Jump to content

SeoTools for Excel\SeoToolsMaster64_packed.xll MSIL/TrojanDropper.Agent.FGU@TYPE=Trojan@SUSP=mod"


Recommended Posts

Hello All,
I am posting this here as I am not able to post in the false positive area.
My SEO team contacted me today and had this removed from their systems by ESET Endpoint Antivirus 8.1 with the latest VSDB.
I am wanting to exclude this from detection as I believe this is a false positive, I also know that the nature of this software is a bit odd so I can see why it was detected. Need to know if this is a false positive or not. I have 10 SEOs who are not able to do some work due to this.

Detection Log below
Dir: C:\Users\user.name\AppData\Local\ESET\ESET Security\Quarantine\
0CA732EA2C31D33CDC96B4E39E814EA7249136F7.NDF    "C:\Program Files (x86)\SeoTools for Excel\SeoToolsMaster64_packed.xll"    "@NAME=MSIL/TrojanDropper.Agent.FGU@TYPE=Trojan@SUSP=mod"    27.08.2021    792576 bytes

Also detecting in WebAccess
 

Hash
B34B273B4F3BD8E6EEF03FB51FF69EF978C149AB
 
Name
MSIL/TrojanDropper.Agent.FGU
Detection Type
Trojan
Object type
file
Uniform Resource Identifier (URI)
https://releases.seotoolsforexcel.com/SeoTools_v9.7.0.1_20210727.zip
Process name
C:\Program Files\Google\Chrome\Application\chrome.exe
 
Scan
Scanner
HTTP filter
Detection engine version
23865 (20210827)
Current engine version
23865 (20210827)
Link to comment
Share on other sites

Based on VirusTotal detection: https://www.virustotal.com/gui/file/dd7854b16b415a773ff4ce389660d47bf8d7d5fa408c9c5606faffc5cb7c9af6/detection , four AV products detect it including Eset.

Note that a month ago, only two of these products detected and Eset was not one of them. So this is a fairly new detection by Eset. As such, I would say Eset's detection is correct.

Edited by itman
Link to comment
Share on other sites

  • Administrators

It was confirmed to be a false positive. The detection has been removed.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...