Probable false positive threats in Locknote files

  • 21 June 2019
  • 5 replies

Userlevel 1

System: Windows 10 x64 build 18362; KTS (f), databases 21 June 2019
GSI: https://www.getsysteminfo.com/report/579cc104e3548c2a460134d8b11d3a45

Today KTS is finding a threat in two Steganos Locknote executables - VHO:Trojan.Win32.Shelma.gen - and sends them to quarantine.

The contents of these Locknotes are not identical but there is a lot in common and neither Locknote has been updated in the last week, probably much longer.
I copied the contents to Notepad and scanned the txt file with KTS with no threat found. If I create a new Locknote with the contents of the txt file a threat is detected. During this process KTS is dealing with a tmp file in C:\Users\Controller\AppData\Local\Temp, which is, I assume, the temporary working file when the Locknote is decrypted.

A number of other Locknotes appear to work without problems and with no threats found.

Do you have any suggestions for a solution or workaround?


5 replies

Userlevel 7
Badge +8
Welcome. Please submit your probable FP here : https://virusdesk.kaspersky.com/
Userlevel 1
I submitted my Locknote executables to https://virusdesk.kaspersky.com with the result that no threat was found.
When I introduced them, on a USB drive, to a PC with KTS they were deleted immediately.
Userlevel 7
Badge +8
Please contact Technical Support https://center.kaspersky.com
Userlevel 1
Right, I have done that.

Userlevel 1
Kaspersky Technical Support confirmed this as a false positive and today's (26 June 2019) signature update no longer sees a threat.
Thanks for you help.