Results 1 to 6 of 6
  1. #1
    New ROGer Array
    Join Date
    Apr 2015
    Reputation
    10
    Posts
    2

    Exclamation ASUS ROG Game First III driver detected as Adware (NetTool / NetFilter)

    Hi,

    On my gaming laptop (Asus G751JT) the software "ASUS Rog Game First III" was pre-installed.
    Youtube Video to Game First III

    On my computer I'm running Kaspersky Internet Security 2015.
    Yesterday, Kaspersky detected the following file as not-a-virus:NetTool.Win32.NetFilter.b
    C:\Program Files (x86)\ASUS\ROG Game First III\drivers\Driver\i386\NFC_Driver.sys


    The file has:
    SHA256: 17e3fde8de528fb03ca59bfc852c86632df76c3b497404b722 d022432e5fd9da
    MD5: bc33eb2eb2b520caee67642bb3f187f2

    I checked the file against Virustotal.com and received the following result:
    Detection ratio: 8 / 57
    Agnitum = Riskware.NetTool!
    ESET-NOD32 = a variant of Win32/NetFilter.A potentially unsafe
    Fortinet = Riskware/NetFilter
    GData = Win32.Application.Agent.72FEBA
    Kaspersky = not-a-virus:NetTool.Win32.NetFilter.b
    McAfee = Artemis!BC33EB2EB2B5
    Sophos = Generic PUA LG
    TrendMicro-HouseCall = Suspicious_GEN.F47V0314
    Link to the result

    Any comments on that?

    /Sweden36

  2. #2
    ROG Guru: Orange Belt Array coyi1895 PC Specs
    coyi1895 PC Specs
    MotherboardAsus Rampage V Extreme BIOS 1502
    Processori7 5930K
    Memory (part number)CMD16GX4M4A2666C16 (single kit)
    Graphics Card #1Gigabyte GeForce GTX 980Ti G1 Gaming
    Graphics Card #2Gigabyte GeForce GTX 980Ti G1 Gaming
    Sound CardAsus Xonar Essence One/Asus Essence STX II
    MonitorAsus ROG Swift PG279Q
    Storage #1Samsung 950 Pro 512GB
    Storage #2Samsung 840 EVO 1TB
    CPU CoolerCorsair H110i GT
    CaseCorsair Obsidian 750D
    Power SupplyCorsair AX1200i
    Keyboard Corsair Vengeance K70 RGB Cherry MX Red Switch
    Mouse Mionix Naos 8200
    Headset Beyerdynamic MMX300
    Headset/Speakers Corsair SP2500 2.1
    OS Windows 10 Pro 64-bit
    Network RouterAsus RT-AC68U
    Accessory #1 Storage #3: ST2000DM001
    coyi1895's Avatar
    Join Date
    Jul 2012
    Reputation
    26
    Posts
    300

    False positive. I would put the file into Exclusions.

  3. #3
    New ROGer Array
    Join Date
    Apr 2015
    Reputation
    10
    Posts
    2

    I don't think it's fales postive, if 8 out of 57 are detecting this file as something.
    I have sent the file for fales postive analyses to Kaspersky and received the following answer:
    Hello,

    the detection is actually not-a-virus, which means the file is not malicicous. The reason we detect it is because it is filtering traffic from the user. It is likely that your computer came shipped with an anti ads blocker for browsing. and although it is filtering in attemp to stop advertsiements. The user has the right to know and should be notified of such filtering because not everyone will want it. For example, if I was developing ad content for my company and I wanted to test it out on my computer and it was getting blocked without me knowing, this would not be good. This is why we make such detections.

    Thank you for checking with us,
    Sincerely yours,

  4. #4
    ROG Guru: Orange Belt Array coyi1895 PC Specs
    coyi1895 PC Specs
    MotherboardAsus Rampage V Extreme BIOS 1502
    Processori7 5930K
    Memory (part number)CMD16GX4M4A2666C16 (single kit)
    Graphics Card #1Gigabyte GeForce GTX 980Ti G1 Gaming
    Graphics Card #2Gigabyte GeForce GTX 980Ti G1 Gaming
    Sound CardAsus Xonar Essence One/Asus Essence STX II
    MonitorAsus ROG Swift PG279Q
    Storage #1Samsung 950 Pro 512GB
    Storage #2Samsung 840 EVO 1TB
    CPU CoolerCorsair H110i GT
    CaseCorsair Obsidian 750D
    Power SupplyCorsair AX1200i
    Keyboard Corsair Vengeance K70 RGB Cherry MX Red Switch
    Mouse Mionix Naos 8200
    Headset Beyerdynamic MMX300
    Headset/Speakers Corsair SP2500 2.1
    OS Windows 10 Pro 64-bit
    Network RouterAsus RT-AC68U
    Accessory #1 Storage #3: ST2000DM001
    coyi1895's Avatar
    Join Date
    Jul 2012
    Reputation
    26
    Posts
    300

    The scan result is showing to be heuristic not found from the actual database of detected malware signatures, hence: suspicious; Artemis; generic; potentially unsafe and so on.

