![]() ![]() These are XP machines that are scheduled to be re-imaged with a new OS. In part I kind of feel like this may be a false positive or HP tools update is actually infected. Perhaps this is a undetected trojan making the call? From what I can tell it's the win installer services being called to do the install and now errors out because the bootscan removed the msi file. I can't find the "trigger" or where it is calling for the win installer to remove it. Even after the bootscan and clean it still calls for the install. It appears that the HPtools update is infected? I can't figure out how it got on my computer if it's not an update. I was able to run bootscans to remove the file which was found in c:\swsetup\hptools\PTAC_A8.400\AC61X86\ACx98.msi. It was located in a resources folder for actividentity which is an HP tool that lets you log in with smartcards and so on. I have the latest Avast installed on them and it stopped the install. I have some legacy HP convertable tablets that on around 4pm began detecting and stopping w32.rootkit-gen from installing.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |