Threat Vault and Virus/Win32.WGeneric.aalbaq

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Threat Vault and Virus/Win32.WGeneric.aalbaq

L0 Member

Hi all,

 

Curious if anyone can point me toward amplifying info regarding Threat Vault signatures? From what I can tell, these generic signatures usually tend to generate false positives. It's hard to investigate why the alert is getting triggered when the Threat Vault only shows a hash without any context or information regarding why it's deemed malicious. Is the hash the only thing  triggering these? I search for the hash on other my other security systems and I get no results, so I have no idea how to chase it down. This particular case is getting triggered by MSVCR80.DLL, which is pretty common on Windows systems. Any guidance is greatly appreciated. 

 

 

1 accepted solution

Accepted Solutions

Cyber Elite
Cyber Elite

@Curt.Schwarder,

Generally what you would do with a signature like this is take the MD5 hash value displayed by threatvault and run it through a search on VirusTotal. However, I'm not currently getting anything off of the displayed signature. 

With this being a newer signature I would report the false positives you're seeing to support so they can pass it along internally and see if the signature isn't a bit too broad. 

View solution in original post

2 REPLIES 2

Cyber Elite
Cyber Elite

@Curt.Schwarder,

Generally what you would do with a signature like this is take the MD5 hash value displayed by threatvault and run it through a search on VirusTotal. However, I'm not currently getting anything off of the displayed signature. 

With this being a newer signature I would report the false positives you're seeing to support so they can pass it along internally and see if the signature isn't a bit too broad. 

Thanks! @BPry

  • 1 accepted solution
  • 4428 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!