C:\Windows\SysWOW64\drivers\jqosg.sys FP

crysisfan · February 27, 2009, 5:40pm

C:\Windows\SysWOW64\drivers\jqosg.sys was flagged as Unclassified Malware[at]8317095
DB: 1005
latest CIS installed
cavscan.exe: 3.8.64627.469

I added it to the exclusions list and ran SAS & MBAM scans; nothing was found.
CIMA didn’t report it as suspicuous: http://camas.comodo.com/cgi-bin/submit?file=03cbe6df7f5605a3659ffe27a1184a8d9066436a17d7bac9cceb122de74f69ae

umesh · February 27, 2009, 6:22pm

Hi,
In first look at VT these are results:
http://www.virustotal.com/analisis/f8cdf1dfbe3c8fb93b497f271e5c6863
Result: 9/38 (23.69%)

We will still have a look on it, just wondering from where you got this file?
Can you please tell us name of product it comes with?

BTW CIMA as of now can process only .exe extensions. We are working on to support other PE types.
May be we should change verdict for such cases to “undetermined” rather “Not Rated as Suspicious”.

Thanks
-umesh

crysisfan · February 27, 2009, 6:31pm

Well, to be honest I don’t have a clue what product this driver comes with, but the file was created 14th December 2008 and I do regular, daily scans with MBAM (nothing gets detected) so it’s likely a FP.

Thanks for the info on CIMA.

BTW, isn’t it true that every driver must be digitally signed by Microsoft before it can be installed on Vista 64bit systems (just like mine)?

jebuchanan · February 27, 2009, 6:40pm

I just scanned my system and I don’t have that file (anywhere).

Ramanan · March 2, 2009, 5:43am

Hi,

This has been fixed, please update to latest CIS V477 and update virus signature database to latest.

Thanks
Ramanan

crysisfan · March 2, 2009, 11:59am

OK, thanks ever so much. :comodorocks: