False/Positive on agrsmsvc.exe and Cleanup.exe [SOLVED by db 1053]

[LesBater]

I just updated to version 1.1 and the lastest definition file No. 1045. I now receive a treat report on 2 exe files that have been on my XP pc, one dated 4/17/2002 and the other dated 3/18/2008. These were not found with definition file 1044. See Report below:

 

IObit Malware Fighter

 

OS: Windows XP

Version: 1.1.0.8

Define Version: 1045

Time Elapsed: 00:02:23

Objects Scanned: 51163

Threats Found: 3

Save Time: 7/19/2011 12:38:15 PM

 

|Name|Type|Description|ID|

Trojan.Agent, FILE, C:\WINDOWS\system32\agrsmsvc.exe, 4057790

Trojan.Crypt, FILE, C:\WINDOWS\system32\CleanUp.exe, 4070082

Trojan.Agent, FILE, C:\WINDOWS\system32\agrsmsvc.exe, 4057790

 

I uploaded both exe files to the IOBit Cloud and ran the scans and the results are list below, along with the links and both were found SAFE.

 

http://cloud.iobit.com/index.php?id=14bb8bdea27eab0342e26cb5a6d1f33f35485307b8bfef3608a3f79d01d0af00907135613b6f6e01ea521ab82a104232aa24d39c2d09c96a96a5c5

 

 

 

 

 

Cloud Scan: SAFE

File Basic Info:

 

File Icon:

File Name: agrsmsvc.exe

File Size: 13 KB (13,312 Bytes)

File MD5: efbc44fbd75e4f80bd927aebf6e7eade

File SHA1: F589E1EFEF9AC0084C273B5A50A9C2D87AAB1A41

 

File Type: unknown

 

 

 

 

Report ATAS Registry:

 

Action Path Value Data

Create key HKLM\SOFTWARE\Microsoft\Cryptography\RNG nil

 

 

Report ATAS Malicious Api:

 

Pid name Count

1160 QueryWindow 34

1160 DestroyWindow

 

 

 

 

http://cloud.iobit.com/index.php?id=14bb8bdea278fa5940e63ceaa185a26b334a0107b9ede86a5ca2a1c1538efc079770623c6b6f6e01ea521ab82a104230a133c19f2b0f84218bb8&signature=2e17aace4d50b69657

 

 

 

Cloud Scan: SAFE

File Basic Info:

 

 

File Name: cleanup.exe

File Size: 44 KB (45,056 Bytes)

File MD5: c78a0d9e0fac64810cef67908eb0d695

File SHA1: E5A6577B97C8880961B82CD7DA61AD852FA485B1

 

File Type: exe

 

 

 

 

Report ATAS Registry:

 

Action Path Value Data

Create key HKLM\SOFTWARE\Microsoft\Cryptography\RNG nil

 

 

Report ATAS Malicious Api:

 

Pid name Count

1108 QueryWindow 34

1108 DestroyWindow 1

 

I have added both files to the ignore list until this issue it corrected and the definition file updated to reflect this.

 

Thanks,

 

Les

[LesBater]

False/Positive on agrsmsvc.exe unresolved

 

This still has not been corrected. I uploaded this file to the IOBit Cloud and it found it SAFE. That was on July 19th using definition file 1045. We are now on 1050 and it still reports this as a:

 

Trojan.Agent, FILE, C:\WINDOWS\system32\agrsmsvc.exe, 4057790

 

I have also uploaded and scanned this file on virustotal.com and ALL 42 programs indicated that there was NO issue.

 

I have once again added to the iqnore list.

 

This file is from Agere Systems, for the Agere Soft Modem, Call Progress service, dated 9/26/207, version 1.0.0.8.

 

Les

[enoskype]

You can send your suspicious files to us or upload to www.wikisend.com and give here the download link, then IObit can further investigate it. At the same time, you can upload your suspicious files to www.virustotal.com for analyzing, and post your analysis reports.

 

Cheers.

[LesBater]

False/Positive on agrsmsvc.exe resolved

 

This has now been corrected and no longer is it being reported as a:

 

Trojan.Agent, FILE, C:\WINDOWS\system32\agrsmsvc.exe, 4057790

 

This was corrected in definition file 1053.

 

Thanks,

 

Les