Topic
  • 1 reply
  • Latest Post - ‏2013-03-22T17:08:33Z by SystemAdmin
SystemAdmin
SystemAdmin
2948 Posts

Pinned topic Rational Purify Plus demo being detected as a Trojan horse Rootkit-Agent.EK

‏2013-03-20T16:20:00Z |
I downloaded and installed Rational PurifyPlus demo to evaluate it.

Once installed I ran it against one of our applications.

AVG detected:
Trojan horse Rootkit-Agent.EK
in C:\Program Files\IBM\RationalPurifyPlus\x86\cache\!PUSER.DLL

I'm wondering if this is a false positive?

Everytime I rerun an application through Purify Plus this warning pops up (after cleaning), so it seems to generate the code everytime.
Updated on 2013-03-22T17:08:33Z at 2013-03-22T17:08:33Z by SystemAdmin
  • SystemAdmin
    SystemAdmin
    2948 Posts

    Re: Rational Purify Plus demo being detected as a Trojan horse Rootkit-Agent.EK

    ‏2013-03-22T17:08:33Z  
    Hi Jason,

    >
    > I'm wondering if this is a false positive?
    >

    The fact that AVG is reporting the Trojan on an instrumented DLL
    leads me to believe this is likely a false positive. In fact,
    Purify is producing its own version of USER32.DLL and AVG may be
    correctly reporting that this a version of USER32.DLL that has
    been modified or "tampered with". In some ways, Purify does act
    like a virus or a Trojan.

    If you aren't getting any AVG warnings/errors on your original
    USER32.DLL, I'm guessing there really isn't a problem here.

    Best regards,
    Don