PDA

View Full Version : ASUS ROG Game First III driver detected as Adware (NetTool / NetFilter)



Sweden36
04-05-2015, 06:55 PM
Hi,

On my gaming laptop (Asus G751JT) the software "ASUS Rog Game First III" was pre-installed.
Youtube Video to Game First III (https://www.youtube.com/watch?v=lefwPcfG3z8)

On my computer I'm running Kaspersky Internet Security 2015.
Yesterday, Kaspersky detected the following file as not-a-virus:NetTool.Win32.NetFilter.b
C:\Program Files (x86)\ASUS\ROG Game First III\drivers\Driver\i386\NFC_Driver.sys


The file has:
SHA256: 17e3fde8de528fb03ca59bfc852c86632df76c3b497404b722 d022432e5fd9da
MD5: bc33eb2eb2b520caee67642bb3f187f2

I checked the file against Virustotal.com and received the following result:
Detection ratio: 8 / 57
Agnitum = Riskware.NetTool!
ESET-NOD32 = a variant of Win32/NetFilter.A potentially unsafe
Fortinet = Riskware/NetFilter
GData = Win32.Application.Agent.72FEBA
Kaspersky = not-a-virus:NetTool.Win32.NetFilter.b
McAfee = Artemis!BC33EB2EB2B5
Sophos = Generic PUA LG
TrendMicro-HouseCall = Suspicious_GEN.F47V0314
Link to the result (https://www.virustotal.com/sv/file/17e3fde8de528fb03ca59bfc852c86632df76c3b497404b722 d022432e5fd9da/analysis/)

Any comments on that?

/Sweden36

coyi1895
04-05-2015, 07:30 PM
False positive. I would put the file into Exclusions (http://support.kaspersky.com/us/11390#block2).

Sweden36
04-05-2015, 08:01 PM
I don't think it's fales postive, if 8 out of 57 are detecting this file as something.
I have sent the file for fales postive analyses to Kaspersky and received the following answer:

Hello,

the detection is actually not-a-virus, which means the file is not malicicous. The reason we detect it is because it is filtering traffic from the user. It is likely that your computer came shipped with an anti ads blocker for browsing. and although it is filtering in attemp to stop advertsiements. The user has the right to know and should be notified of such filtering because not everyone will want it. For example, if I was developing ad content for my company and I wanted to test it out on my computer and it was getting blocked without me knowing, this would not be good. This is why we make such detections.

Thank you for checking with us,
Sincerely yours,

coyi1895
04-05-2015, 08:29 PM
The scan result is showing to be heuristic not found from the actual database of detected malware signatures, hence: suspicious; Artemis; generic; potentially unsafe and so on.

Kaspersky said it's not malicious and they flagged it up because it is filtering traffic from the user. This is normal behaviour from Gamefirst III because it allows user customization of network traffic to prioritize gameplay or other apps. Kaspersky is being helpful and working well but it's a false positive.

Korth
04-06-2015, 05:26 AM
GameFirst III (http://rog.asus.com/tag/gamefirst-iii/) is definitely legit software, but the copy you've installed may have been compromised. It is not impossible for a virus to infect system files - that's how a lot of the best ones work, lol.

Run a complete scan because there could be multiple infected files. Uninstall GameFirst, reboot, install it again from a clean copy (your Asus CD), let it update itself as needed (through official Asus support links).

Maybe overkill, but it can't hurt to be too careful.

coyi1895
04-06-2015, 08:35 AM
But Korth, KIS 2015 and he sent the file off to the Kaspersky Lab Analysis team and found nothing malicious and he said it's pre-installed.