Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[MikeZ]

I'm sure it's a false positive - I uploaded it to virustotal and only 9 out of 56 scanners detected anything. It claims to detect Gen:Variant.Jaike.745.

Maybe something that dslstatssampling.exe does looks 'suspicious'.

[roseway]

I'm fairly amazed, because dslstatssampling.exe doesn't do anything. It simply sits there for a maximum of 10 seconds while sampling proceeds. It acts as a marker which HG612_Modem_Stats can detect to avoid clashes between the two programs.

Presumably there's some sequence of bytes in the executable which corresponds with that particular item of malware.

At present it's a rather large executable to do so little, which is a consequence of the lazy way I wrote it. I'll have another look at it and slim it down, which hopefully will get rid of the false positive.

[lloyd]

The fact that it sits and does nothing is in itself suspicious. One trick the malware writers use is to do nothing, waiting for the Av scan to timeout looking for odd behaviour.

[roseway]

I suppose I could make it do something innocuous. Better though, perhaps I can contact Bitdefender and persuade them that it's innocent.

[MikeZ]

I submitted it to them for checking as a false-positive.

[roseway]

Thanks, I'll await the outcome. The source code is available if needed.