C:\WINDOWS\ZOEK-DELETE.EXE flagged by SAS as Trojan.Agent/Gen-killfiles
Is this a false positive?
polonus
C:\WINDOWS\ZOEK-DELETE.EXE flagged by SAS as Trojan.Agent/Gen-killfiles
Is this a false positive?
polonus
More than probably a FP, because MBAM also falsely flagged this part of zoek (by Smeenk),
Malware removal experts should advice victims that use the tool to ignore the SAS alert,
polonus
C:\WINDOWS\ZOEK-DELETE.EXE is Zoek.exe related file and author himself recommended to shut down security software (as for Combofix) if necessary while zoek’s working.
The file as well as other files that are related to Zoek are being removed using DelFix tool.
Tools such as CF or Zoek loads its files to override & overpower active malware files and they perform such operations (killing files for example) so AV/AM can not discern them from malware. Whitelist is necessary, but since some companies have not updated their whitelist … :
Hi magna86,
Almost convinced it was a false positive, rather a generic pup of sorts, but then again no, because I installed it intentionally.
And you were aware that I used it as you worked through analysis of the log data…
On VT is even gets seven flags. But as one does have need of zoek.exe any longer it is best being uninstalled…
because you always work the latest version of the tool…
polonus