False positive for Win32/Sirefef?

[DD2014 0]

Hi,

 

I got a strange detection warning since the data base update dated Monday May 12 2014.

 

ESET NOD 32 (v7.0.302.26, running Win XP 32-bit) detected "Startup scanner    operating memory    Operating memory    Win32/Sirefef trojan" but does not give any detail (file /directory etcetera) and no mean for cleaning it.

 

- Running the utility "ESETSirefefCleaner.exe" gives "INFO: Win32/Sirefef not found"

- ESET SYSRESCUE CD does find anything

- MalwareBytes AntiMalware 20.0.1.1004 does not detect anything

- HitmanPro does not detect anything

- AVAST! Boot CD: idem

- Kaspersy boot CD V10: idem

- Kaspersky Anti-rootkit utility TDSSKiller: idem

- Neuberg Security Task Manager does not show any suspicious running process (see details in attachment)

- WireShark does not show any suspicious Internet traffic

- No slow down of the PC

 

Comparing a SysInspector report (May 14 2014) with a previous one (March 10 2014) shows as main difference ""Rootkit" = "@Trojan.Win32/Sirefef" ( 9: Risky )".

 

Does someone have any clue about this strange issue? A false positive linked to the latest virus database?

 

Thanks for the attention :-)

 

Andrew
 

processinfo 2014_05_14 17_18.html

[Marcos 5,074]

This is most likely detection of older Sirefef remnants. Please refer to this topic and continue the discussion there.