1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

a-Squared false positives?

Discussion in 'Windows Security' started by Jeff@unknown.com, May 24, 2009.

  1. Jeff@unknown.com

    Jeff@unknown.com Guest

    Hi

    I run a pretty clean XP laptop, using Avast, Spybot, Ad-Aware, etc. I
    decided to run a scan using a-Squared free with its latest updates and was
    shocked by all it found.

    Many of what it found dangerous are out of my I386 which came with the
    laptop. I suspect many of these are false positives because none of my
    other utilities find them to be dangerous so I decided not to remove what it
    found. I would appreciate any advice.

    Jeff

    Here is the list from the a-Squared free log:

    Key: HKEY_CLASSES_ROOT\clsid\{bb81fa79-dcd7-48a6-a710-a85bd5ed9640}
    detected: Trace.Registry.KeyLogger.wintective!A2
    Key: HKEY_CLASSES_ROOT\clsid\{c2a3ff36-c3a5-4334-968c-1dea85aaa772}
    detected: Trace.Registry.KeyLogger.wintective!A2
    Key: HKEY_CLASSES_ROOT\typelib\{aa987bf8-e849-4996-9335-413df4a8158a}
    detected: Trace.Registry.KeyLogger.wintective!A2
    Value:
    HKEY_CLASSES_ROOT\CLSID\{0A1C811C-88FF-493B-98A9-83B4A649ACD9}\InprocServer32
    --> ThreadingModel detected: Trace.Registry.PC Police 2.4!A2
    Value:
    HKEY_CLASSES_ROOT\CLSID\{BB81FA79-DCD7-48A6-A710-A85BD5ED9640}\InprocServer32
    --> ThreadingModel detected: Trace.Registry.PC Police 2.4!A2
    Value:
    HKEY_CLASSES_ROOT\CLSID\{C2A3FF36-C3A5-4334-968C-1DEA85AAA772}\InprocServer32
    --> ThreadingModel detected: Trace.Registry.PC Police 2.4!A2
    Value:
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A1C811C-88FF-493B-98A9-83B4A649ACD9}\InprocServer32
    --> ThreadingModel detected: Trace.Registry.PC Police 2.4!A2
    Value:
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB81FA79-DCD7-48A6-A710-A85BD5ED9640}\InprocServer32
    --> ThreadingModel detected: Trace.Registry.PC Police 2.4!A2
    Value:
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C2A3FF36-C3A5-4334-968C-1DEA85AAA772}\InprocServer32
    --> ThreadingModel detected: Trace.Registry.PC Police 2.4!A2
    Value:
    HKEY_CLASSES_ROOT\CLSID\{0C1F87AE-AE62-11D3-911C-00105A17B608}\InprocServer32
    --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
    Value:
    HKEY_CLASSES_ROOT\CLSID\{371D0743-7A57-11D2-AD5A-00105A17B608}\InprocServer32
    --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
    Value:
    HKEY_CLASSES_ROOT\CLSID\{42BA826E-F8D8-4D8D-8C05-14ABCE00D4DD}\InprocServer32
    --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
    Value:
    HKEY_CLASSES_ROOT\CLSID\{42BA826E-F8D8-4D8D-8C05-14ABCE99D4DD}\InprocServer32
    --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
    Value:
    HKEY_CLASSES_ROOT\CLSID\{4F99A075-5227-11D2-AD06-00105A17B608}\InprocServer32
    --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
    Value:
    HKEY_CLASSES_ROOT\CLSID\{8E49238F-F305-4EDB-BAAD-0C373787891D}\InprocServer32
    --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
    Value:
    HKEY_CLASSES_ROOT\CLSID\{AB564751-71AF-4714-89D4-E1AD861F9E24}\InprocServer32
    --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
    Value:
    HKEY_CLASSES_ROOT\CLSID\{B22FE43C-D1E8-432A-A862-9F83D5F04732}\InprocServer32
    --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
    Value:
    HKEY_CLASSES_ROOT\CLSID\{CA4FC24B-C65C-11D1-AA6F-000000000000}\InprocServer32
    --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
    Value:
    HKEY_CLASSES_ROOT\CLSID\{D44E8296-4227-45BF-AABF-C0170A8BC7C2}\InprocServer32
    --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
    Value:
    HKEY_CLASSES_ROOT\CLSID\{DDD136CE-517B-11D2-AD03-00105A17B608}\InprocServer32
    --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
    Value:
    HKEY_CLASSES_ROOT\CLSID\{E9D55102-9683-11D2-BA68-0040053687FE}\InprocServer32
    --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
    Value:
    HKEY_CLASSES_ROOT\CLSID\{F72F6289-BA07-4DC0-8C78-46FFBFB59545}\InprocServer32
    --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
    Value:
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0C1F87AE-AE62-11D3-911C-00105A17B608}\InprocServer32
    --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
    Value:
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{371D0743-7A57-11D2-AD5A-00105A17B608}\InprocServer32
    --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
    Value:
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42BA826E-F8D8-4D8D-8C05-14ABCE00D4DD}\InprocServer32
    --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
    Value:
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42BA826E-F8D8-4D8D-8C05-14ABCE99D4DD}\InprocServer32
    --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
    Value:
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F99A075-5227-11D2-AD06-00105A17B608}\InprocServer32
    --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
    Value:
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E49238F-F305-4EDB-BAAD-0C373787891D}\InprocServer32
    --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
    Value:
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB564751-71AF-4714-89D4-E1AD861F9E24}\InprocServer32
    --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
    Value:
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B22FE43C-D1E8-432A-A862-9F83D5F04732}\InprocServer32
    --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
    Value:
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CA4FC24B-C65C-11D1-AA6F-000000000000}\InprocServer32
    --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
    Value:
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D44E8296-4227-45BF-AABF-C0170A8BC7C2}\InprocServer32
    --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
    Value:
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DDD136CE-517B-11D2-AD03-00105A17B608}\InprocServer32
    --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
    Value:
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E9D55102-9683-11D2-BA68-0040053687FE}\InprocServer32
    --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
    Value:
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F72F6289-BA07-4DC0-8C78-46FFBFB59545}\InprocServer32
    --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
    C:\Documents and Settings\Jeff\Cookies\jeff@media6degrees[1].txt detected:
    Trace.TrackingCookie.media!A2
    C:\Program Files\MSN Gaming Zone\Windows\bckgzm.exe detected:
    Virus.Win32.Virut.q!IK
    C:\Program Files\MSN Gaming Zone\Windows\hrtzzm.exe detected:
    Virus.Win32.Virut.q!IK
    C:\Program Files\TurboTax\Deluxe 2006\32bit\MSXML3.EXE detected:
    Backdoor.Win32.Beastdoor!IK
    C:\Program Files\TurboTax\Deluxe 2007\32bit\MSXML3.EXE detected:
    Backdoor.Win32.Beastdoor!IK
    C:\System Volume
    Information\_restore{9BCCDCE7-37F6-4E2E-8B77-7F9EE9C69547}\RP354\A0174689.DLL
    detected: Trojan-Downloader.Win32.Small!IK
    C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe detected:
    Virus.Win32.Patched.B!IK
    C:\WINDOWS\Driver Cache\i386\driver.cab/pctspk.exe detected:
    Virus.Win32.Virut.b!IK
    C:\WINDOWS\I386\BCKGZM.EX_/bckgzm.exe detected: Virus.Win32.Virut.q!IK
    C:\WINDOWS\I386\DMSERVER.DL_/dmserver.dll detected: Virus.Win32.Messoum!IK
    C:\WINDOWS\I386\DRIVER.CAB/pctspk.exe detected: Virus.Win32.Virut.b!IK
    C:\WINDOWS\I386\EVTRIG.EX_/evtrig.exe detected: Virus.Win32.Virut.ar!IK
    C:\WINDOWS\I386\HRTZZM.EX_/hrtzzm.exe detected: Virus.Win32.Virut.q!IK
    C:\WINDOWS\I386\MQTRIG.DL_/mqtrig.dll detected: Win32.Cadoiac.A!IK
    C:\WINDOWS\I386\NWSCRIPT.EX_ wscript.exe detected: Win32.Luder!IK
    C:\WINDOWS\I386\ODBCCONF.EX_/odbcconf.exe detected: Win32.Cadoiac.A!IK
    C:\WINDOWS\I386\RSOPPROV.EX_/rsopprov.exe detected: Win32.Luder!IK
    C:\WINDOWS\I386\RSVP.EX_/rsvp.exe detected: Win32.Luder!IK
    C:\WINDOWS\I386\SETUP50.EX_/setup50.exe detected: Virus.Win32.Vulgar!IK
    C:\WINDOWS\I386\SYSINFO.EX_/sysinfo.exe detected: Virus.Win32.Virut.ar!IK
    C:\WINDOWS\I386\TASKKILL.EX_/taskkill.exe detected: Win32.Luder!IK
    C:\WINDOWS\I386\WEXTRACT.EX_/wextract.exe detected:
    Backdoor.Win32.Beastdoor!IK
    C:\WINDOWS\I386\WININET.DL_/wininet.dll detected: Virus.Win32.Nsag.A!IK
    C:\WINDOWS\I386\WUAUSERV.DL_/wuauserv.dll detected: Virus.Win32.Messoum!IK
    C:\WINDOWS\system32\dllcache\bckgzm.exe detected: Virus.Win32.Virut.q!IK
    C:\WINDOWS\system32\dllcache\hrtzzm.exe detected: Virus.Win32.Virut.q!IK
    C:\WINDOWS\system32\dllcache\nwscript.exe detected: Win32.Luder!IK
    C:\WINDOWS\system32\dllcache\pctspk.exe detected: Virus.Win32.Virut.b!IK
    C:\WINDOWS\system32\dllcache\rsopprov.exe detected: Win32.Luder!IK
    C:\WINDOWS\system32\dllcache\rsvp.exe detected: Win32.Luder!IK
    C:\WINDOWS\system32\nwscript.exe detected: Win32.Luder!IK
    C:\WINDOWS\system32\rsopprov.exe detected: Win32.Luder!IK
    C:\WINDOWS\system32\rsvp.exe detected: Win32.Luder!IK
    E:\Downloads\arw3.exe detected: Trojan.Win32.Agent2!IK
    E:\Downloads\as25.exe detected: Trojan.Generic!IK
    E:\Downloads\FRAPS setup.exe/fraps.dll detected: Trojan.Win32.Agent!IK
    E:\Downloads\FSCaptureSetup63.exe/FSRecorder.exe detected:
    Backdoor.Win32.Lithium.10.B5!IK
    E:\Downloads\protectionid_v5.2c.rar/Protection_ID.exe detected:
    Packed.Win32.Klone.af!IK
    E:\Downloads\removewga(2).exe detected: Riskware.Risktool.RemoveWGA!IK
    E:\Downloads\RemoveWGA.exe detected: Riskware.Risktool.RemoveWGA!IK
    K:\System Volume
    Information\_restore{9BCCDCE7-37F6-4E2E-8B77-7F9EE9C69547}\RP342\A0172298.exe
    detected: Trojan.Win32.Agent2!IK
    K:\System Volume
    Information\_restore{9BCCDCE7-37F6-4E2E-8B77-7F9EE9C69547}\RP342\A0172299.exe
    detected: Trojan.Generic!IK
    K:\System Volume
    Information\_restore{9BCCDCE7-37F6-4E2E-8B77-7F9EE9C69547}\RP342\A0172322.exe/fraps.dll
    detected: Trojan.Win32.Agent!IK
    K:\System Volume
    Information\_restore{9BCCDCE7-37F6-4E2E-8B77-7F9EE9C69547}\RP342\A0172387.exe
    detected: Riskware.Risktool.RemoveWGA!IK
    K:\System Volume
    Information\_restore{9BCCDCE7-37F6-4E2E-8B77-7F9EE9C69547}\RP342\A0172388.exe
    detected: Riskware.Risktool.RemoveWGA!IK
     
    Jeff@unknown.com, May 24, 2009
    #1
  3. Johnw

    Johnw Guest

    Jeff@unknown.com used his keyboard to write :<!--coloro:blue--><span style="color:blue <!--/coloro-->
    > Hi
    >
    > I run a pretty clean XP laptop, using Avast, Spybot, Ad-Aware, etc. I
    > decided to run a scan using a-Squared free with its latest updates and was
    > shocked by all it found.
    >
    > Many of what it found dangerous are out of my I386 which came with the
    > laptop. I suspect many of these are false positives because none of my
    > other utilities find them to be dangerous so I decided not to remove what it
    > found. I would appreciate any advice.
    >
    > Jeff
    >
    > Here is the list from the a-Squared free log:
    >
    > Key: HKEY_CLASSES_ROOTclsid{bb81fa79-dcd7-48a6-a710-a85bd5ed9640}
    > detected: Trace.Registry.KeyLogger.wintective!A2
    > Key: HKEY_CLASSES_ROOTclsid{c2a3ff36-c3a5-4334-968c-1dea85aaa772}
    > detected: Trace.Registry.KeyLogger.wintective!A2
    > Key: HKEY_CLASSES_ROOTtypelib{aa987bf8-e849-4996-9335-413df4a8158a}
    > detected: Trace.Registry.KeyLogger.wintective!A2
    > Value:
    > HKEY_CLASSES_ROOTCLSID{0A1C811C-88FF-493B-98A9-83B4A649ACD9}InprocServer32
    > --> ThreadingModel detected: Trace.Registry.PC Police 2.4!A2
    > Value:
    > HKEY_CLASSES_ROOTCLSID{BB81FA79-DCD7-48A6-A710-A85BD5ED9640}InprocServer32
    > --> ThreadingModel detected: Trace.Registry.PC Police 2.4!A2
    > Value:
    > HKEY_CLASSES_ROOTCLSID{C2A3FF36-C3A5-4334-968C-1DEA85AAA772}InprocServer32
    > --> ThreadingModel detected: Trace.Registry.PC Police 2.4!A2
    > Value:
    > HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{0A1C811C-88FF-493B-98A9-83B4A649ACD9}InprocServer32
    > --> ThreadingModel detected: Trace.Registry.PC Police 2.4!A2
    > Value:
    > HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{BB81FA79-DCD7-48A6-A710-A85BD5ED9640}InprocServer32
    > --> ThreadingModel detected: Trace.Registry.PC Police 2.4!A2
    > Value:
    > HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{C2A3FF36-C3A5-4334-968C-1DEA85AAA772}InprocServer32
    > --> ThreadingModel detected: Trace.Registry.PC Police 2.4!A2
    > Value:
    > HKEY_CLASSES_ROOTCLSID{0C1F87AE-AE62-11D3-911C-00105A17B608}InprocServer32
    > --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
    > Value:
    > HKEY_CLASSES_ROOTCLSID{371D0743-7A57-11D2-AD5A-00105A17B608}InprocServer32
    > --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
    > Value:
    > HKEY_CLASSES_ROOTCLSID{42BA826E-F8D8-4D8D-8C05-14ABCE00D4DD}InprocServer32
    > --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
    > Value:
    > HKEY_CLASSES_ROOTCLSID{42BA826E-F8D8-4D8D-8C05-14ABCE99D4DD}InprocServer32
    > --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
    > Value:
    > HKEY_CLASSES_ROOTCLSID{4F99A075-5227-11D2-AD06-00105A17B608}InprocServer32
    > --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
    > Value:
    > HKEY_CLASSES_ROOTCLSID{8E49238F-F305-4EDB-BAAD-0C373787891D}InprocServer32
    > --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
    > Value:
    > HKEY_CLASSES_ROOTCLSID{AB564751-71AF-4714-89D4-E1AD861F9E24}InprocServer32
    > --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
    > Value:
    > HKEY_CLASSES_ROOTCLSID{B22FE43C-D1E8-432A-A862-9F83D5F04732}InprocServer32
    > --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
    > Value:
    > HKEY_CLASSES_ROOTCLSID{CA4FC24B-C65C-11D1-AA6F-000000000000}InprocServer32
    > --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
    > Value:
    > HKEY_CLASSES_ROOTCLSID{D44E8296-4227-45BF-AABF-C0170A8BC7C2}InprocServer32
    > --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
    > Value:
    > HKEY_CLASSES_ROOTCLSID{DDD136CE-517B-11D2-AD03-00105A17B608}InprocServer32
    > --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
    > Value:
    > HKEY_CLASSES_ROOTCLSID{E9D55102-9683-11D2-BA68-0040053687FE}InprocServer32
    > --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
    > Value:
    > HKEY_CLASSES_ROOTCLSID{F72F6289-BA07-4DC0-8C78-46FFBFB59545}InprocServer32
    > --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
    > Value:
    > HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{0C1F87AE-AE62-11D3-911C-00105A17B608}InprocServer32
    > --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
    > Value:
    > HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{371D0743-7A57-11D2-AD5A-00105A17B608}InprocServer32
    > --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
    > Value:
    > HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{42BA826E-F8D8-4D8D-8C05-14ABCE00D4DD}InprocServer32
    > --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
    > Value:
    > HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{42BA826E-F8D8-4D8D-8C05-14ABCE99D4DD}InprocServer32
    > --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
    > Value:
    > HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{4F99A075-5227-11D2-AD06-00105A17B608}InprocServer32
    > --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
    > Value:
    > HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{8E49238F-F305-4EDB-BAAD-0C373787891D}InprocServer32
    > --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
    > Value:
    > HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{AB564751-71AF-4714-89D4-E1AD861F9E24}InprocServer32
    > --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
    > Value:
    > HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{B22FE43C-D1E8-432A-A862-9F83D5F04732}InprocServer32
    > --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
    > Value:
    > HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{CA4FC24B-C65C-11D1-AA6F-000000000000}InprocServer32
    > --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
    > Value:
    > HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{D44E8296-4227-45BF-AABF-C0170A8BC7C2}InprocServer32
    > --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
    > Value:
    > HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{DDD136CE-517B-11D2-AD03-00105A17B608}InprocServer32
    > --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
    > Value:
    > HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{E9D55102-9683-11D2-BA68-0040053687FE}InprocServer32
    > --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
    > Value:
    > HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{F72F6289-BA07-4DC0-8C78-46FFBFB59545}InprocServer32
    > --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
    > C:Documents and SettingsJeffCookiesjeff@media6degrees[1].txt detected:
    > Trace.TrackingCookie.media!A2
    > C:program FilesMSN Gaming ZoneWindowsbckgzm.exe detected:
    > Virus.Win32.Virut.q!IK
    > C:program FilesMSN Gaming ZoneWindowshrtzzm.exe detected:
    > Virus.Win32.Virut.q!IK
    > C:program FilesTurboTaxDeluxe 200632bitMSXML3.EXE detected:
    > Backdoor.Win32.Beastdoor!IK
    > C:program FilesTurboTaxDeluxe 200732bitMSXML3.EXE detected:
    > Backdoor.Win32.Beastdoor!IK
    > C:System Volume
    > Information_restore{9BCCDCE7-37F6-4E2E-8B77-7F9EE9C69547}RP354A0174689.DLL
    > detected: Trojan-Downloader.Win32.Small!IK
    > C:WINDOWS$hf_mig$KB896423SP2QFEspoolsv.exe detected:
    > Virus.Win32.Patched.B!IK
    > C:WINDOWSDriver Cachei386driver.cab/pctspk.exe detected:
    > Virus.Win32.Virut.b!IK
    > C:WINDOWSI386BCKGZM.EX_/bckgzm.exe detected: Virus.Win32.Virut.q!IK
    > C:WINDOWSI386DMSERVER.DL_/dmserver.dll detected: Virus.Win32.Messoum!IK
    > C:WINDOWSI386DRIVER.CAB/pctspk.exe detected: Virus.Win32.Virut.b!IK
    > C:WINDOWSI386EVTRIG.EX_/evtrig.exe detected: Virus.Win32.Virut.ar!IK
    > C:WINDOWSI386HRTZZM.EX_/hrtzzm.exe detected: Virus.Win32.Virut.q!IK
    > C:WINDOWSI386MQTRIG.DL_/mqtrig.dll detected: Win32.Cadoiac.A!IK
    > C:WINDOWSI386NWSCRIPT.EX_ wscript.exe detected: Win32.Luder!IK
    > C:WINDOWSI386ODBCCONF.EX_/odbcconf.exe detected: Win32.Cadoiac.A!IK
    > C:WINDOWSI386RSOPPROV.EX_/rsopprov.exe detected: Win32.Luder!IK
    > C:WINDOWSI386RSVP.EX_/rsvp.exe detected: Win32.Luder!IK
    > C:WINDOWSI386SETUP50.EX_/setup50.exe detected: Virus.Win32.Vulgar!IK
    > C:WINDOWSI386SYSINFO.EX_/sysinfo.exe detected: Virus.Win32.Virut.ar!IK
    > C:WINDOWSI386TASKKILL.EX_/taskkill.exe detected: Win32.Luder!IK
    > C:WINDOWSI386WEXTRACT.EX_/wextract.exe detected:
    > Backdoor.Win32.Beastdoor!IK
    > C:WINDOWSI386WININET.DL_/wininet.dll detected: Virus.Win32.Nsag.A!IK
    > C:WINDOWSI386WUAUSERV.DL_/wuauserv.dll detected: Virus.Win32.Messoum!IK
    > C:WINDOWSsystem32dllcachebckgzm.exe detected: Virus.Win32.Virut.q!IK
    > C:WINDOWSsystem32dllcachehrtzzm.exe detected: Virus.Win32.Virut.q!IK
    > C:WINDOWSsystem32dllcachenwscript.exe detected: Win32.Luder!IK
    > C:WINDOWSsystem32dllcachepctspk.exe detected: Virus.Win32.Virut.b!IK
    > C:WINDOWSsystem32dllcachersopprov.exe detected: Win32.Luder!IK
    > C:WINDOWSsystem32dllcachersvp.exe detected: Win32.Luder!IK
    > C:WINDOWSsystem32nwscript.exe detected: Win32.Luder!IK
    > C:WINDOWSsystem32rsopprov.exe detected: Win32.Luder!IK
    > C:WINDOWSsystem32rsvp.exe detected: Win32.Luder!IK
    > E:Downloadsarw3.exe detected: Trojan.Win32.Agent2!IK
    > E:Downloadsas25.exe detected: Trojan.Generic!IK
    > E:DownloadsFRAPS setup.exe/fraps.dll detected: Trojan.Win32.Agent!IK
    > E:DownloadsFSCaptureSetup63.exe/FSRecorder.exe detected:
    > Backdoor.Win32.Lithium.10.B5!IK
    > E:Downloadsprotectionid_v5.2c.rar/Protection_ID.exe detected:
    > Packed.Win32.Klone.af!IK
    > E:Downloadsremovewga(2).exe detected: Riskware.Risktool.RemoveWGA!IK
    > E:DownloadsRemoveWGA.exe detected: Riskware.Risktool.RemoveWGA!IK
    > K:System Volume
    > Information_restore{9BCCDCE7-37F6-4E2E-8B77-7F9EE9C69547}RP342A0172298.exe
    > detected: Trojan.Win32.Agent2!IK
    > K:System Volume
    > Information_restore{9BCCDCE7-37F6-4E2E-8B77-7F9EE9C69547}RP342A0172299.exe
    > detected: Trojan.Generic!IK
    > K:System Volume
    > Information_restore{9BCCDCE7-37F6-4E2E-8B77-7F9EE9C69547}RP342A0172322.exe/fraps.dll
    > detected: Trojan.Win32.Agent!IK
    > K:System Volume
    > Information_restore{9BCCDCE7-37F6-4E2E-8B77-7F9EE9C69547}RP342A0172387.exe
    > detected: Riskware.Risktool.RemoveWGA!IK
    > K:System Volume
    > Information_restore{9BCCDCE7-37F6-4E2E-8B77-7F9EE9C69547}RP342A0172388.exe
    > detected: Riskware.Risktool.RemoveWGA!IK<!--colorc--><!--/colorc-->

    I have a-Squared installed with others, which I would run & then google
    what is left to see what is false.

    Malwarebytes' Anti-Malware (MBAM)


    Forum

    SUPERAntiSpyware (SAS)
     
    Johnw, May 25, 2009
    #2
  4. Jeff@unknown.com

    Jeff@unknown.com Guest

    > Jeff@unknown.com used his keyboard to write :<!--coloro:blue--><span style="color:blue <!--/coloro--><!--coloro:green--><span style="color:green <!--/coloro-->
    >> Hi
    >>
    >> I run a pretty clean XP laptop, using Avast, Spybot, Ad-Aware, etc. I
    >> decided to run a scan using a-Squared free with its latest updates
    >> and was shocked by all it found.
    >>
    >> Many of what it found dangerous are out of my I386 which came with
    >> the laptop. I suspect many of these are false positives because
    >> none of my other utilities find them to be dangerous so I decided
    >> not to remove what it found. I would appreciate any advice.
    >>
    >> Jeff
    >>
    >> Here is the list from the a-Squared free log:
    >><!--colorc--><!--/colorc--><!--colorc--><!--/colorc-->

    --

    <snip>
    <!--coloro:blue--><span style="color:blue <!--/coloro-->
    > I have a-Squared installed with others, which I would run & then
    > google what is left to see what is false.<!--colorc--><!--/colorc-->

    But I also ran ZA Suite's virus check (which uses Kapersky) and it too found
    nothing. I cannot beleive with all these other virus checkers finding
    nothing, a-Squared alone found 82 virus signatures. Everybody else,
    including Kapersky, cannot be that off! The a-Squared findings have to be
    false positives.

    Jeff
     
    Jeff@unknown.com, May 25, 2009
    #3
  5. FromTheRafters

    FromTheRafters Guest

    <Jeff@unknown.com> wrote in message
    news:eqvrrRT3JHA.4116@TK2MSFTNGP04.phx.gbl...<!--coloro:blue--><span style="color:blue <!--/coloro--><!--coloro:green--><span style="color:green <!--/coloro-->
    >> Jeff@unknown.com used his keyboard to write :<!--coloro:darkred--><span style="color:darkred <!--/coloro-->
    >>> Hi
    >>>
    >>> I run a pretty clean XP laptop, using Avast, Spybot, Ad-Aware, etc.
    >>> I
    >>> decided to run a scan using a-Squared free with its latest updates
    >>> and was shocked by all it found.
    >>>
    >>> Many of what it found dangerous are out of my I386 which came with
    >>> the laptop. I suspect many of these are false positives because
    >>> none of my other utilities find them to be dangerous so I decided
    >>> not to remove what it found. I would appreciate any advice.
    >>>
    >>> Jeff
    >>>
    >>> Here is the list from the a-Squared free log:
    >>><!--colorc--><!--/colorc--><!--colorc--><!--/colorc-->
    >
    > --
    >
    > <snip>
    ><!--coloro:green--><span style="color:green <!--/coloro-->
    >> I have a-Squared installed with others, which I would run & then
    >> google what is left to see what is false.<!--colorc--><!--/colorc-->
    >
    > But I also ran ZA Suite's virus check (which uses Kapersky) and it too
    > found nothing. I cannot beleive with all these other virus checkers
    > finding nothing, a-Squared alone found 82 virus signatures. Everybody
    > else, including Kapersky, cannot be that off! The a-Squared findings
    > have to be false positives.<!--colorc--><!--/colorc-->

    Sounds logical enough. You could submit some of the suspect executables
    to virustotal.com or jotti.org to see what other AV engines have to say.
    This also eliminates differences you may encounter by having different
    settings between your local second opinion scans. Many of the executable
    file detections were from archived (or compressed) files which your
    Kaspersky *might* not be looking in in accordance with its
    configuration.

    Some AV vendors make use of these services as a feedback mechanism to
    help them to correct false positives or to add detection for new
    malware.

    I'm tempted to agree with you, but that is an awful lot of malware to
    casually dismiss as FPs.
     
    FromTheRafters, May 25, 2009
    #4
  6. Jeff@unknown.com

    Jeff@unknown.com Guest

    FromTheRafters wrote:<!--coloro:blue--><span style="color:blue <!--/coloro-->
    > <Jeff@unknown.com> wrote in message
    > news:eqvrrRT3JHA.4116@TK2MSFTNGP04.phx.gbl...<!--coloro:green--><span style="color:green <!--/coloro--><!--coloro:darkred--><span style="color:darkred <!--/coloro-->
    >>> Jeff@unknown.com used his keyboard to write :
    >>>> Hi
    >>>>
    >>>> I run a pretty clean XP laptop, using Avast, Spybot, Ad-Aware, etc.
    >>>> I
    >>>> decided to run a scan using a-Squared free with its latest updates
    >>>> and was shocked by all it found.
    >>>>
    >>>> Many of what it found dangerous are out of my I386 which came with
    >>>> the laptop. I suspect many of these are false positives because
    >>>> none of my other utilities find them to be dangerous so I decided
    >>>> not to remove what it found. I would appreciate any advice.
    >>>>
    >>>> Jeff
    >>>>
    >>>> Here is the list from the a-Squared free log:
    >>>><!--colorc--><!--/colorc-->
    >>
    >> --
    >>
    >> <snip>
    >><!--coloro:darkred--><span style="color:darkred <!--/coloro-->
    >>> I have a-Squared installed with others, which I would run & then
    >>> google what is left to see what is false.<!--colorc--><!--/colorc-->
    >>
    >> But I also ran ZA Suite's virus check (which uses Kapersky) and it
    >> too found nothing. I cannot beleive with all these other virus
    >> checkers finding nothing, a-Squared alone found 82 virus signatures.
    >> Everybody else, including Kapersky, cannot be that off! The
    >> a-Squared findings have to be false positives.<!--colorc--><!--/colorc-->
    >
    > Sounds logical enough. You could submit some of the suspect
    > executables to virustotal.com or jotti.org to see what other AV
    > engines have to say. This also eliminates differences you may
    > encounter by having different settings between your local second
    > opinion scans. Many of the executable file detections were from
    > archived (or compressed) files which your Kaspersky *might* not be
    > looking in in accordance with its configuration.
    >
    > Some AV vendors make use of these services as a feedback mechanism to
    > help them to correct false positives or to add detection for new
    > malware.
    > I'm tempted to agree with you, but that is an awful lot of malware to
    > casually dismiss as FPs.<!--colorc--><!--/colorc-->

    Your suggestion to get another opinion is a excellent one and I have been
    doing that with virustotal.com. I sent several of the exe files that
    a-Squared found to be infected with viruses to virustotal.com. I had them
    recheck the actual files I sent and they all came back clean - including
    their own a-Squared version 4.0.0.101! (Mine says it is version 4.5.0.1)

    I also ran the Kapersky's online scanner (turning off my Avast AV during the
    process)which also found nothing suspicious.

    Unfortunately, I have no way to double check the registry entries that
    a-Squared found to be infected because I cannot send these out to be
    checked.
    <!--coloro:blue--><span style="color:blue <!--/coloro-->
    > I'm tempted to agree with you, but that is an awful lot of malware to
    > casually dismiss as FPs.<!--colorc--><!--/colorc-->

    That is why I wrote this thread. I run a very tight ship and have always
    been very careful both with virus checkers and malware and rarely have
    anything bad slip through. So this is unbelievable.

    Could I have possibly downloaded a malware pretending to be a-Squared? Do
    you know a safe site to download a-Squared from? The version I have was
    downloaded ages ago and I do not usually use it. I did update it before the
    check that scared the life out of me!
     
    Jeff@unknown.com, May 25, 2009
    #5

Share This Page