Jump to content
IObit Forum
Top Free Driver Updater Tools Best 25 PC Optimization Software Best 22 Antimalware Best 22 Uninstaller Software IObit Coupons & Discount Offers PC Optimizer

ap.exe Malware or safe ?


Recommended Posts

Hi alex,

 

Thanks for your feedback.

 

It is better to paste the report of IMF to your post, which will give details of the flagging.

 

You can upload to www.wikisend.com and give the link here, or send IObit your suspicious file, and then IObit can further investigate it. At the same time, you can upload your suspicious file to www.virustotal.com for analyzing, and post your analysis report.

 

Cheers.

Link to comment
Share on other sites

ap.exe Is it or isn't it ?

 

Hi,

IMF reported the file ap.exe (Found in c:\appdata\local\mdnslib) as malware in a scan but then reports it as safe when I uploaded it to cloud. It seems strange that one part of the IMF program sees differently than another. I wonder if anyone has any thoughts or explanation for this.

Regards Alex

Link to comment
Share on other sites

Alex,

 

You didn't post the Virus Total report, but I think this might be it :

http://www.virustotal.com/file-scan/report.html?id=709cf44e009b36823317581e902cfd908ca4382df091871cc0622d44e1e2eb87-1314715599

 

Definitely looks like a false positive, as only the packer is flagged by 2 engines and another sees suspicious. I don't know which program creates that file, but it's been around for a few years.

 

Sandbox report here :

http://www.threatexpert.com/report.aspx?md5=e208e8d66462dc9538694bfdf65c4677

(packer detected by Kaspersky and that's it...)

Link to comment
Share on other sites

Hi Alex,

 

I'm sure they can correct it, if you send them the file (see enoskype's post above).

 

Depending on the vendor, you're likely to get false positives on files simply because of their packing, which malware writers use a lot. Not all files are individually looked at before they are added to a database. Seems as though the IMF db and cloud analyze differently..

Link to comment
Share on other sites

  • 7 years later...
Originally Posted by So_sad

Hi Alex,

 

I'm sure they can correct it, if you send them the file (see enoskype's post above).

Depending on the vendor, you're likely to get false positives or (Spam link removed) files simply because of their packing, which malware writers use a lot. Not all files are individually looked at before they are added to a database. Seems as though the IMF db and cloud analyze differently..

Mostly, anti-virus tools identify it as malware. I used Sophos previously and it identified it as Mal/Generic-S. Ap.exe is loaded during the Windows boot process, but as far as I know it's not a Windows system file. the technical security rating is 63% dangerous on the File net portal. Any idea where it comes from?

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...