Welcome to our peer-to-peer forums, where owners help owners. Need help now? Visit eSupport here.

English Community

Software and Operating SystemSecurity & Malware
All Forum Topics
Options

4 Posts

08-19-2021

United Kingdom of Great Britain and Northern Ireland

4 Signins

10 Page Views

  • Posts: 4
  • Registered: ‎08-19-2021
  • Location: United Kingdom of Great Britain and Northern Ireland
  • Views: 10
  • Message 1 of 9

Virus in lenovo update

2021-08-19, 12:22 PM

Hi,

 

Our corporate endpoint protection software detected a virus (Trojan.Malware.300983.susgen) in a Lenovo laptop update in path 

 
C:\ProgramData\Lenovo\SystemUpdate\sessionSE\Repository\n2huj36w_n2h\wininfo.exe
 
Fortunately the endpoint defense software blocked it but can this be investigated?
Reply
Answer
Options

4328 Posts

12-02-2007

United States of America

9163 Signins

199673 Page Views

  • Posts: 4328
  • Registered: ‎12-02-2007
  • Location: United States of America
  • Views: 199673

Re:Virus in lenovo update

2021-08-26, 12:55 PM

Hello,


And here is the response I got from Martin S., a senior detection engineer at ESET:

 

"Thank you for your submission. :D But yes, its clean."

 

At this point, I would recommend following up with Palo Alto Networks, as @Bugbatter mentioned, in order to get the FP remediated.  I am not particularly familiar with how they mitigate things, but hopefully they can quickly inject an anti-signature, whitelist the file, or do whatever it is to resolve the issue for you.

 

Regards,

 

Aryeh Goretsky

 



I am a volunteer and neither a Lenovo nor a Microsoft employee.

L380 YogaP50 (20EN-*)P51sP72 (20MB-*)P43sS230u (3347-4HU)T23 (2648-LU7)T42 (2378-R4U)T43p (2678-H7U)T61p (6459-CTO)W510 (4318-CTO)W530 (2441-4R3)X100e (3508-CTO)X120e (0596-CTO)X220 (4286-CTO)X250 (20CM-*)X1e gen3X1 Yoga gen 5X12 gen1X13 gen1Yoga 370

Communities: English Deutsche Español Português Русскоязычное Česká Slovenská Українська Język Polski Moto English


Need an answer, fast? Try using Browser Search to find it in the Lenovo and Moto Community
Reply

Replies(8)
Options

11785 Posts

09-04-2014

Slovakia

33073 Signins

1237910 Page Views

  • Posts: 11785
  • Registered: ‎09-04-2014
  • Location: Slovakia
  • Views: 1237910
  • Message 2 of 9

Re:Virus in lenovo update

2021-08-25, 11:46 AM

Hello and welcome to Community,

 

Sorry for the delayed response. Which scanner does your company use please? You might want to upload the suspicious file to VirusTotal to see what other scanners discover, help decide whether or not it is a false positive. Alternatively you should also be able to report the file to your virus scanner provider for inspection and also to rule out a false positive result.

https://www.virustotal.com/gui/home/upload

 

 

Andy

 

Community Administrator
Lenovo eServices

Please remember to come back and mark the post that you feel solved your question as the solution, it earns the member + points 
Did you find a post helpfull? You can thank the member by awarding them a Thumbs Up
 

Please don't ask me questions by Personal Message; questions belong in the forums.


Using Browser Search to find your answers in Lenovo and Moto Community
Reply
Options

4 Posts

08-19-2021

United Kingdom of Great Britain and Northern Ireland

4 Signins

10 Page Views

  • Posts: 4
  • Registered: ‎08-19-2021
  • Location: United Kingdom of Great Britain and Northern Ireland
  • Views: 10
  • Message 3 of 9

Re:Virus in lenovo update

2021-08-25, 12:32 PM

Hi Andy, we use Cortex XDR. Part of the analysis process is to check the file against VirusTotal.Com. It returned against 2 vendors as Trojan.malware.300983.susgen.

I think this could be a false positive but logged the query on the forum for some extra input.

Reply
Options

2725 Posts

05-01-2010

United States of America

12953 Signins

149183 Page Views

  • Posts: 2725
  • Registered: ‎05-01-2010
  • Location: United States of America
  • Views: 149183
  • Message 4 of 9

Re:Virus in lenovo update

2021-08-25, 13:29 PM

 

Have you posted here?

https://live.paloaltonetworks.com/t5/virustotal/bd-p/VirusTotal_Discussions

Let us know when you hear from them regarding a FP.






Microsoft MVP Consumer Security 2006-2016 / Windows Insider MVP 2016-Present
I am not employed by Microsoft or Lenovo.

Using Browser Search to Find Your Answers In Lenovo and Moto Community
Reply
Options

4328 Posts

12-02-2007

United States of America

9163 Signins

199673 Page Views

  • Posts: 4328
  • Registered: ‎12-02-2007
  • Location: United States of America
  • Views: 199673
  • Message 5 of 9

Re:Virus in lenovo update

2021-08-25, 21:30 PM

Hello,

Can you share the VirusTotal URL?

 

Regards,

 

Aryeh Goretsky

 



I am a volunteer and neither a Lenovo nor a Microsoft employee.

L380 YogaP50 (20EN-*)P51sP72 (20MB-*)P43sS230u (3347-4HU)T23 (2648-LU7)T42 (2378-R4U)T43p (2678-H7U)T61p (6459-CTO)W510 (4318-CTO)W530 (2441-4R3)X100e (3508-CTO)X120e (0596-CTO)X220 (4286-CTO)X250 (20CM-*)X1e gen3X1 Yoga gen 5X12 gen1X13 gen1Yoga 370

Communities: English Deutsche Español Português Русскоязычное Česká Slovenská Українська Język Polski Moto English


Need an answer, fast? Try using Browser Search to find it in the Lenovo and Moto Community
Reply
Options

4 Posts

08-19-2021

United Kingdom of Great Britain and Northern Ireland

4 Signins

10 Page Views

  • Posts: 4
  • Registered: ‎08-19-2021
  • Location: United Kingdom of Great Britain and Northern Ireland
  • Views: 10
  • Message 6 of 9

Re:Virus in lenovo update

2021-08-26, 7:06 AM

Here you go :)

https://www.virustotal.com/gui/file/3ae8462769a4d5012b66af226a196bb12571c72a231b66f07afcc838e878045c/detection

 

Reply
Options

4328 Posts

12-02-2007

United States of America

9163 Signins

199673 Page Views

  • Posts: 4328
  • Registered: ‎12-02-2007
  • Location: United States of America
  • Views: 199673
  • Message 7 of 9

Re:Virus in lenovo update

2021-08-26, 12:39 PM

Hello,

 

I just took a look at the VirusTotal link.  Thank you.  I triggered a rescan, and it dropped from three detections to two, both of which appear to be generic detections based on whatever rules or heuristics are in use, or perhaps an AI or ML classification of some sort.  Now, this could be indicative of a false positive alarm due to bad signatures, or improper/insufficient training set for the AI/ML detection etc.

 

I have contacted a friend of mine who works in the lab of another antivirus company and asked if they could perform an in-depth analysis of the file.  I will let you know what I hear back.

 

Regards,

 

Aryeh Goretsky

 



I am a volunteer and neither a Lenovo nor a Microsoft employee.

L380 YogaP50 (20EN-*)P51sP72 (20MB-*)P43sS230u (3347-4HU)T23 (2648-LU7)T42 (2378-R4U)T43p (2678-H7U)T61p (6459-CTO)W510 (4318-CTO)W530 (2441-4R3)X100e (3508-CTO)X120e (0596-CTO)X220 (4286-CTO)X250 (20CM-*)X1e gen3X1 Yoga gen 5X12 gen1X13 gen1Yoga 370

Communities: English Deutsche Español Português Русскоязычное Česká Slovenská Українська Język Polski Moto English


Need an answer, fast? Try using Browser Search to find it in the Lenovo and Moto Community
Reply
Answer
Options

4328 Posts

12-02-2007

United States of America

9163 Signins

199673 Page Views

  • Posts: 4328
  • Registered: ‎12-02-2007
  • Location: United States of America
  • Views: 199673
  • Message 8 of 9

Re:Virus in lenovo update

2021-08-26, 12:55 PM

Hello,


And here is the response I got from Martin S., a senior detection engineer at ESET:

 

"Thank you for your submission. :D But yes, its clean."

 

At this point, I would recommend following up with Palo Alto Networks, as @Bugbatter mentioned, in order to get the FP remediated.  I am not particularly familiar with how they mitigate things, but hopefully they can quickly inject an anti-signature, whitelist the file, or do whatever it is to resolve the issue for you.

 

Regards,

 

Aryeh Goretsky

 



I am a volunteer and neither a Lenovo nor a Microsoft employee.

L380 YogaP50 (20EN-*)P51sP72 (20MB-*)P43sS230u (3347-4HU)T23 (2648-LU7)T42 (2378-R4U)T43p (2678-H7U)T61p (6459-CTO)W510 (4318-CTO)W530 (2441-4R3)X100e (3508-CTO)X120e (0596-CTO)X220 (4286-CTO)X250 (20CM-*)X1e gen3X1 Yoga gen 5X12 gen1X13 gen1Yoga 370

Communities: English Deutsche Español Português Русскоязычное Česká Slovenská Українська Język Polski Moto English


Need an answer, fast? Try using Browser Search to find it in the Lenovo and Moto Community

0 person found this solution to be helpful.

This helped me too

Reply
Options

4 Posts

08-19-2021

United Kingdom of Great Britain and Northern Ireland

4 Signins

10 Page Views

  • Posts: 4
  • Registered: ‎08-19-2021
  • Location: United Kingdom of Great Britain and Northern Ireland
  • Views: 10
  • Message 9 of 9

Re:Virus in lenovo update

2021-08-26, 13:31 PM
Thats brilliant! THANKS VERY MUCH FOR YOUR WORK :)
Reply
Forum Home

Community Guidelines

Please review our Guidelines before posting.

Learn More

Check out current deals!

Go Shop
X

Save

X

Delete

X

No, I don’t want to share ideas Yes, I agree to these terms