« previous next »
Pages: [1]

Topic: Remoteadmin.r Trojan found  (Read 88 times)

Remoteadmin.r Trojan found
« on: November 08, 2020, 11:41:38 AM »

EI64djc

  • Jr. Chef
  • **
  • Date Registered: Nov 2018
  • Posts: 63
Just did a full scan of my System with McAfee 8.8 Enterprise
McAfee found a Remoteadmin.r Trojan in both archive Win10XPE_2020_10_29.7z and Win10XPE_2020_11_01.7z.
Both Archive were deleted.
What is mpg123.exe used for and is it important file.
I enclose screen shot of McAfee scan.
Re: Remoteadmin.r Trojan found
« Reply #1 on: November 08, 2020, 01:14:07 PM »

APT

  • Grand Chef
  • *****
  • winpe enthusiast
  • Location: UK
  • Date Registered: Nov 2012
  • Posts: 1150
Quote from: EI64djc on November 08, 2020, 11:41:38 AM
What is mpg123.exe used for and is it important file.

// Play Startup sound (Commented if mute is selected)
EXEC @!%WinDir%\System32\mpg123.exe -q %SystemRoot%\Media\startup.mp3

it doesn't get flagged by my A/V, if it worries you, use the file from any distro from 2019-12-18 or before, use an older version of that file.

I'm guessing it originates from here https://www.mpg123.de/download.shtml
« Last Edit: November 08, 2020, 01:42:07 PM by APT »
Re: Remoteadmin.r Trojan found
« Reply #2 on: November 08, 2020, 03:02:22 PM »

VoIP

  • Apprentice
  • *
  • Date Registered: Oct 2020
  • Posts: 6
Replicated same issue. False positive. Should set an exemption on that folder or disable the scanner when you build your PE key
Re: Remoteadmin.r Trojan found
« Reply #3 on: November 08, 2020, 03:08:19 PM »

EI64djc

  • Jr. Chef
  • **
  • Date Registered: Nov 2018
  • Posts: 63
Thank you for the advice and help
Will Disable A/V scanner when building :great:
Pages: [1]
« previous next »
 
Powered by EzPortal