Trojan-Dropper.Win32.Genome.fhe virus is a false positive

By Web Design
trojan dropper win32 genome false positive

Trojan-Dropper.Win32.Genome.fhe is a False PositiveYesterday morning, Kaspersky antivirus detected on several computers of our company the following virus: Trojan-Dropper.Win32.Genome.fhe

We were concerned that the virus was spreading out through our network, we even blamed Dropbox (which is actually a huge security risk if somebody publishes a virus under a shared folder) and uninstalled it from our computers. We invested hours cleaning out computers, enforcing our IT governance plan and finding the source of the problem.

What was weird and worrying is that the infected file was located under a folder of the Kaspersky Antivirus:

c:ProgramDataKaspersky LabAVP12BasesCachekjim.kdl.a664805ecb7ca14d7ca04b30ff6fd35d

After a deep research we found out that the virus was actually a false positive. This is the original message that was posted on Kaspersky forum:

[Trojan-Dropper.Win32.Genome.fhe] is a False positive. Please send the detected file to the lab: http://forum.kaspersky.com/index.php?showtopic=13881 http://support.kaspersky.com/virlab/helpdesk.html

The file detected is a cached signature/part of the heuristics emulator, deleting it shouldn’t make any permanent negative impact on KIS as the file can be recreated (this of course doesn’t mean you should delete it as it’s a FP). So don’t panic. 

I like Kaspersky Antivirus, but yesterday’s alarm was not nice, we lost a lot of time and resources to fix the supposed problem.

Tagged under: