Lenovo One Key Recovery Trojan

[dmj97247]

Zone Alarm (Anti-Virus setting "Ultra Deep Scan," Anti-Spyware setting "Deep Scan") found
Win32.Downloader.Small.afwj located in C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MakeWinPEISO\Tools\PETools\x86\BootSect.exe

Screengrab can be seen here

[warreng24]

False alarm. BootSec.exe is part of the PE Tools package that generates a pre-boot environment to restore the disk image.

Reported on the HP's as well (which also utilizes the PE Tools package).
http://forums.zonealarm.org/zonelabs/bo ... e.id=33161

If it really concerns you, just low-level format the machine, repartition, and clean install Windows without installing the One Key Recovery package.

[dmj97247]

The original post was a statement of fact.



The respondent's hypothesis offers no basis of proof.

[DCO]

The original post was a statement of fact.

Not necessarily.
It's not uncommon for anti-virus programs to give false positives.

[dmj97247]

The original post was a statement of fact.

Not necessarily.
It's not uncommon for anti-virus programs to give false positives.

DISAGREE, use a top notch program and it will become a rarity.


You, as the previous respondent, makes an assumption ("false positive") without providing any basis to back up your claim.

Have you any knowledge regarding the trojan and file, or do you just make statements to potentially mislead others?

[fadiaz]

The original post was a statement of fact.

Not necessarily.
It's not uncommon for anti-virus programs to give false positives.

DISAGREE, use a top notch program and it will become a rarity.


You, as the previous respondent, makes an assumption ("false positive") without providing any basis to back up your claim.

Have you any knowledge regarding the trojan and file, or do you just make statements to potentially mislead others?

hi,

I work in the IT environment and have seen lots of "false positives" even with high end commercial antivirus . There is no perfect software, much less in one as complex as an antivirus. I am not saying to be wreckless now, but many people here know about computers and the lenovo software enough to say it is most probably a false positive.

If you feel a little nervous you can verify the results with other antivirus software scanners to make sure. I would recomend online solutions, so that you do not need to uninstall your actual antivirus. I would recomend TrendMicro House (http://housecall.trendmicro.com/) or Kaspersky online (http://www.kaspersky.com/virusscanner).

You can also Google (or Yahoo or Bing; your preference) for Bootsect.exe; the file in question.

If you still feel paranoid or worried, you could do a fresh install of windows and as you were suggested before, not reinstall the one key recovery software.

One word of advice; do not treat bad the people that sincerely are trying to help you.

Take care and good luck,



Francisco

[dmj97247]

....... or Kaspersky online (http://www.kaspersky.com/virusscanner).

Just so you know, Checkpoint, the pimp of Zone Alarm paid to incorporate Kaspersky into their Security Suite.

You can also Google (or Yahoo or Bing; your preference) for Bootsect.exe; the file in question.

Do you really think that was not the first thing that I did?
Did you do the same prior telling me what to do.
Quite frankly, their is little IF ANY definitive proof that this is a positive or false positive.

If you still feel paranoid or worried, you could do a fresh install of windows and as you were suggested before, not reinstall the one key recovery software.

Re-read the original post. It was a statement. You and the other are reading way to much into something that is just not there.
As one can clearly see (pic), the file was quarantined.
The original post was an informative one, period.


One word of advice; do not treat bad the people that sincerely are trying to help you.

I am sorry you feel that way.


The original post was an informative one, period.

Take care and good luck,

Same to you.