To stay updated on your favorite discussions, please create an account or log in. Then, click the Bookmark icon to subscribe and receive notifications.

False alarms related to Microsoft Updates on Windows 10?

Options
etomcat
etomcat W/ Alumni Posts: 1,172 Firewall Master

Dear Sir,

 

Are we aware of possibly false trojan malware alarms occuring during Microsoft Updates? I have reports of this happening today on some Windows 10 computers in Hungary.

 

For example I can see this in F-Secure PSB portal happening on various school computers, but I have no access to samples, regrettably:

Threat: Trojan.Generic.15676248
Action: blocked
Path: F:\System Volume Information\DFSR\Private\{BFFFCE57-6480-40F9-9F24-284552F1FC32}-{8D4BC535-C650-4627-AA15-E75336D0A4E5}\Installing\Patch-{A1252A9E-F565-4365-96CB-D784464C7D1D}-v688895.exe

 

Thanks in advance, Yours Sincerely:
Tamas Feher, 2F 2000 Kft., Budapest, Hungary.

 

Comments

  • etomcat
    etomcat W/ Alumni Posts: 1,172 Firewall Master
    Options

    Hello,

     

    Another report says the following (false?) alert causes repeated system restarts on Windows 10 but eventually the situation normalizes automatically somehow.

     

    Date and time: 2017.12.19. 10:24:30
    Computer name: <censored>
    User account: SYSTEM
    Path: C:\Windows\Temp\SppExtComObjHook.dll​
    Threat: Trojan.HackTool.SUP
    Action: Blocked

     

    Thjanks in advance, Yours Sincerely:

    Tamas Feher, Hungary.

  • Ben
    Ben W/ Alumni Posts: 664 Cybercrime Crusader
    Options

    Hi Tamas, 

     

    We are looking into this.

  • etomcat
    etomcat W/ Alumni Posts: 1,172 Firewall Master
    Options

    Dear Ben,

    Many thanks for the very quick response!

    Please note I have also sent a report to the lab, these are the data if needed for collaboration:
    Case ID: XXXXXXXXX
    Sandbox ID: XXXXX

    Yours Sincerely: Tamas Feher, Hungary.

    EDIT: Removed PII

  • Ben
    Ben W/ Alumni Posts: 664 Cybercrime Crusader
    Options

    The sample we have seems to be properly detected and not only by us.

     

    Our labs would definitely need a sample to be able to cross check your detection sample. 

  • Ukko
    Ukko W/ Alumni Posts: 39 Cybercrime Crusader
    Options

    @Ben wrote:

    The sample we have seems to be properly detected and not only by us.

     

    Our labs would definitely need a sample to be able to cross check your detection sample. 


    by the way -> it's most popular detection (today?):

    https://worldmap3.f-secure.com/

     

    and does not detected by F-Secure a week ago (as example):

    https://www.virustotal.com/en/file/ee186d0ce73e0dbc8f52cbad5658e9c07f24f1a3656c668ac79c26a64cd99e68/analysis/1512986782/

  • Johnny1965
    Johnny1965 W/ Alumni Posts: 1 Security Scout
    Options

    My system reports Trojan.HackTool.SUP and is starting up over and over again, does not return to normal

  • etomcat
    etomcat W/ Alumni Posts: 1,172 Firewall Master
    Options
    Hello,

    Is your system pirated or is it a legitimately licenced Windows copy?

    Best Regards: Tamas Feher, Hungary.
This discussion has been closed.