Threat Vault and Virus/Win32.WGeneric.aalbaq

Reply
Highlighted
L0 Member

Threat Vault and Virus/Win32.WGeneric.aalbaq

Hi all,

 

Curious if anyone can point me toward amplifying info regarding Threat Vault signatures? From what I can tell, these generic signatures usually tend to generate false positives. It's hard to investigate why the alert is getting triggered when the Threat Vault only shows a hash without any context or information regarding why it's deemed malicious. Is the hash the only thing  triggering these? I search for the hash on other my other security systems and I get no results, so I have no idea how to chase it down. This particular case is getting triggered by MSVCR80.DLL, which is pretty common on Windows systems. Any guidance is greatly appreciated. 

 

 

L7 Applicator

Re: Threat Vault and Virus/Win32.WGeneric.aalbaq

@Curt.Schwarder,

Generally what you would do with a signature like this is take the MD5 hash value displayed by threatvault and run it through a search on VirusTotal. However, I'm not currently getting anything off of the displayed signature. 

With this being a newer signature I would report the false positives you're seeing to support so they can pass it along internally and see if the signature isn't a bit too broad. 

L0 Member

Re: Threat Vault and Virus/Win32.WGeneric.aalbaq

Thanks! @BPry

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!