Yesterday morning, Kaspersky antivirus detected on several computers of our company the following virus: Trojan-Dropper.Win32.Genome.fhe
We were concerned that the virus was spreading out through our network, we even blamed Dropbox (which is actually a huge security risk if somebody publishes a virus under a shared folder) and uninstalled it from our computers. We invested hours cleaning out computers, enforcing our IT governance plan and finding the source of the problem.
What was weird and worrying is that the infected file was located under a folder of the Kaspersky Antivirus:
After a deep research we found out that the virus was actually a false positive. This is the original message that was posted on Kaspersky forum:
[Trojan-Dropper.Win32.Genome.fhe] is a False positive. Please send the detected file to the lab: http://forum.kaspersky.com/index.php?showtopic=13881 http://support.kaspersky.com/virlab/helpdesk.html
The file detected is a cached signature/part of the heuristics emulator, deleting it shouldn’t make any permanent negative impact on KIS as the file can be recreated (this of course doesn’t mean you should delete it as it’s a FP). So don’t panic.
I like Kaspersky Antivirus, but yesterday’s alarm was not nice, we lost a lot of time and resources to fix the supposed problem.