2 FP's: Iomega tools startnt.exe and Motive pcAppsX.dll

[pequod3]

Here's the report after scan by IObit Malware Fighter, v. 2.0

 

OS: Windows XP

Version: 2.0.1.8

Define Version: 1245

Time Elapsed: 00:11:48

Objects Scanned: 56643

Threats Found: 2

Save Time: 6/25/2013 12:36:54 AM

 

|Name|Type|Description|ID|

Trojan.Generic, FILE, C:\Program Files\Iomega\Tools_NT\startnt.exe, 4112377

Trojan.Dropper, FILE, C:\Program Files\Common Files\Motive\pcAppsX.dll, 4049061

-----------------------------------------------------

I checked both files with ZoneAlarm Security Suite version 10. Neither file was identified as a problem in any way. Are these false positives? If it is necessary to upload these files for further checking, please give me specific instructions (I'm a first-time poster) Thanks,

pequod3.

[Cicely]

Hi pequod3,

 

Thanks for your feed back.

 

Please upload the files that are detected as threats to VirusTotal https://www.virustotal.com/en/ and give the report link in your next post.

 

At the same time, please upload the files to http://wikisend.com/ and send us the link to download the files to test.

 

You can use this thread http://forums.iobit.com/showthread.php?t=15495 as an example.

 

Thanks in advance. :wink:

[pequod3]

Further info on 2 FP's startnt.exe and pcAppsX.dll

 

I rescanned both files. IObit Malware Fighter is now only showing startnt.exe as problematic:

 

IObit Malware Fighter

OS: Windows XP

Version: 2.0.1.8

Define Version: 1245

Time Elapsed: 00:00:14

Objects Scanned: 1

Threats Found: 1

Save Time: 6/28/2013 2:35:33 AM

 

|Name|Type|Description|ID|

Trojan.Generic, FILE, C:\Documents and Settings\Palmer\Desktop\IObit tmp\startnt.exe, 4112377

 

Here's the report from VirusTotal:

File already analysed

This file was already analysed by VirusTotal on 2009-09-16 02:33:12 .

Detection ratio: 0/41

 

That analysis was:

SHA256: 4909088b425445ecd14b1830d40626cffb4f28ed31a015f65c7f628b3a6c595c

SHA1: 8e60d138274de0d34a4764065a4d4538395326ff

MD5: 6df0e4ecee08abaaabc6697693f0e581

File size: 28.0 KB ( 28672 bytes )

File type: unknown

Detection ratio: 0 / 41

Analysis date: 2009-09-16 02:33:12 UTC ( 3 years, 9 months ago )

 

I had it analysed again and got this (same) result (in case it was just a similarly-named but different file):

SHA256: 4909088b425445ecd14b1830d40626cffb4f28ed31a015f65c7f628b3a6c595c

SHA1: 8e60d138274de0d34a4764065a4d4538395326ff

MD5: 6df0e4ecee08abaaabc6697693f0e581

File size: 28.0 KB ( 28672 bytes )

File name: startnt.exe

File type: Win32 EXE

Detection ratio: 1 / 47

Analysis date: 2013-06-28 07:52:39 UTC ( 0 minutes ago )

 

The 1 of the 47 that found a problem was this:

McAfee-GW-Edition Heuristic.BehavesLike.Win32.Suspicious-DTR.K 20130627

 

I uploaded the file to WikiSend. Here is the data:

File ID: 455000

File size: 28 KB

Time to live: 7 days

 

Download link: http://wikisend.com/download/455000/startnt.exe

Forum link: startnt.exe

 

I have found no problem with either of the files after scanning with ZoneAlarm, Malwarebytes Antimalware, and Ad-Aware. As I mentined, IObit is no longer calling pcAppsX.dll a problem, and I believe that startnt.exe, from Iomega, is also a false positive.

 

I hope I got the procedures right and that you can confirm the false positive and add it to the IObit profile. Thank you very much.

[enoskype]

Hi pequod3, welcome to IObit Forum! :-D

 

Thanks for following the procedure, the information is adequate for IObit to investigate further, but please update your database version to 1247 as of today now. :wink:

 

Cheers.

[pequod3]

False positive: Iomega tools, startnt.exe

 

Thank you Cicely and enoskype.

 

I have updated to the latest database version: 1249 (2013-07-05). As of today, I am still getting what I believe is a false positive for Iomega tools startnt.exe. I will continue to check back on the forum to see whether or when IOBit declares this to be, in fact, a false positive. Thank you.

 

pequod3