Jump to content
IObit Forum
Top Free Driver Updater Tools Best 25 PC Optimization Software Best 22 Antimalware Best 22 Uninstaller Software IObit Coupons & Discount Offers PC Optimizer

False/Positive on agrsmsvc.exe and Cleanup.exe [SOLVED by db 1053]


Recommended Posts

I just updated to version 1.1 and the lastest definition file No. 1045. I now receive a treat report on 2 exe files that have been on my XP pc, one dated 4/17/2002 and the other dated 3/18/2008. These were not found with definition file 1044. See Report below:

 

IObit Malware Fighter

 

OS: Windows XP

Version: 1.1.0.8

Define Version: 1045

Time Elapsed: 00:02:23

Objects Scanned: 51163

Threats Found: 3

Save Time: 7/19/2011 12:38:15 PM

 

|Name|Type|Description|ID|

Trojan.Agent, FILE, C:\WINDOWS\system32\agrsmsvc.exe, 4057790

Trojan.Crypt, FILE, C:\WINDOWS\system32\CleanUp.exe, 4070082

Trojan.Agent, FILE, C:\WINDOWS\system32\agrsmsvc.exe, 4057790

 

I uploaded both exe files to the IOBit Cloud and ran the scans and the results are list below, along with the links and both were found SAFE.

 

http://cloud.iobit.com/index.php?id=14bb8bdea27eab0342e26cb5a6d1f33f35485307b8bfef3608a3f79d01d0af00907135613b6f6e01ea521ab82a104232aa24d39c2d09c96a96a5c5

 

 

 

 

 

Cloud Scan: SAFE

File Basic Info:

 

File Icon:

File Name: agrsmsvc.exe

File Size: 13 KB (13,312 Bytes)

File MD5: efbc44fbd75e4f80bd927aebf6e7eade

File SHA1: F589E1EFEF9AC0084C273B5A50A9C2D87AAB1A41

 

File Type: unknown

 

 

 

 

Report ATAS Registry:

 

Action Path Value Data

Create key HKLM\SOFTWARE\Microsoft\Cryptography\RNG nil

 

 

Report ATAS Malicious Api:

 

Pid name Count

1160 QueryWindow 34

1160 DestroyWindow

 

 

 

 

http://cloud.iobit.com/index.php?id=14bb8bdea278fa5940e63ceaa185a26b334a0107b9ede86a5ca2a1c1538efc079770623c6b6f6e01ea521ab82a104230a133c19f2b0f84218bb8&signature=2e17aace4d50b69657

 

 

 

Cloud Scan: SAFE

File Basic Info:

 

 

File Name: cleanup.exe

File Size: 44 KB (45,056 Bytes)

File MD5: c78a0d9e0fac64810cef67908eb0d695

File SHA1: E5A6577B97C8880961B82CD7DA61AD852FA485B1

 

File Type: exe

 

 

 

 

Report ATAS Registry:

 

Action Path Value Data

Create key HKLM\SOFTWARE\Microsoft\Cryptography\RNG nil

 

 

Report ATAS Malicious Api:

 

Pid name Count

1108 QueryWindow 34

1108 DestroyWindow 1

 

I have added both files to the ignore list until this issue it corrected and the definition file updated to reflect this.

 

Thanks,

 

Les

Link to comment
Share on other sites

  • 3 weeks later...

False/Positive on agrsmsvc.exe unresolved

 

This still has not been corrected. I uploaded this file to the IOBit Cloud and it found it SAFE. That was on July 19th using definition file 1045. We are now on 1050 and it still reports this as a:

 

Trojan.Agent, FILE, C:\WINDOWS\system32\agrsmsvc.exe, 4057790

 

I have also uploaded and scanned this file on virustotal.com and ALL 42 programs indicated that there was NO issue.

 

I have once again added to the iqnore list.

 

This file is from Agere Systems, for the Agere Soft Modem, Call Progress service, dated 9/26/207, version 1.0.0.8.

 

Les

Link to comment
Share on other sites

False/Positive on agrsmsvc.exe resolved

 

This has now been corrected and no longer is it being reported as a:

 

Trojan.Agent, FILE, C:\WINDOWS\system32\agrsmsvc.exe, 4057790

 

This was corrected in definition file 1053.

 

Thanks,

 

Les

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...