Hi
OS: Win 7 Ultimate x86
Avast Free
Program Version: v7.0.1426
Virus-definitions Version: 120527-0
Process 864
rapportmgntservice.exe
Win32:MalOb-JN[Cryp]
Severity: High
Location on my PC:
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService
http://www.trusteer.com/product/trusteer-rapport
http://en.wikipedia.org/wiki/Rapport
Please advise?
have avast moved the file to chest?
upload rapportmgntservice.exe to www.virustotal.com and test with 40+ malware scanners (if already scanned, click rescan)
when you have the result, copy the URL in the address bar and post it here for us to see
Process 864 rapportmgntservice.exe Win32:MalOb-JN[Cryp] Severity: High
was this a custom scan?
did you select scan memory ?
Hi
VT report:
https://www.virustotal.com/file/5d771c9f00fd4aa7a58e9891bb0df1a8b62537227422bf605d54f2011049c680/analysis/1338129033/
It was a scheduled custom scan.
Criteria: “All harddisks, Operating memory of the computer, Rootkits (quick scan), Auto-start programs (all users)”
File was not moved to chest.
do not use “scan memory” setting…and problem should be solved… if not report back
i recomend using the default quick/full scan with default scan settings unless you know what you do
serch the forum for detection in memory / meory detection / memory scan
should give you lots of info
Hi
Ok I’ve removed the scan memory criteria from the custom scan.
Why was rapport detected as a threat?
You have to sort of decipher the malware name that it was given, Win32:MalOb-JN[Cryp], so it looks like what it loads into memory it is encrypted (the [Cryp] bit) and looks like a malicious object (MalOb).
Given what Rapport seeks to do, it isn’t too much of a surprise that it would take measures to prevent it being circumvented, this can look suspicious and the memory scan in a custom scan is the most thorough of the memory scans. So it can throw up some unusual results.
Personally, I would ask why you even feel the need for the custom scan as the Quick and Full System (pre-defined) scans should be adequate for most users needs.