I keep running the CIS antivirus program on my 2003 server and it keeps finding what it calls “Trojware.win32.Fraudpack.p@nnnnnn” where the n’s are random numbers. The directory that these hits are in is \Program Files\Microsoft.NET\SDK\Compact Framework\v3.5\WindowsCE and the file appears to be NetCFv35.ppc.arwv4.cab.
If this is a false positive, can someone confirm?
If this is not, how does this keep showing up and any ideas on how I picked this up? This is a server box that is used for server things. I have never used it to browse questionable web sites.