Jump to content

SQLitecarve detected as VHO:Trojan.Win32.Convagent.gen


Go to solution Solved by Berny,

Recommended Posts

Posted

Hi,

 

Kaspersky recently detected the SQLitecarve file as Trojan (VHO:Trojan.Win32.Convagent.gen), but Virustotal and Hybrid-Analysis did not recognize the same detection. Will it be a false positive?

 

Check from https://dmitrybrant.com/2018/02/06/a-quick-utility-for-sqlite-forensics (https://dmitrybrant.com/files/SqliteCarve.zip)

 

https://www.virustotal.com/gui/url/2b471c7084a883d0882e6168e238d103dd7cf76b6586961498a18958c9a52787

 

https://www.hybrid-analysis.com/sample/2c95746aca9c7b193185146bbbba7c9782c1c7531f117694d8d8c3048bde4d45

 

 

Regards,

Julio Cesar

Flood and Flood's wife
Posted

Hello @jcrg.rj

Welcome!

❗ Only Kaspersky Virus Lab/Kaspersky Technical support can verify a false positive; if you suspect a false positive: 

  1. Scan the URL via Kaspersky Threat Intelligence Portal & also select Submit to reanalyze, fill in the popup & select Send.
  2. Contact Kaspersky Technical support, they will send the data to Kaspersky’s Virus Lab → on the support page, select your Location, scroll to the bottom, select Online chat

 

 

 

 

  • When it’s available, please share the outcome with the Community? 

Thank you🙏  

Flood🐳 +🐋

  • Solution
Posted

A false positive can also easily be submitted to Kaspersky Virus Lab as follows :

 

  • Form → Request Type ? → Select "Malware"
  • Form → Request Topic ? → Select "False positive"

 

  • Contact Support
Guest
This topic is now closed to further replies.


×
×
  • Create New...