Kaspersky
Solved

SQLitecarve detected as VHO:Trojan.Win32.Convagent.gen

  • 11 October 2021
  • 2 replies
  • 123 views

Hi,

 

Kaspersky recently detected the SQLitecarve file as Trojan (VHO:Trojan.Win32.Convagent.gen), but Virustotal and Hybrid-Analysis did not recognize the same detection. Will it be a false positive?

 

Check from https://dmitrybrant.com/2018/02/06/a-quick-utility-for-sqlite-forensics (https://dmitrybrant.com/files/SqliteCarve.zip)

 

https://www.virustotal.com/gui/url/2b471c7084a883d0882e6168e238d103dd7cf76b6586961498a18958c9a52787

 

https://www.hybrid-analysis.com/sample/2c95746aca9c7b193185146bbbba7c9782c1c7531f117694d8d8c3048bde4d45

 

 

Regards,

Julio Cesar

icon

Best answer by Berny 11 October 2021, 09:32

View original

2 replies

Userlevel 7
Badge +11

Hello @jcrg.rj

Welcome!

:exclamation: Only Kaspersky Virus Lab/Kaspersky Technical support can verify a false positive; if you suspect a false positive: 

  1. Scan the URL via Kaspersky Threat Intelligence Portal & also select Submit to reanalyze, fill in the popup & select Send.
  2. Contact Kaspersky Technical support, they will send the data to Kaspersky’s Virus Lab → on the support page, select your Location, scroll to the bottom, select Online chat

 

 

 

 

  • When it’s available, please share the outcome with the Community? 

Thank you:pray_tone3:  

Flood:whale: +:whale2:

Userlevel 7
Badge +9

A false positive can also easily be submitted to Kaspersky Virus Lab as follows :

 

  • Form → Request Type ? → Select "Malware"
  • Form → Request Topic ? → Select "False positive"

 

  • Contact Support

Reply