TR Forums

Hi!
I'm not sure where this should go so feel free to move if it's the wrong forum. Recently I built a new computer using the Asus P8Z77-V LK motherboard that was recommended in the guides. So I got all the driver files from Asus. However, my antivirus, Comodo Internet Security, indicated that one of them, IRSS_V1001031_Win7.zip, which is the Intel Rapid Start Technology V1.0.0.1031 for Windows Win7 32bit & Win7 64bit file, was infected with TrojWare.Win32.Krap.T and indicated it was high risk. Specifically the IntelButton.dll file inside the archive. Could this be a false-positive? Can somebody here check that file with another antivirus and see what it reports? It's in the SATA section of the Windows 7 64 bit drivers for that motherboard. Thanks.

I would just skip that driver installer and get a fresh copy from Intel until I could get confirmation on the validity of the ones you have-or not care since you have newer drivers from Intel.

Yes, that's almost certainly a false-positive. Comodo Internet Security is well-known for its high rate of false-positives, I'd strongly recommend that you switch to Microsoft Security Essentials, it's free, provides excellent protection, and won't slow down your computer or cause problems with false positives. Non-Microsoft Antivirus/Firewall/Internet security programs cause system problems, slow down your machine (especially web browsing), and make your system meaningfully more secure than just using the free Microsoft products that WON'T do that.

In the future, you can confirm whether a result is a false-positive or not by uploading the file to VirusTotal (recently acquired by Google). This site will scan the file with every scanner out there. If only a small number of programs detect anything, or if they are generic/heuristic detections (which means it just looks sort of suspicious, not that there's anything wrong with it), that's a good sign it's a false-positive.

I do agree with MastaVR6 that you should always download your drivers directly from the component manufacturer's website. The ones on the motherboard manufacturer site are usually rather outdated.

MSE is more of a system hog than Avast is, and it's detection rates are getting worse. Honestly, we are fast moving back to the time when paying 40 a year for AV is a must because the free AV's are dwindling in quality, and viruses are becoming more and more aggressive and damaging.

Like people have said, it's most likely a "false positive" - all antivirus programs tend to find such things from time to time, though some (like Avira antivirus products) do it more often and some (like MSE) do it less often. If you have identified whichever file that causes this, you may want to submit it to your antivirus product's developer, in your case the place to submit such samples is here:
http://www.comodo.com/home/internet-security/submit.php