Trojan-Dropper.Win32.Genome.fhe virus is a false positive

        Web Design
trojan dropper win32 genome false positive

Trojan-Dropper.Win32.Genome.fhe is a False PositiveYesterday morning, Kaspersky antivirus detected on several computers of our company the following virus: Trojan-Dropper.Win32.Genome.fhe

We were concerned that the virus was spreading out through our network, we even blamed Dropbox (which is actually a huge security risk if somebody publishes a virus under a shared folder) and uninstalled it from our computers. We invested hours cleaning out computers, enforcing our IT governance plan and finding the source of the problem.

What was weird and worrying is that the infected file was located under a folder of the Kaspersky Antivirus:

c:ProgramDataKaspersky LabAVP12BasesCachekjim.kdl.a664805ecb7ca14d7ca04b30ff6fd35d

After a deep research we found out that the virus was actually a false positive. This is the original message that was posted on Kaspersky forum:

[Trojan-Dropper.Win32.Genome.fhe] is a False positive. Please send the detected file to the lab: http://forum.kaspersky.com/index.php?showtopic=13881 http://support.kaspersky.com/virlab/helpdesk.html

The file detected is a cached signature/part of the heuristics emulator, deleting it shouldn’t make any permanent negative impact on KIS as the file can be recreated (this of course doesn’t mean you should delete it as it’s a FP). So don’t panic. 

I like Kaspersky Antivirus, but yesterday’s alarm was not nice, we lost a lot of time and resources to fix the supposed problem.


About Luis Cuellar

Co-founder and Agile Coach, in charge of leading, managing and coaching agile project teams to achieve a high level of performance and quality in delivering projects that provide exceptional business value to government agencies and nonprofit organizations.
This entry was posted in Web Design and tagged . Bookmark the permalink.

Comments are closed.