Soffice.exe

Hello, Avast found this:

C:\Program Files (x86)\OpenOffice4\program\soffice.exe

Rootkit: hidden process

I tried to put it into the chest but it didn’t do anything and when I check the chest it isn’t there.

I’ve run Malwarebytes but it hasn’t found anything.

Glary Utilities spyware remover hasn’t found anything either.

I’ve a suspicion this could be a false positive as OpenOffice is a program I trust but am aware viruses do mask themselves at times so thought it best to check.

Test the file at VT (https://www.virustotal.com) and post the link to the result here.

Thanks.

Sorry, I know this is a painful way of doing it but Virus Total won’t let me download a report so I printed it as a PDF which wasn’t accepted here so I’ve had to convert it to jpgs which are too big for the maximum attachment for all four of them so I have to put them as separate messages each time.

.

why dont you just post the scan LINK as asked ???

https://www.virustotal.com/#/file/708b1259df78ed3e739443532e982db92530052219fbe5ea72ef77f669c4b92e/detection

Send file to avast lab
Report a malicious sample (select file or website)
https://www.avast.com/report-malicious-file.php

With respect, there’s really no need to be smart. It was a mistake. Human error, like humans make all the time ???.

Ran Avast again and then scanned the file individually with Avast. Now says it’s safe so it was almost certainly a false positive. I guess computer programs make mistakes too sometimes ;D.

Pondus has been doing this for a very long time. Not reading a post in it’s entirety can be somewhat annoying at times.

Sorry that no one has gotten around since you posted the VT Results.

Can you follow the instructions here? https://forum.avast.com/index.php?topic=194892.0

Run MBAM (Malwarebytes AM) first, then use FRST. After that, I’ll poke someone else to drop by.

Cheers,
Michael

If you would kindly look at the VT link results Pondus provided, it will show Avast did not find anything but 17 other antivirus programs did, so not likely this is a false positive. soffice.exe is, as you said, an OpenOffice file. Earliest version 4 dates to October 08, 2013. https://archive.apache.org/dist/openoffice/

Hello,
the file is clean (additionally I see the string “This file was sanitized by avast! Antivirus” inside so it was modifed and is not the original file).

Milos