VHO:Trojan-Spy.MSIL.Convagent.gen for firefoxhelper.exe

[Mag2023]

I got the same detection for VHO:Trojan-Spy.MSIL.Convagent.gen but for firefoxhelper.exe. Kaspersky Premium couldn´t fix it.

The location is C:\Recovery\Customizations\usmt.ppkg//ICB\0\MachineSpecific\File\C$\Preload\APP\FIREFOX\callback\FirefoxHelper.exe but I didn´t found a recovery in including folder.

I couldn´t find any suspicious processes and no active process for firefoxhelper.exe when Iooked into the task manager.

Now I´m not sure if it is real trojan or a false positive.

Windows 10 Home 10.0.19045 Build.

[harlan4096]

Welcome to Kaspersky Community.

 

Pause temporally K. protection, restore that file from quarantine, log in https://opentip.kaspersky.com/ with Your My Kaspersky credentials, upload the file, when get the verdict, click on Submit to reanalyze, type Your email address and below also add the URL of this thread, resume K. protection, wait for the final verdict from K. analyst.

[Mag2023]

Sorry but there is no file in the quarantine, the report in Kaspersky shows 2 times that it detected this trojan cause of machine learning and 1 time that the deinfection of the file isn´t possible. So I am currently struggeling how I should find the file.

As said I can´t the file aswell in the named folder as there´s no such folder.

Edited April 7, 2023 by Mag2023

[harlan4096]

Can You post a screen capture of the full detection?

[Mag2023]

[harlan4096]

Ok, I see the detection is in this folder:

 

 

It is Probably a hidden folder in Your system, I would say this is some kind of preinstalled software in Your system ? it is a lap or a desktop? Did You buy that system with that preinstalled Windows system? If so, probably it is a false positive, or maybe not... MSI system?

[Mag2023]

It is a laptop, yes I bought the laptop with the preinstalled Windows 10 system. It is about 5 years old and I didn´t get this message from Kaspersky over all these years. In march there was a Update of Windows.

But I can´t really remember if I had to install Firefox, but I would assume.

 

Edited April 7, 2023 by Mag2023

[harlan4096]

So, probably a false positive, try to enable hidden folders in Your system:

 

https://support.microsoft.com/en-us/windows/show-hidden-files-0320fe58-0117-fd59-6851-9b7f9840fdb2

 

And check if You can access to that folder/file.

[Mag2023]

Actually I already did that and there is no such folder. When I click in Kapsersky on open the containing folder, I get to that folder where the recovery is supposed to be but there is no folder even no hidden one.

I don´t see a recovery folder even if my Disk manager shows me 1, in CMD while tipping reagentc/info I see that it is enabled. But Windows keeps telling me that it is not able to perform a Recovery.

[harlan4096]

Hum... without that file, We can't report it to Kaspersky analysts...

[Mag2023]

Any ideas how I can get that file or how I can find this folder?

[harlan4096]

Can You check access/explore if additional Rescue partition with Admin Disk:

 

https://www.diskpart.com/windows-10/windows-10-disk-management-0528.html

 

If so, try right mouse click over the partition -> Explore

[Igor Kurzin]

Hi @Mag2023, this is a false detection, it was fixed on the 12th of April. Please update databases. We apologize for the inconveniences caused.