Got a infect while Samsung Kies was downloading a update. Message: C:\Program files (x86)\Samsung\Kies\External\FirmwareUpdate\AgentModule.dll infected with Win32:Crypt-PAM [Trj] - was deleted.
Chatted with Samsung, they haven’t heard about.
Has anybody seen the same?
upload the file to www.virustotal.com and test with 40+ malware scanners
post link to scan result here
If the download originated from boostbyreason dot com : http://www.mywot.com/en/scorecard/boostbyreason.com?utm_source=addon&utm_content=popup-donuts the trojan detect could be valid. Also consider: http://www.isthisfilesafe.com/sha1/69DE555AD6120B5F2A3A3B49CA988C01C1429704_details.aspx
polonus
The file is downloaded automatically by the kies software, can’t do it manually.
My bet is a false positive. Did you report it via the scanner?
polonus
How can I do that?
Exact same thing happened to me. Kies auto upgraded itself yesterday and I got the Trojan alert today when I started kies. The file was deleted by avast and it was agentmodule.dll - said it was Win32:Crypt-PAM
did it just delete…or did it ask what to do?
if you move the file to chest, you can right click the file in chest and upload to avast lab as possible false positive
it was directly deleted, without any question.
In the web-protection log (hope name is correct, using german version) found this entry: see picture: https://www.dropbox.com/s/8kftbord19j1gzo/Message-1.jpg
Sorry, no, avast asked what I wanted to do and I said delete. Currently at 57% scan right now the whole system. Interestingly, avast just found a second virus under a different, limited user in the ie browser cache. It was JS:ScriptXE-inf. Probably not related though.
Exact same thing happened to me.
I uploaded the file to www.virustotal.com.
I post link the scan result.
Is this a false positive ?
sure looks like that…only two detections (Gdata use avast engine)
publisher................: Samsung product..................: AgentModule internal name............: AgentModule.dll copyright................: Copyright (c) 2012 Samsung Electronics Co. original name............: AgentModule.dll signing date.............: 11:02 AM 3/18/2013 signers..................: Samsung Electronics CO., LTD.; VeriSign Class 3 Code Signing 2010 CA; VeriSign Class 3 Public Primary Certification Authority - G5 file version.............: 1.0.0.1 description..............: AgentModule
First seen by VirusTotal
2013-03-30 15:04:22 UTC ( 4 hours, 26 minutes ago )
could be bc it is new ?
if you have the file in avast chest, right click and upload to avast lab as false positive
you may add a link to this topic in case they reply
if not in chest, move it manually first…
or use this. http://www.avast.com/contact-form.php. change subject to suite your case
again give link to this topic
This is definitely a false positive caused by Avast signatures. Hopefully, they will sort the problem out and restore the file that is quarantined. It’s easy to do manually, but a lot of people won’t know how to.
After Avast has quarantined the file, you will get a message on startup that Kies can’t find a startup file that is required, I think everything else works if you start up Kies manually.
Hope this FP will be settled soon,
pol
Just installed Samsung Kies, and avast reported a hidden rootkit. Not sure what to make of Kies…
@Pondus, GData is using Bitdefender and there own engine since the 2014 version.
Virustotal version is outdated.
@Justinlee: What was the detectionname?
Normally the file should be in the virus chest under Maintenance.
There you can see the detection.
@Steven… Came up with Sscdmsm.sys and said it is a driver. Only gave two options, which were IGNORE and DELETE (Recommended). I deleted so, it is not in the virus chest. it defintely came from Kies. I notice when installing kies it gives the option to install video codecs (myfreecodec) so, not sure if something to do with that…
You can report this to their Virus Lab via Mail.
Mail: virus@avast.com
subject: false positive
You can clarify that to them, maybe they can fix this.