Unsolved
This post is more than 5 years old
2 Intern
•
2.7K Posts
0
9858
SAS finds trojan in Microsft Office
I ran Superantispyware on a new dell. I installed Microsoft Office 2007. When I ran SAS it found a trojan.agent/gen which was identified as" fILES:\PROGRAM FILES(X86)MICROSOFT OFFICE/OPTIONS14/msoo.EXE" I quarantined this file but am not exactly sure if this may have been a legimate file. Does any one know?
ky331
3 Apprentice
3 Apprentice
•
15.3K Posts
0
July 19th, 2010 07:00
The gen (for generic) is the least reliable of detections... and is often prone to report a false positive. And being a Microsoft file (which could be tampered with or forged, but....)
SAS has a user forum (if you're not already a member, just join), where you can report/question likely false positives: http://forums.superantispyware.com/index.php?/forum/32-false-positives
EDIT: You can also submit the file to VirusTotal for analysis: http://www.virustotal.com/
(to do so, you'll have to remove it from the quarantine, go to virus total, hit the BROWSE button to navigate you way to that file, and SEND it for their analysis.
Annie70
2 Intern
2 Intern
•
2.7K Posts
0
July 19th, 2010 08:00
ky331. I will report/question this file with SAS. Thanks.
ky331
3 Apprentice
3 Apprentice
•
15.3K Posts
0
July 19th, 2010 08:00
for me, the spell check is not working in IE.
but i'm getting an automatic spell check in Firefox (mis-spelled words get a squiggly underline in red)
and in Opera (dotted underline in red).
ky331
3 Apprentice
3 Apprentice
•
15.3K Posts
0
July 19th, 2010 08:00
0/41 means that NONE of the anti-virus engines at virus total found a problem with the file. that includes big-name paid (like McAfee, Norton), as well as free products (avg, avira antivir, avast, and MSE).
that, together with SAS's "generic" detection, virtually guarantees it's a false positive on SAS's part.
Just to double-check one point... if virus total said something like, "we've already scanned the file... do you want to see those results? or do you want to rescan YOUR copy?" --- i trust that you told them to scan your copy.
Annie70
2 Intern
2 Intern
•
2.7K Posts
0
July 19th, 2010 08:00
File MSOO.EXE received on 2010.06.27 23:48:55 (UTC)
Current status: finished
Annie70
2 Intern
2 Intern
•
2.7K Posts
0
July 19th, 2010 08:00
I had to confirm my SAS registration. I can post now.
Why doesn't the spell checker on the forum work?
ky331
3 Apprentice
3 Apprentice
•
15.3K Posts
0
July 19th, 2010 08:00
i edited my post to add the info about virus total. i would go there first, it offers over 40 other "opinions" about the file (which you can then link to, when you contact SAS).