False alarms related to Microsoft Updates on Windows 10?

etomcat
etomcat Posts: 1,172 Firewall Master

Dear Sir,

 

Are we aware of possibly false trojan malware alarms occuring during Microsoft Updates? I have reports of this happening today on some Windows 10 computers in Hungary.

 

For example I can see this in F-Secure PSB portal happening on various school computers, but I have no access to samples, regrettably:

Threat: Trojan.Generic.15676248
Action: blocked
Path: F:\System Volume Information\DFSR\Private\{BFFFCE57-6480-40F9-9F24-284552F1FC32}-{8D4BC535-C650-4627-AA15-E75336D0A4E5}\Installing\Patch-{A1252A9E-F565-4365-96CB-D784464C7D1D}-v688895.exe

 

Thanks in advance, Yours Sincerely:
Tamas Feher, 2F 2000 Kft., Budapest, Hungary.

 

Comments

  • etomcat
    etomcat Posts: 1,172 Firewall Master

    Hello,

     

    Another report says the following (false?) alert causes repeated system restarts on Windows 10 but eventually the situation normalizes automatically somehow.

     

    Date and time: 2017.12.19. 10:24:30
    Computer name: <censored>
    User account: SYSTEM
    Path: C:\Windows\Temp\SppExtComObjHook.dll​
    Threat: Trojan.HackTool.SUP
    Action: Blocked

     

    Thjanks in advance, Yours Sincerely:

    Tamas Feher, Hungary.

  • Ben
    Ben Posts: 664 Cybercrime Crusader

    Hi Tamas, 

     

    We are looking into this.

  • etomcat
    etomcat Posts: 1,172 Firewall Master

    Dear Ben,

    Many thanks for the very quick response!

    Please note I have also sent a report to the lab, these are the data if needed for collaboration:
    Case ID: XXXXXXXXX
    Sandbox ID: XXXXX

    Yours Sincerely: Tamas Feher, Hungary.

    EDIT: Removed PII

  • Ben
    Ben Posts: 664 Cybercrime Crusader

    The sample we have seems to be properly detected and not only by us.

     

    Our labs would definitely need a sample to be able to cross check your detection sample. 

  • Ukko
    Ukko Posts: 39 Cybercrime Crusader

    @Ben wrote:

    The sample we have seems to be properly detected and not only by us.

     

    Our labs would definitely need a sample to be able to cross check your detection sample. 


    by the way -> it's most popular detection (today?):

    https://worldmap3.f-secure.com/

     

    and does not detected by F-Secure a week ago (as example):

    https://www.virustotal.com/en/file/ee186d0ce73e0dbc8f52cbad5658e9c07f24f1a3656c668ac79c26a64cd99e68/analysis/1512986782/

  • Johnny1965
    Johnny1965 Posts: 1 Security Scout

    My system reports Trojan.HackTool.SUP and is starting up over and over again, does not return to normal

  • etomcat
    etomcat Posts: 1,172 Firewall Master
    Hello,

    Is your system pirated or is it a legitimately licenced Windows copy?

    Best Regards: Tamas Feher, Hungary.
This discussion has been closed.

Categories