TrojWare.Win32.Trojan.Agent.~[ at ]1647047

Located D:\I386\APPS\App18467\fsextend.exe (-- That’s my partition drive. Protected by Angel Soft (Preinstalled software on Gateway). I’ve been going crazy and spent MANY hours trying to delete this. So I temperarely blocked the infected folder (D:\I386) with the COMODO software. Please let me know if you have any clue what this is and how I can go about removing this. Thanks!

(:AGY)

Welcome. :slight_smile:

Is your D drive one of those pre-installed recovery partitions? Are you able to upload the file to Virustotal?

Hello and thanks for your reply. Yes, the D drive is pre-installed recovery partitions. I just tried to upload the files (directory) to that site and it won’t let me.

Hello.

We have identified this false-positive and will be fixed in next CAV update.

Thank you for reporting.

Sweet. Can you tell me what it goes to? I have a few ideas. Thanks!!

Hello.

Can you please attach “D:\I386\APPS\App18467\fsextend.exe” here - as file name fsextend.exe corresponding to filesystem tool from MS, but false positive was introduced on PrismXL tool used by GW, so there is some strange file name conflict.

The PrismXL tool allow admin deploy software on a target computer regardless of the current user’s permissions.
http://support.gateway.com/s/issues/2-1945178247.shtml

We are sorry for false positive.

I’m locked out of the partition. PC Angel won’t let me even view the files.