FP_AX_CAB_INSTALLER.exe came up as a Trojan (Is this an FP?)

Viruses and worms
1

Hi. I just updated my computer to the most current update 100228-1 and ran a full scan. It found this file (FP_AX_CAB_INSTALLER.exe) in C/Windows/Downloaded Program Files. The file date is 10/5/2008. I moved it to the Virus Chest, but am not sure what to do next. If I’m not mistaken, it’s a common driver file for audio and video support.

Is this a False Pos?

Let me know if I need to send more supporting data.

Thanks!

2

This is a false positive because it’s a Flash Player ActiveX Installer.

please upload to VirusTotal or VirScan.Org and post results.

3

Well, I tried 5 times to restore the file so I could upload it to Virus Total, but it does not return to it’s original location even though the window says “Action was completed successfully!”. And, it’s not a hidden file, I have my explorer set to “show hidden files”. I even tried a reboot after the restore to see if that helps. Is there another way to either restore the file or upload it from the chest?

4

Download new Flash player http://www.adobe.com/products/flashplayer/

5

What’s your OS?If you have Vista or 7,maybe the problem is with UAC.Try to extract the file to another place(for example to desktop).

6

Thanks Onix. That worked perfectly! (I’m running XP SP3.) Moving it to the desktop revealed it to be the Adobe Flash Player installer.

I ran it through Virus Total and the result is 0/41.

Even thought it cleared Avast on Virus Total, it still registers as a Trojan if I spot test it. I’ll wait until the next AVS update and check it again.

(I know that it is no longer a necessary file and I can just delete it.)

7

I just ran it through VirScan.org and their results are “Scanner results : 79% Scanner(s) (30/38) found malware!”. The Avast result shows it as “Win32:Dialer-1314 [Trj]”.

So, one site shows as FP and the other site shows as Malware.

(I’m not going to sweat it. Like I said above, I can just delete it.)

8

Does the scanners on VirusTotal and Virscan have the same VPS update ?

9

VirScan says; Avast Engine Version 4.7.4, Sig Version 090604-0.

VT says; Avast Version 4.8.1351.0, Last Update 2010.02.23.

10

You can also try…to be moore confused … ;D
Jotti http://virusscan.jotti.org/en
ThreatExpert http://www.threatexpert.com/submit.aspx

11

Why not.

Jotti results (from 8 Aug 09) 0/21.

TE results are slower than spam…in other words, they haven’t arrived in my mailbox ATT.

(EDIT) Here they are now. I’ll attach for those who know how to understand this because I don’t.

12

I"m getting many PCs w/ BSOD 000000c0 or 0000000C. McAfee’s latest Stinger Removal Tool deleting “FakeAlert Virus and Trojan” embedded inside the FP_AX_CAB_INSTALLER.EXE though more files must be involved if reinfection occurs. i didn’t find anything unusual w/ HJT. Many of my PCs were affected weeks earlier by an undetected Vundo variant. Don’t know if any relationship exists.
http://www.mcafee.com/us/downloads/free-tools/stinger.aspx

More on this phenomena - FAKE Updaters at:
http://forum.bkis.com/showthread.php?p=528
http://news.softpedia.com/news/Trojan-Masquerades-as-Adobe-Reader-Updater-Component-138453.shtml

13

@2of9 this thread is more then a year old…

if you need help start a new