Surface Pro (2017) vs Surface Pro 4
Hi all, I have just completed a scan with A-squared free edition and it has said I have the above named Trojan located in C:\programs\Microsoft works\WksWP.exe
I also have AVG as my virus scanner, malwarebytes anti-malware, super anti-spyware, spybot search and destroy and spyware blaster all are up to date and none of these other security programs report any problems!
I have also scanned the WksWP.exe file at virustotal.com and at virusscan.jotti.org at these sites three of the more unknown scanners also flag up this file.
My question is, is this a false positive? My computer is not exhibiting any strange behaviour but for the time being I have quarantined the suspect file. Problem with this is Microsoft works wont work with its word processor in quarantine.
Don't have A-squared, but why not uninstall and reinstall Works to see? No disk?
for the prompt replies. Gandalf, I am aware that WksWP.exe is the word processor package that comes with Microsoft Works. I wondered however if it were possible for this particular Trojan to have inserted itself within that executable?
If it were the case that a-squared was the only anti malware program to flag this file I would not be unduly concerned, but as I stated in my question it was also flagged by three other of the more obscure scanners at Virustotal and Jotti.
ame, Works was included on disk when I purchased my computer and I don't have the installation program. I have a recent disk image I could reinstall but I don't want to do that if this does turn out to be a false positive.
I don't actually use Works as my office suite, I am running MS Office 2007. My concern was only because of the Trojan alert.
"it was also flagged by three other of the more obscure scanners at Virustotal and Jotti"
If it was flagged up by only 3 of the 42 programs on VirusTotal then that signifies very strongly that it is a false positive. And if you don't use Works (despite having said that it won't work with its WP in quarantine) then leave it there. The next time you update A-Squared it will recheck - and it's quite likely that following a few more updates it will confirm that it was a false positive.
Sea Urchin, thanks for the reply. I am inclined to think along the same lines as yourself. I will leave the file quarantined for now, I have reported this to the emsisoft people through the link in a-squared.
realist, I have seen that link already and it does not really give any more detail other than that which I already know. However thank you for the reply.
Hmmm...not impressed by A-Squared's info on this trojan (if indeed it is one) as contained in link provided by realist. If they know about it, surely they can provide info, rather than asking you to search the web!
Because ASquared uses the Ikarus search engine (which I think is the reference to the IK in the item found)and this works on heuristic principles (it will find things which display the attributes of infections without necessarily being so)it is very common for it to throw up false positives.
If you quarantine it you will probably find that,come a subsequent ASquared update,you will be told that it has been identified as a FP and has been returned to its normal location.
for your replies. I will leave this file quarantined for now and wait and see if a subsequent a-squared update identifies it as a false positive.
I will mark this one as resolved.
This thread is now locked and can not be replied to.