Jump to content

Probable false positive threats in Locknote files


Recommended Posts

Posted
Hello, System: Windows 10 x64 build 18362; KTS 19.0.0.1088 (f), databases 21 June 2019 GSI: https://www.getsysteminfo.com/report/579cc104e3548c2a460134d8b11d3a45 Today KTS is finding a threat in two Steganos Locknote executables - VHO:Trojan.Win32.Shelma.gen - and sends them to quarantine. The contents of these Locknotes are not identical but there is a lot in common and neither Locknote has been updated in the last week, probably much longer. I copied the contents to Notepad and scanned the txt file with KTS with no threat found. If I create a new Locknote with the contents of the txt file a threat is detected. During this process KTS is dealing with a tmp file in C:\Users\Controller\AppData\Local\Temp, which is, I assume, the temporary working file when the Locknote is decrypted. A number of other Locknotes appear to work without problems and with no threats found. Do you have any suggestions for a solution or workaround? Thanks
Posted
Berny, I submitted my Locknote executables to https://virusdesk.kaspersky.com with the result that no threat was found. When I introduced them, on a USB drive, to a PC with KTS they were deleted immediately.
Posted
Please contact Technical Support https://center.kaspersky.com
Posted
Right, I have done that. Thanks
Posted
Kaspersky Technical Support confirmed this as a false positive and today's (26 June 2019) signature update no longer sees a threat. Thanks for you help.

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now


×
×
  • Create New...