App.Win32... plus Heur.Suspicious virus detections


CIS with found these while doing a scheduled scan this evening:

Application.Win32.NetTool.Portscan.~SAA@25145341 D:\D Drive Programs\Blocklist Manager\Tools\ipscan.exe
Heur.Suspicious@41169719 C:\Program Files\Samsung\EBM\KStartMem.exe
Heur.Suspicious@41169719 C:\Program Files\Samsung\Samsung Magic Doctor\KStartMem.exe
Heur.Suspicious@41169719 C:\Program Files\Samsung\Samsung Recovery Solution III\KStartMem.exe
Heur.Suspicious@22599908 C:\Program Files\Samsung\Samsung Update Plus\Working\SLUB6E0.tmp\SUP20_Patch_2.0.0.17.exe

Have no idea what the top one is about but I understand the ‘Heur’ ones might be false positives, although I could not find any existing topics when I tried the forum search function.

Any info/help would be greatly appreciated.

p.s. please move this to a more appropriate forum if I have posted in the wrong forum

I moved it to the f/p board. Can you provide us with a url where the tool from Samsung can be downloaded?

Hi Splatfly,

Application.Win32.NetTool.Portscan.~SAA[at]25145341 is not an FP,the reported file is termed as a potentially unsafe application. If you really want to continue use this file, You can add the file to the exclusion list.

We are going to have a look at others and will get back to you after investigation.

Thanks and Regards,


Thanks for the replies.

The Samsung tools came pre-installed on my system and the ones on the download link might be newer versions. download link

I am using the versions for windows vista. ‘EBM’ is ‘Easy Battery Manager’ on the samsung link.

As for the other file, if I have it right then you are telling me that it is not infected but it may act as a vulnerability.

Thanks again,

Hi Splatfly,

These FPs(Heur.Suspicious[at]41169719,Heur.Suspicious[at]22599908) have been fixed.Please check in virus signature database 2466.

Thanks and Regards,