To stay updated on your favorite discussions, please create an account or log in. Then, click the Bookmark icon to subscribe and receive notifications.

False alarms related to Microsoft Updates on Windows 10?

etomcat
etomcat Posts: 1,172 Firewall Master
in Business Suite

Dear Sir,

 

Are we aware of possibly false trojan malware alarms occuring during Microsoft Updates? I have reports of this happening today on some Windows 10 computers in Hungary.

 

For example I can see this in F-Secure PSB portal happening on various school computers, but I have no access to samples, regrettably:

Threat: Trojan.Generic.15676248
Action: blocked
Path: F:\System Volume Information\DFSR\Private\{BFFFCE57-6480-40F9-9F24-284552F1FC32}-{8D4BC535-C650-4627-AA15-E75336D0A4E5}\Installing\Patch-{A1252A9E-F565-4365-96CB-D784464C7D1D}-v688895.exe

 

Thanks in advance, Yours Sincerely:
Tamas Feher, 2F 2000 Kft., Budapest, Hungary.

 

Comments

  • etomcat
    etomcat Posts: 1,172 Firewall Master

    Hello,

     

    Another report says the following (false?) alert causes repeated system restarts on Windows 10 but eventually the situation normalizes automatically somehow.

     

    Date and time: 2017.12.19. 10:24:30
    Computer name: <censored>
    User account: SYSTEM
    Path: C:\Windows\Temp\SppExtComObjHook.dll​
    Threat: Trojan.HackTool.SUP
    Action: Blocked

     

    Thjanks in advance, Yours Sincerely:

    Tamas Feher, Hungary.

  • Ben
    Ben Posts: 664 Cybercrime Crusader

    Hi Tamas, 

     

    We are looking into this.

  • etomcat
    etomcat Posts: 1,172 Firewall Master

    Dear Ben,

    Many thanks for the very quick response!

    Please note I have also sent a report to the lab, these are the data if needed for collaboration:
    Case ID: XXXXXXXXX
    Sandbox ID: XXXXX

    Yours Sincerely: Tamas Feher, Hungary.

    EDIT: Removed PII

  • Ben
    Ben Posts: 664 Cybercrime Crusader

    The sample we have seems to be properly detected and not only by us.

     

    Our labs would definitely need a sample to be able to cross check your detection sample. 

  • Ukko
    Ukko Posts: 39 Cybercrime Crusader
    @Ben wrote:

    The sample we have seems to be properly detected and not only by us.

     

    Our labs would definitely need a sample to be able to cross check your detection sample. 

    by the way -> it's most popular detection (today?):

    https://worldmap3.f-secure.com/

     

    and does not detected by F-Secure a week ago (as example):

    https://www.virustotal.com/en/file/ee186d0ce73e0dbc8f52cbad5658e9c07f24f1a3656c668ac79c26a64cd99e68/analysis/1512986782/

  • Johnny1965
    Johnny1965 Posts: 1 Security Scout

    My system reports Trojan.HackTool.SUP and is starting up over and over again, does not return to normal

  • etomcat
    etomcat Posts: 1,172 Firewall Master
    Hello,

    Is your system pirated or is it a legitimately licenced Windows copy?

    Best Regards: Tamas Feher, Hungary.
This discussion has been closed.

Categories