Results 1 to 5 of 5

Thread: Trojan-Downloader.Win32.Agent.djeh ?? - False Positive?

  1. #1
    morey Guest

    Default Trojan-Downloader.Win32.Agent.djeh ?? - False Positive?

    I just sent the following inquiry to Kaspersky:

    Dear Sirs,

    Please test the attached zipped file with password "test" to see if it is a virus. I use Zone Alarm Security Suite which uses Kaspersky to test for viruses. I use version 9.1.008.000 and Anti-virus engine version 8.02.42.DAT file version 1014343392.

    I had uploaded the file to:

    www.virustotal.com

    Their tests showed only a 16.67% chance it is a virus or Trojan per their analysis at this link:

    https://www.virustotal.com/analisis/...180-1269267309

    The Zone Alarm test showed it to be:

    Trojan-Downloader.Win32.Agent.djeh for \Program Files\HP\Digital Imaging\bin\hposvc08.exe.

    I quarantined the file until you respond to me.

    Thanks for your cooperation.

  2. #2
    morey Guest

    Default Re: Trojan-Downloader.Win32.Agent.djeh ?? - False Positive?

    Kaspersky sent me the following:

    "Hello,

    This message has been generated by the automated submission tracking system. If we already detect these files, the message below tells you how we identify this threat. Your submission will be passed to a virus analyst.

    hposvc08.exe - Trojan-Downloader.Win32.Agent.djeh

    This file is detected by the latest antivirus databases.

    Best regards, Kaspersky Lab

    10/1, 1st Volokolamsky Proezd, Moscow, 123060, Russia"

    This is a Hewlett Packard old file. Could Kaspersky be wrong?

  3. #3
    garywa Guest

    Default Re: Trojan-Downloader.Win32.Agent.djeh ?? - False Positive?

    I have this HP file on my PC also. I just scanned it with ZASS and no infection was found.

    As a comparison, here are the details of the file I have:

    size: 90,112 bytes
    file version: 4.2.0.020
    product version: 2.4.1.020
    version date: April 6, 2003

    It is in folder: C:\Program Files\Hewlett-Packard\Digital Imaging\bin
    If yours is in a different folder, it could be an infected version.

    This is the ZA DAT version I scanned with:

    ZoneAlarm Security Suite version:9.1.008.000
    TrueVector version:9.1.008.000
    Driver version:9.1.008.000
    Anti-virus engine version:8.0.2.42
    Anti-virus signature DAT file version:1014397312 <=======
    AntiSpam version:6.0.0.2383

    EDIT: I uploaded it to virustotal and no infection was found: 0/42 (0%). You may just have an infected/corrupt copy of the file. You might want to try downloading the latest driver/software for your device from HP, uninstalling the current driver/software and installing the new one.
    Last edited by garywa; March 22nd, 2010 at 03:21 PM. Reason: Added virustotal results

  4. #4
    morey Guest

    Default Re: Trojan-Downloader.Win32.Agent.djeh ?? - False Positive?

    Kaspersky corrected their diagnosis as follows:

    "Hello,

    Sorry, it was a false detection. It will be fixed in the next update.
    Thank you for your help.

    Regards, Vitaly Yakutenko
    Virus analyst, Kaspersky Lab."

    This data file version detected it as a virus: 1014343392

    This one passed it after correction by Kaspersky: 1014397312
    Last edited by morey; March 22nd, 2010 at 04:57 PM.

  5. #5
    morey Guest

    Default Trojan-Downloader.Win32.Agent.djth ?? - False Positive?

    I had the same problem again just one week after the last one with an HP file again. Here is what I sent Kaspersky:

    Today, March 30, 2010, I received the following email:

    "Sorry, it was a false detection. It will be fixed in the next update.
    Thank you for your help.

    -------------------------------------------
    Best wishes, Pavel Firsov.
    Virus analyst , Kaspersky Lab."
    Last edited by fax; April 5th, 2010 at 05:58 AM. Reason: offtopic

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. FALSE POSITIVE Win32.Trojan.Agent.CWS.42
    By GeorgeV in forum ZoneAlarm Anti-virus & Anti-spyware
    Replies: 0
    Last Post: January 29th, 2009, 12:09 AM
  2. Is Trojan.Win32.Agent.avcy. a False Positive?
    By bcool in forum Malware Discussion
    Replies: 5
    Last Post: December 30th, 2008, 01:31 PM
  3. Is Win32.Trojan.Spy.Agent.kb a false positive?
    By skjhlkj in forum Malware Discussion
    Replies: 2
    Last Post: May 28th, 2008, 10:52 AM
  4. False positive? win32.trojan.downloader.banload.awy
    By riceorony in forum Malware Discussion
    Replies: 9
    Last Post: January 12th, 2008, 04:02 PM
  5. Is Trojan-Downloader.Win32.Agent.bng A false Positive?
    By dougal in forum Malware Discussion
    Replies: 3
    Last Post: May 15th, 2007, 09:37 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •