I downloaded and installed Rational PurifyPlus demo to evaluate it.
Once installed I ran it against one of our applications.
Trojan horse Rootkit-Agent.EK
in C:\Program Files\IBM\RationalPurifyPlus\x86\cache\!PUSER.DLL
I'm wondering if this is a false positive?
Everytime I rerun an application through Purify Plus this warning pops up (after cleaning), so it seems to generate the code everytime.
Pinned topic Rational Purify Plus demo being detected as a Trojan horse Rootkit-Agent.EK
Answered question This question has been answered.
Unanswered question This question has not been answered yet.
Updated on 2013-03-22T17:08:33Z at 2013-03-22T17:08:33Z by SystemAdmin
SystemAdmin 110000D4XK2948 Posts
Re: Rational Purify Plus demo being detected as a Trojan horse Rootkit-Agent.EK2013-03-22T17:08:33ZThis is the accepted answer. This is the accepted answer.Hi Jason,
> I'm wondering if this is a false positive?
The fact that AVG is reporting the Trojan on an instrumented DLL
leads me to believe this is likely a false positive. In fact,
Purify is producing its own version of USER32.DLL and AVG may be
correctly reporting that this a version of USER32.DLL that has
been modified or "tampered with". In some ways, Purify does act
like a virus or a Trojan.
If you aren't getting any AVG warnings/errors on your original
USER32.DLL, I'm guessing there really isn't a problem here.