much for your help.

      Regards,


      Fraulf

      Comment


      • #4
        Basically all that happens is that it will act as though it is opening, but will not. Nothing shows up in Task Manager and there are no errors bluestacks.

        Comment


        • #5
          Hi Enoskype,


          Thinking in that way, the first time when IMF reported the same situation, I copyied the file from another computer, WXP SP3, and "checked" it as you saw: renamed it with capital letters but one, in order to know if the essay typer tool detection is or not a false-positive.
          Is there any way to warn/correct IMF to do not detect "notepad.exe" again as a Trojan Agent? I mean, as a some kind of "exception".

          Thank you so much for your help.

          Regards,


          Fraulf
          I have found a similar issue on malwarebytes forum. I can send you a PM with the solution, because somehow the link cannot be saved here in the thread. Alternatively, you may install DDS and try it as well. It's available on bleepingcomputer or other relevant forums, just google and the first link will be the official one.
          Last edited by moonkrj; Jul. 1st, 2019, 06:10. Reason: typos

          Comment

          Working...
          X