Jump to content

SeoTools for Excel\SeoToolsMaster64_packed.xll MSIL/TrojanDropper.Agent.FGU@TYPE=Trojan@SUSP=mod"


Recommended Posts

Hello All,
I am posting this here as I am not able to post in the false positive area.
My SEO team contacted me today and had this removed from their systems by ESET Endpoint Antivirus 8.1 with the latest VSDB.
I am wanting to exclude this from detection as I believe this is a false positive, I also know that the nature of this software is a bit odd so I can see why it was detected. Need to know if this is a false positive or not. I have 10 SEOs who are not able to do some work due to this.

Detection Log below
Dir: C:\Users\user.name\AppData\Local\ESET\ESET Security\Quarantine\
0CA732EA2C31D33CDC96B4E39E814EA7249136F7.NDF    "C:\Program Files (x86)\SeoTools for Excel\SeoToolsMaster64_packed.xll"    "@NAME=MSIL/TrojanDropper.Agent.FGU@TYPE=Trojan@SUSP=mod"    27.08.2021    792576 bytes

Also detecting in WebAccess

Detection Type
Object type
Uniform Resource Identifier (URI)
Process name
C:\Program Files\Google\Chrome\Application\chrome.exe
HTTP filter
Detection engine version
23865 (20210827)
Current engine version
23865 (20210827)
Link to comment
Share on other sites

Based on VirusTotal detection: https://www.virustotal.com/gui/file/dd7854b16b415a773ff4ce389660d47bf8d7d5fa408c9c5606faffc5cb7c9af6/detection , four AV products detect it including Eset.

Note that a month ago, only two of these products detected and Eset was not one of them. So this is a fairly new detection by Eset. As such, I would say Eset's detection is correct.

Edited by itman
Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...