1
fSekrit / Symantec False positive...
« on: July 30, 2012, 07:57 AM »
Hello there.
After an virusdef update I'm getting reports from Symantec that fsekrit v 1.2 and related files are Backdoor.Graybird.
I saw in an earlier post that the paths reported on this matter was consistent with normal usage. These are clients on a windows domain and CSC is the offline files cache.
c:\documents and settings\elisabeth\lokala inställningar\temp\fsekrit-0f8e.exe
c:\documents and settings\elisabeth\lokala inställningar\temp\fsekrit-0f8e.exe
c:\documents and settings\elisabeth\lokala inställningar\temp\fsekrit-75fd.exe
C:\WINDOWS\CSC\d1\80001590
C:\WINDOWS\CSC\d1\80001590>>fSekrit.exe
c:\windows\csc\d1\800044d8
c:\windows\csc\d2\80000729
c:\windows\csc\d2\80000729
C:\WINDOWS\CSC\d2\800044D9
C:\WINDOWS\CSC\d2\800044D9>>fSekrit.exe
C:\WINDOWS\CSC\d3\8000072A
C:\WINDOWS\CSC\d3\8000072A>>fSekrit.exe
c:\windows\csc\d3\8000348a
c:\windows\csc\d3\801c02ea
c:\windows\csc\d3\801c02ea
C:\WINDOWS\CSC\d4\8000348B
C:\WINDOWS\CSC\d4\8000348B>>fSekrit.exe
C:\WINDOWS\CSC\d4\801C02EB
C:\WINDOWS\CSC\d4\801C02EB>>fSekrit.exe
c:\windows\csc\d5\80000814
c:\windows\csc\d5\80000814
c:\windows\csc\d6\80000375
c:\windows\csc\d6\80000375
C:\WINDOWS\CSC\d6\80000815
C:\WINDOWS\CSC\d6\80000815>>fSekrit.exe
C:\WINDOWS\CSC\d7\80000376
C:\WINDOWS\CSC\d7\80000376>>fSekrit.exe
c:\windows\csc\d7\80000666
c:\windows\csc\d7\80000666
C:\WINDOWS\CSC\d8\80000667
C:\WINDOWS\CSC\d8\80000667>>fSekrit.exe
c:\windows\csc\d8\8000158f
After an virusdef update I'm getting reports from Symantec that fsekrit v 1.2 and related files are Backdoor.Graybird.
I saw in an earlier post that the paths reported on this matter was consistent with normal usage. These are clients on a windows domain and CSC is the offline files cache.
c:\documents and settings\elisabeth\lokala inställningar\temp\fsekrit-0f8e.exe
c:\documents and settings\elisabeth\lokala inställningar\temp\fsekrit-0f8e.exe
c:\documents and settings\elisabeth\lokala inställningar\temp\fsekrit-75fd.exe
C:\WINDOWS\CSC\d1\80001590
C:\WINDOWS\CSC\d1\80001590>>fSekrit.exe
c:\windows\csc\d1\800044d8
c:\windows\csc\d2\80000729
c:\windows\csc\d2\80000729
C:\WINDOWS\CSC\d2\800044D9
C:\WINDOWS\CSC\d2\800044D9>>fSekrit.exe
C:\WINDOWS\CSC\d3\8000072A
C:\WINDOWS\CSC\d3\8000072A>>fSekrit.exe
c:\windows\csc\d3\8000348a
c:\windows\csc\d3\801c02ea
c:\windows\csc\d3\801c02ea
C:\WINDOWS\CSC\d4\8000348B
C:\WINDOWS\CSC\d4\8000348B>>fSekrit.exe
C:\WINDOWS\CSC\d4\801C02EB
C:\WINDOWS\CSC\d4\801C02EB>>fSekrit.exe
c:\windows\csc\d5\80000814
c:\windows\csc\d5\80000814
c:\windows\csc\d6\80000375
c:\windows\csc\d6\80000375
C:\WINDOWS\CSC\d6\80000815
C:\WINDOWS\CSC\d6\80000815>>fSekrit.exe
C:\WINDOWS\CSC\d7\80000376
C:\WINDOWS\CSC\d7\80000376>>fSekrit.exe
c:\windows\csc\d7\80000666
c:\windows\csc\d7\80000666
C:\WINDOWS\CSC\d8\80000667
C:\WINDOWS\CSC\d8\80000667>>fSekrit.exe
c:\windows\csc\d8\8000158f