Possible False Positive - Win32:Karagany-NW [Trj]

Avast detected this trojan in the file Sage.Mobile.Sage50Mobile.Installation.dll in folder C:\ProgramFiles(x86)\CommonFiles\SageSBD\

Pretty certain that file has been in the computer unchanged since the Sage Accounts installation. Tried online scanners and only detected by GData but also Emisoft reporting Trojan.Win32.Phorpiex!E2 and Trend Micro House Call TROJ_GEN.F47V0803. No other scanners detecting anything

Search for signs of this trojan worm here: The following system changes may indicate the presence of this malware:

The presence of the following files:

* %ALLUSERSPROFILE%\Microsoft-Driver-1-82-8475-5627-5645\winrsvn.exe
* <Drive>:\winrsdrv32.exe

The presence of the following registry modifications:

* HKCU\Software\Microsoft\Windows\CurrentVersion\RunMicrosoft® Update Service=%ALLUSERSPROFILE%\Microsoft-Driver-1-82-8475-5627-5645\winrsvn.exe

If these are not there, you could think about a FP. See for the VT results for what you report: https://www.virustotal.com/file/42c20a78cbd69566ab90d0b2cae6730fe9a927d6ed251e8699d329f99edd0bb4/analysis/

If you are not sure, you could ask for a qualified malware remover to analyze this…they can have a look at your logs!

polonus

None of those signs are present - your link there was where got the 4 positives out of 46 scanners. Malwarebytes Pro is running and appears happy with the file. Can you recommend someone to look at the logs?

Hi COBKA,

I have contacted essexboy, who think that it is the file behaviour that avast is picking up, so a heuristic detection that could be qualified as a riskware flag. But feel free to provide the logs asked for here: http://forum.avast.com/index.php?topic=53253.0
and I am sure essexboy will look into it. I would not worry too much,

polonus

Thanks for your help. I don’t think there’s a problem with this file but here’s the result of the virus total scan

https://www.virustotal.com/file/42c20a78cbd69566ab90d0b2cae6730fe9a927d6ed251e8699d329f99edd0bb4/analysis/1355517561/

There’s no indicators of a malware infection on the PC

Also here nothing found: http://www.isthisfilesafe.org/sha1/58B8A6AC54DE8D1600EB0B04BB840A4998EB3D91_details.aspx

polonus