    Kaspersky said it's not malicious and they flagged it up because it is filtering traffic from the user. This is normal behaviour from Gamefirst III because it allows user customization of network traffic to prioritize gameplay or other apps. Kaspersky is being helpful and working well but it's a false positive.
    Last edited by coyi1895; 04-06-2015 at 12:41 AM.

  5. #5
    ROG Guru: Black Belt Array Korth PC Specs
    Korth PC Specs
    MotherboardASUS X99 R5E (BIOS2101/1902)
    ProcessorHaswell-EP E5-1680-3 SR20H/R2 (4.4GHz)
    Memory (part number)Vengeance LPX 4x8GB SS DDR4-3000 (CMK32GX4M4C3000C15)
    Graphics Card #1NVIDIA Quadro GP100GL/16GB, 16xPCIe3, NVLink1 (SLI-HB)
    Graphics Card #2NVIDIA Quadro GP100GL/16GB, 16xPCIe3, NVLink1 (SLI-HB)
    Sound CardJDS Labs O2+ODAC (RevB), USB2 UAC1
    MonitorASUS PG278Q
    Storage #1Samsung 850 PRO 512GB SSDs, 4xSATA3 RAID0
    Storage #2Comay BladeDrive E28 3200GB SSD, 8xPCIe2
    CPU CoolerRaijintek NEMESIS/TISIS, AS5, 2xNH-A14
    CaseObsidian 750D (original), 6xNH-A14
    Power SupplyZalman/FSP ZM1250 Platinum
    Headset Pilot P51 PTT *modded*
    OS Arch, Gentoo, Win7x64, Win10x64
    Network RouterActiontec T3200M VDSL2 Gateway
    Accessory #1 TP-Link AC1900 Archer T9E, 1xPCIe
    Accessory #2 ASUS/Infineon SLB9635 TPM (TT1.2/FW3.19)
    Accessory #3 ASUS OC Panel I (FW0501)
    Korth's Avatar
    Join Date
    Mar 2015
    Reputation
    152
    Posts
    2,719

    GameFirst III is definitely legit software, but the copy you've installed may have been compromised. It is not impossible for a virus to infect system files - that's how a lot of the best ones work, lol.

    Run a complete scan because there could be multiple infected files. Uninstall GameFirst, reboot, install it again from a clean copy (your Asus CD), let it update itself as needed (through official Asus support links).

    Maybe overkill, but it can't hurt to be too careful.

  6. #6
    ROG Guru: Orange Belt Array coyi1895 PC Specs
    coyi1895 PC Specs
    MotherboardAsus Rampage V Extreme BIOS 1502
    Processori7 5930K
    Memory (part number)CMD16GX4M4A2666C16 (single kit)
    Graphics Card #1Gigabyte GeForce GTX 980Ti G1 Gaming
    Graphics Card #2Gigabyte GeForce GTX 980Ti G1 Gaming
    Sound CardAsus Xonar Essence One/Asus Essence STX II
    MonitorAsus ROG Swift PG279Q
    Storage #1Samsung 950 Pro 512GB
    Storage #2Samsung 840 EVO 1TB
    CPU CoolerCorsair H110i GT
    CaseCorsair Obsidian 750D
    Power SupplyCorsair AX1200i
    Keyboard Corsair Vengeance K70 RGB Cherry MX Red Switch
    Mouse Mionix Naos 8200
    Headset Beyerdynamic MMX300
    Headset/Speakers Corsair SP2500 2.1
    OS Windows 10 Pro 64-bit
    Network RouterAsus RT-AC68U
    Accessory #1 Storage #3: ST2000DM001
    coyi1895's Avatar
    Join Date
    Jul 2012
    Reputation
    26
    Posts
    300

    But Korth, KIS 2015 and he sent the file off to the Kaspersky Lab Analysis team and found nothing malicious and he said it's pre-installed.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •