Over 1 million tech questions and answers.

Noadware With Tagalongs And False Positives

Q: Noadware With Tagalongs And False Positives

Recently I ran a scan with spysweeper and it showed coolweb search and CWS variants.Deleted and still had after reboot.Freaked and ran free scan by NoAdware.net.It found numerous "Dangerous" infections.Mainly referring to WebPi applications,I believe.(key loggers,screen shots,whole nine yards)Really freaked.I was running ghost surf 2005,spysweeper,mcafee antivirous suite-although last one was expired a couple weeks.Anyway somehow I came across files that were password protected supposedly.I deleted manually.Then wiped drive.Relegated computer to games only since it was time to upgrade anyway.My question is:Has anyone heard of the WebPi false positive with NoAdware.net?>I did a little research on them and they are questionable at best.Also ,can WebPi be installed without physical access to computer?Can it be installed through a backdoor remotely?Thanks

Read other answers
RELEVANCY SCORE 200
Preferred Solution: Noadware With Tagalongs And False Positives

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

RELEVANCY SCORE 102

Recently my spysweeper detected coolwebsearch and some other CWS variants.I deleted and they raappeared after start-up.So I bit onthe NoAdware.net ad and they "found" WebPi if memory serves.Anyway bought the software to remove.It pointed to password protected files(or I found at least)My question is,Can WebPi be remotely installed from a remote computer or does someone need physical access to pc?I'm afraid to re-install NoAdware to see if they indeed did have tagalong trojans or whatever.I'm not computer literate to know if this is possible.I did research a bit and found that this software is questionable at best.Please help.Thanks

A:Noadware.net With Tagalongs?

Hello and Welcome to Bleeping Computer! You can Start Here. Please be sure to follow all instructions otherwise it will only impair our ability to help you.

Read other 2 answers
RELEVANCY SCORE 70

Hi guys,

Would like to know if anyone here has dealt with drweb when it comes to false positives. I have been submitting one of our application to them countless times and still unable to get it white listed. I wouldn't worry this much if this application is detected by other virus guards, but it is not and only drweb flags it malicious
 

A:Dr web and false positives

have you tried the submission form here
https://vms.drweb.com/sendvirus/?lng=en
I have always found them very helpful at removing FP
 

Read other 2 answers
RELEVANCY SCORE 70

Hello, my first post. Nice forum!

AVG is spoken about in the WEB as giving lots of false positives.
There are sites in the WEB that provide a scan service with about one dz of anti-virus programs, so one can take an educated decision concerning a suspicious file.

But, once AVG decides a file is malware it won't let one upload it!

Any way out of it?

Thanks for your help.

A:Avg False Positives

Welcome to BC JorgeO.555In case AVG Free detects some file on your PC as infected, this file was moved to AVG Virus Vault, and you are sure that this file is correct and clean, it is possible that the detected file is a false alarm. If so, we shall prepare the correction as soon as possible. Unfortunately, false alarms do appear from time to time in every Anti-Virus software.To solve the problem, please send us this file for analysis directly from the AVG Free program...AVG FAQ 1320: AVG detects infection on file that I suppose to be clean

Read other 1 answers
RELEVANCY SCORE 70

Hi everyone, I recently installed AVG 8.0. After the scan completes it shows no infections, but does show 216 in "warnings count". All of my other scans show clear, so I'm assuming this is a false positive? I think I read on this board awhile back that some anti virus scanners can actually read another programs virus database if it's not encrypted, but I'm not sure. I just thought I'd get a second opinion. I'm using Vista home professional. I've included the partial text file of the scan. Thanks for any help.

SWAS
"Scan ""Scan whole computer"" was finished."
"Infections found:";"0"
"Infected objects removed or healed";"0"
"Not removed or healed.";"0"
"Spyware found:";"0"
"Spyware removed:";"0"
"Not removed:";"0"
"Warnings count:";"216"
"Information count:";"0"
"Scan started:";"Friday, May 09, 2008, 12:54:36 PM"
"Total object scanned:";"1570771"
"Time needed:";"2 hour(s) 20 minute(s) 41 second(s) "
"Errors encountered:";"0"

"Warnings"
"File";"Infection";"Result"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{00000001-C003-4A2F-9142-7CB1D78DE6C1}";"Found Adware.InternetOptimizer";"Potentiall... Read more

A:Avg 8.0 False Positives?

There's already been a lot of discussion about this - see here:http://www.bleepingcomputer.com/forums/t/143321/avg-8-and-spywareblaster-conflicts-are-occuring/I presume you have either Spywareblaster installed, or are using Spybot's immunisation protection? AVG say they will fix these false positives when they issue a service pack for AVG8 sometime in the next few weeks.

Read other 34 answers
RELEVANCY SCORE 70

Here are five line items out of recent MBAM logs and one line item from an SAS log. I shut down system restore just prior to running all of these except the scan that found Trojan.Banker. After creating a new restore point the "Trojan.Banker" was found, but i don't know if a new restore point had anything to do with it. I am stumped because I have been surfing with Mozilla in Sandboxie, thus I don't see how I could have been infected. Please help me to figure out if they are false positives. ***Note: 123zap.exe is what I named combofix when I ran it about 10 days ago.Files Infected:C:\RECYCLER\S-1-5-21-1214440339-1085031214-1801674531-1003\Dc261.exe (Trojan.Banker) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{9F625216-922B-4B93-96D3-BF83D7CA5179}\RP2\A0000077.exe (Trojan.Banker) -> Quarantined and deleted successfully.C:\123zap191491\PV.cfxxe (Trojan.Agent) -> Quarantined and deleted successfully.C:\123zap191491\pv.com (Trojan.Agent) -> Quarantined and deleted successfully.C:\123zap191491\Combo-Fix.sys (Malware.Trace) -> Quarantined and deleted successfully[/b]The following is one that SAS found:Trojan.Agent/Gen-Zbot C:\RECYCLER\S-1-5-21-1214440339-1085031214-1801674531-1003\DC239\BIN\DWTF.EXE

A:Please Tell Me if These are False Positives

Is this your thread at MBAM's forum under the name Diocletian?ComboFix.sys is a dummy file written by GMER; incapable of doing anything malicious.reply by sUBs' in Post #6Note that PV.cfxxe and pv.com are in the same folder.Combofix is not malware. However, certain embedded files that are part of legitimate programs or specialized fix tools such as Combofix may at times be detected by some anti-virus and anti-malware scanners as a "Risk Tool", "Hacking Tool", "Potentially Unwanted Program", or even "Malware" (virus/trojan) when that is not the case. This occurs for a variety of reasons to include the tool's compiler, the files it uses, registry fixes, malware strings it contains and the type of security engine that was used during the scan.Such programs have legitimate uses in contexts where a Malware Removal Expert asked you to use the tool or when an authorized user/administrator has knowingly installed it. When flagged by an anti-virus or security scanner, it's because the program includes features, behavior or files that appear suspicious or which can potentially be used for malicious purposes. These detections do not necessarily mean the file is malware or a bad program. It means it has the potential for being misused by others or that it was simply detected as suspicious due to the security program's heuristic analysis engine which provides the ability to detect possible new variants of malware. Anti-virus scan... Read more

Read other 7 answers
RELEVANCY SCORE 70

Malwarebytes Detected these on my annual scan so I was wondering if they are false positives or real.
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 1/5/2015
Scan Time: 11:39:13 PM
Logfile: 
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.01.06.01
Rootkit Database: v2014.12.30.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: monko_000
 
Scan Type: Custom Scan
Result: Completed
Objects Scanned: 837642
Time Elapsed: 1 hr, 28 min, 19 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 2
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CHROME.EXE, Quarantined, [778a462316663303cac238f5f410a858], 
Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CHROME.EXE, Quarantined, [df22f376afcd3402eca072bb8d778779], 
 
Registry Values: 2
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CHROME.EXE|Debugger, "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe", Quarantined, [778a462316663303cac238f5f410a858]
Security.Hijack, HKLM\SO... Read more

A:Are these serious or false positives?

Uninstall AVG PC TuneUp. If you have a problem uninstalling use the Free Revo Uninstaller. Run it in Advanced mode.
Download Revo Uninstaller Freeware - Free and Full Download - Uninstall software, remove programs, solve uninstall problems
 
 
Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the
Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.
After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.
CCleaner - PC Optimization and Cleaning - Free Download
 
Hold down Control and click on this link to open ESET OnlineScan in a new window. (Eset can take more than an hour to run so plan accordingly)
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.
Check "YES, I accept the Terms of Use."
Click the Start button.
Accept any security warnings from your browser.
Under scan settings, check "Scan Archives" and "Remove found threats"
Click Advanced settings and select the following:
Scan potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth technology
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be... Read more

Read other 2 answers
RELEVANCY SCORE 70

Anyone seen any false positives with the latest AVG update?
I sure have!

I have a driver library on my system that I use all the time, and on cd.
AVG detected the HP Deskjet 3820 printer drivers as infected.
That file has not changed in well over two years. Its the same driver in the library.
It nailed Smitfraud fix as a virus too

Anyone else having false positives?

A:Avg False Positives

I haven't seen any yet. I have 6 computers at home using it and many people I know are using it. But thanks I will keep an eye out.

Read other 3 answers
RELEVANCY SCORE 70

Sorry for my english...
 
I ask the courtesy to look at the attachment, are detected:
 
KLM\SOFTWARE\CLASSES\APPID\{93469602-4134-4012-A6BC-3E73B9855F90}
KLM\SOFTWARE\CLASSES\APPID\WinZipSmartMonitorService.exe
 
The computer restarts are detected again.

False positives? What should I do?
Thank you
 

 

A:False positives?

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Download the version of this tool for your operating system.Farbar Recovery Scan Tool (64 bit)Farbar Recovery Scan Tool (32 bit)and save it to a folder on your computer's Desktop.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.How to attach a file to your reply:In the Reply section in the bottom of the topic Click the "more reply Options" button.Attach the file.Select the "Choose a File" navigate to the location of the File.Click the file you wish to Attach.Click the Add reply button.===Please post the logs for my review.Wait for further instructions.

Read other 1 answers
RELEVANCY SCORE 70

Sorry for my english...
 
I ask the courtesy to look at the attachment, are detected:
 
KLM\SOFTWARE\CLASSES\APPID\{93469602-4134-4012-A6BC-3E73B9855F90}
KLM\SOFTWARE\CLASSES\APPID\WinZipSmartMonitorService.exe
 
The computer restarts are detected again.

False positives? What should I do?
Thank you
 

 

Read other answers
RELEVANCY SCORE 70

Running Win 7/64 Pro SP1 with AVG 2012 Free & IE9.Don't know what the name of the scam is but usually comes from an email with a message heading such as "2 incredible photos"We ran Malwarebytes first which picked up nothing - we then ran Combofix.Behaviour was absolutely normal initially reporting the 5 files below as infected, however in the log report it did not identify them as deleted.fxsst.dllslwga.dll*systemcpl.dll*termsrv.dllsrrstr.dllWe ran Combofix again with the same result.We sent a couple of files to Virus Total (those identified with an * above)- reported as clean by all 43 entities.False Positines?As a precaution we have replaced the 5 files from another Win 7 PC. Renaming the original files for the time being. Attaching the following - zipped - dds.log, attach.log. combofix.log, & the five files referred to above but with extensions renamed as *.dllold - I have not sent the gmer log but have it if required.For some reason the system is restricting me to zipped file size of 236 bytes. Following restriction "Used 511.77K of your 512K global upload quota (Max. single file size: 236bytes) "???dds log.DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421Run by user at 13:36:07 on 2012-02-21Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.4013.2434 [GMT 0:00].AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E... Read more

A:False Positives??

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===Your logs are clean.In the C:\Users\user\AppData\Local\ folderYou will find may sub folders with this format {CLSID NO.} IN BOLD.Some examples.C:\Users\user\AppData\Local\{7325043E-B036-48B6-8952-E4B1BBBAB4A7}C:\Users\user\AppData\Local\{17375563-308B-46D3-A00F-8928DF15B05B}C:\Users\user\AppData\Local\{36FAC30D-C338-4703-9A84-816FE5F4B5E7}C:\Users\user\AppData\Local\{4075A940-FC31-414E-9197-9CD0DFBEB6C7}C:\Users\user\AppData\Local\{EA76A89B-27FC-497D-8C67-6A0A207C22F8}You can delete them all. (DO NOT DELETE THE C:\Users\user\AppData\Local\ FOLDER.These are created randomly and we do not know why.Read about it.http://www.sevenforums.com/general-discussion/139873-appdata-local-folders-random-characters.htmlI know I clean them every week.===Third party programs if not up to date can be an open door for an infectionPlease run this security check for my review.Download Security Check by screen317 from here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the co... Read more

Read other 4 answers
RELEVANCY SCORE 70

Operating system: Windows XP Home SP2
Security programs, besides those listed in my sig., MalwareBytes, NoScript extension for Firefox.

Having learned that MalwareBytes is intended for general security use and not as a specialized fix tool, I installed the program, updated, and ran a complete scan to see what it might find.

It flagged two files and nothing else:

C:\WINDOWS\SYSTEM32\lsprst7.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\SYSTEM32\ssprs.dll (Trojan.Agent) -> No action taken.

I navigated to the files in question and scanned them on VirusTotal. No programs there flagged them.

I also checked properties. Both files are identified as Application Extensions. Modification date for both files is July 16, 2006 1:52 p.m. Under each file in the list is a .tgz file with the same letters before: lsprt7.tgz and ssprs.tgz These files were NOT flagged and have the same modification date and time. These files are associated with AlZip, my file compression program. My suspicion is that the .dll files in question are also associated with the AlZip program though nothing in properties indicates that.

Note: No other programs I have tried as yet have flagged these two files.

My suspicion is that these are false positives. Any other steps I should take?

Orange Blossom

A:False Positives?

under more tools you could email them to tim with a link to your post

when the program was first released there was another false positive I investigate that the well know super video conversion program put into your system files, google showed some very advanced malware experts removing it from peoples computers

MBAM always gives you the option to restore

some other methods don't

reinstalling the programs fixes it tho

Read other 5 answers
RELEVANCY SCORE 70

Hello,
 
had an introduction to my post earlier, but had to edit it to replace emoticons, and managed to replace my intro.
 
Anyway, I ran a scan using Emsisoft anti-malware, which supposedly picked up 4 "threats." Looking these up online, I think they're quite safe, and removing them would possibly render my device unstable? For instance, bthudtask (the first "threat"), has to do with the bluetooth on my laptop I believe. 
 
 
Emsisoft Anti-Malware - Version 11.0.0.6054
Last update: 9/4/2016 4:32:20 PM
Initiated by: MSI\wel come
 
Scan settings:
 
Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files
 
Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
 
Scan start: 9/4/2016 4:39:00 PM
C:\WINDOWS\SysWoW64\bthudtask.exe Gen:Variant.Strictor.58214 ( B)
C:\WINDOWS\SysWoW64\GamePanelExternalHook.dll Gen:Variant.Symmi.58329 ( B)
C:\WINDOWS\SysWoW64\pla.dll Gen:Variant.Graftor.7549 ( B)
C:\WINDOWS\SysWoW64\Windows.UI.CredDialogController.dll Gen:Variant.Graftor.12239 ( B)
 
Scanned 81767
Found 4
 
Scan end: 9/4/2016 4:45:46 PM
Scan time: 0:06:46

Read other answers
RELEVANCY SCORE 70

I love what combofix does along with some of the other programs used to remove malware. I don't know where else to post this, but here are some items that wrongly get removed by combofix during it's cleaning process:startup.exeThis is a great little utility that gives you control over what starts automatically on your computer.It can be found here: http://www.mlin.net/StartupCPL.shtmldisktective.exeThis is an excellent utility that show you via pie charts where your disk space is used. It can be found here: http://www.disktective.com/ipscan.exeThis is a nice ip scanner for scanning subnets for active computers.It can be found here: http://www.radmin.com/download/install.batThis is the installer for xxcopy.exeIt can be found here: http://www.xxcopy.comoffbyone.exeThis is a very lightweight web browserIt can be found here: http://offbyone.com/offbyone/suspend.exeThis is a process suspenderIt can be found here: http://technet.microsoft.com/en-us/sysinte...s/bb897540.aspxThese are all part of a utilities package I load on all the computers I work on and are placed in the c:\windows\system32 directory.Additionally, I just ran rkill.exe on my computer and it wrongly killed two processes:C:\Program Files\No-IP\DUC20.exe (this is no-ip.com's dynamic dns updater)C:\Program Files\VMware\VMware Server\tomcat\bin\Tomcat6.exe (this is the web server for VMWare server 2.0)Please let me know if I have posted this in the wrong place.T... Read more

A:False positives

Hi,

could you please provide a log from ComboFix where those files were deleted? Would it also be possible to get a sample of the package of files you unload on the PCs?

regards myrti

Read other 4 answers
RELEVANCY SCORE 70

I have a VMWare environment (WinXP client) where I "test" suspicious programs. I've used XPLite to strip it down to basics and so it does not have DirectX, or sound adapter, USB or anything similar, just a NIC and a virtual HDD.Aside from Windows, I have Chrome, FireFox, Safari Browsers, VirusTotal Uploader, CCleaner, Auto-It (old legacy version), Sandboxie, Spybot S&D, Malwarebytes Anti-Malware, Avira (free) AV, JRE & UTorrent installed, along with some older database products.I periodically update & scan with ComboFix the other Anti-Malware stuff just to be sure of the clean nature of the environment. Despite all the other scanners coming up clean, Combofix is reporting (at or after Stage 50) that dsound.dll in C:\Windows\System32\ is infected and is attempting to restore it.I have tried completely uninstalling Combofix and re-running a newly installed copy in case it was caching old data but the same issue remains.It is also telling me that two other DirectX sound related dll files files (d3d8.dll & d3d9.dll) are missing (which is what I expect).The dsound.dll file definately does not exist (not even hidden or archived off somewhere). I believe that Combofix may be mis-flagging the absence of dsound.dll as an infection of the the file blocking access to it. Can somone please confirm if this may be the case.Thank you,Dave.

A:False Positives

Just scanned with DrWeb CureIT & SUPERAntispyware for completeness. Both say clean (except for tracking cookies).

Read other 1 answers
RELEVANCY SCORE 70

i have used the following internet secuirty suites for finding viruses,malware,adware and all that stuff.
(bitdefender,kaspersky,eset,norton,2013)
after some scans that i 've made i realised that for example if i have a virus and put it into my computer some of the antivirus take it as a virus and delete it and others say that the file is clean.
i'm confused here cause i cant know for sure which one of them says the truth and which reads false positives.
is there a possible way to find for sure if a file is dangerous?
some programs or good internet pages for testing files?
i'm expecting your precious help.
thanks a lot......

A:false positives

Submit your samples to https://www.virustotal.com/en/ and http://virusscan.jotti.org/en  they both use multiple scanning engines.

Read other 1 answers
RELEVANCY SCORE 70

We are running ATA 1.7, and are seeing a few Pass-the-Ticket alerts that all come from our internal VPN subnet (which does not group machines behind NAT, but where IP assignments are recycled frequently).  
The circumstance seems very similar to this earlier discussion, where false-positive PtT alerts were caused by short-term leases: https://social.technet.microsoft.com/Forums/security/en-US/df3a2c7e-131d-49a5-9912-8a00675eaa81/
So my questions:

Are there any known issues in 1.7 with Pass-the-Ticket false positives, possibly involving short term leases?If short-term leases are still a problem, what is the work-around now that "Short term lease subnets" setting has been removed configuration?

Read other answers
RELEVANCY SCORE 70

HiI downloaded Smitfraudfix.exe and now my AV is picking it up as a Virus, namely Trojan Horse Constructor.BRV. Is this a "False Positive" or should it be taken more seriously??Kind RegardsLogfile of Trend Micro HijackThis v2.0.2Scan saved at 13:19:41, on 15/05/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16640)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZONELABS\vsmon.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\Acer\Empowering Technology\admServ.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\WINDOWS\system32\svchost.exeC:\Acer\Empowering Technology\eDataSecurity\eDSloader.exeC:\WINDOWS\system32\rundll32.exeC:\Acer\Empowerin... Read more

A:False Positives

Hello LaurenCP and welcome to BleepingComputer,

Some components of SmitfraudFix can be detected as malware by some AV.
Nothing to worry about, although detection can lead to damaging or deleting the SmitfraudFix installer !!

Any reason why you would consider running SmitfraudFix though ?

Greetings,
Thunder

Read other 6 answers
RELEVANCY SCORE 70

I just pulled out and old computer & installed Avira Antivirus. It has popped up a couple of warnings in regards to TR/spy.43391 & TR/Agent.duu. I was previously running NOD32 on the system without any notifications. I haven't had any performance issues, or pop-ups. I looked at the HJT log myself, and didn't see anything, but I am not overly experienced with malware/trojans. I thought I would pass it by expert eyes to see if I have anything about which to be concerned. Your input is appreciated.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:04:28 PM, on 7/20/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Programs\Avira\AntiVir PersonalEdition Classic\sched.exeC:\Programs\Avira\AntiVir PersonalEdition Classic\avguard.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\Programs\PerfectDisk\PDSched.exeC:\WINDOWS�... Read more

A:Are These False Positives?

Hello jyxavier,Welcome to Bleeping Computer I don't see anything dire there, but let's do a couple of things to be sure. Your Java is way out of date, which leaves your computer vulnerable.Updating JavaDownload the latest version of Java Runtime Environment (JRE) 6_U7.Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".Click the "Download" button to the right.Check the box that says: "Accept License Agreement".The page will refresh.Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.Close any programs you may have running - especially your web browser.Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.Check any item with Java Runtime Environment (JRE or J2SE) in the name.Click the Remove or Change/Remove button.Repeat as many times as necessary to remove each Java versions.Reboot your computer once all Java components are removed.Then from your desktop double-click on jre-6-windows-i586.exe to install the newest version.Please download Malwarebytes' Anti-Malware from one of these places:http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.htmlhttp://www.besttechie.net/tools/mbam-setup.exeDouble Click mbam-setup.exe to install the application. * Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Fi... Read more

Read other 6 answers
RELEVANCY SCORE 70

I am primarily worried about what I believe to be false positives that I have received from Tenebril Spycatcher Express and Advanced Spyware Remover 1.86. Both programs seemed cheap and as if they were not working. I have the paid version of Spyware Doctor 4, windows defender, spyware blaster, and avast antivirus installed and routinely run spybot s&d and ad aware SE. I am new to this hijackthis thing so I was just wondering if someone could tell me if anything in my log looks suspicious. Thanks in advance:


Logfile of HijackThis v1.99.1
Scan saved at 4:43:50 AM, on 5/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program ... Read more

A:False Positives

Hello Goodguy12 and welcome to TSF,

Quote:




I am primarily worried about what I believe to be false positives that I have received from Tenebril Spycatcher Express and Advanced Spyware Remover 1.86




Can you give me a bit more detail? What is it finding?

Download Deckard's System Scanner (DSS) to your Desktop.

What DSS will do:create a new System Restore point in Windows XP and Vista.
clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
check some important areas of your system and produce a report for your analyst to review.
DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

Note: You must be logged onto an account with administrator privileges.Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt in your next reply.
Please attach extra.txt to your post.
To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Co... Read more

Read other 1 answers
RELEVANCY SCORE 69.2

Need help with possible false positives found by Trend Micro Anti-Spyware 3.0 (with up-to-date definitions). See bottom of first log. Plus I added a HiJackThis Log. I've run all my other AS apps and none of found these.

--------------------------------- Anti-Spyware session started ---------------------------------
Machine=MAIN
Time=Sun Mar 12 08:22:02 2006
Product Version=3, 0, 1, 25
OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)

Started Scanning
Programs in Memory
Finished Scanning
Started Scanning
Internet Cookies
CoolWebSearch Variants (CWShredder)
Programs in Memory
Windows Registry
--------------------------------- Anti-Spyware session started ---------------------------------
Machine=MAIN
Time=Sun Mar 12 20:18:54 2006
Product Version=3, 0, 1, 25
OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)

Started Scanning
Programs in Memory
Finished Scanning
Web Browser Security Settings: Found '*' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\10sek.com\www'
Web Browser Security Settings: Found '*' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\2006ooo.com\www'
Web Browser Security Settings: Found '*' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\6sek.com\www'
Web Browser Security Settings: Found '*' in 'Software\Microsoft\Windows\CurrentVersion\Inte... Read more

A:Possible False Positives - HiJackThis Log

hi there,

those entries are ok and are placed there by spybot and possibly other security programmes. Basically these entries are there to block those sites so maybe include host entries to, is nothing to worry about!
You should remove most of those trusted as you have now given all those sites the power to download stuff to your computer when they want to!

Update your java to the latest version.
have hijack this fix these entries!
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - (no file)
O9 - Extra button: (no name) - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - (no file)
 

Read other 3 answers
RELEVANCY SCORE 69.2

just ran the latest adwcleaner and it found a bunch of folders in c:\programdata.  can not determine what they are and if they are safe to delete.  thanks
 
# AdwCleaner v5.008 - Logfile created 18/09/2015 at 07:14:16
# Updated 18/09/2015 by Xplode
# Database : 2015-09-17.3 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : xxxxx
# Running from : C:\Users\Guru\Desktop\adwcleaner_5.008.exe
# Option : Scan
# Support : http://toolslib.net/forum
***** [ Services ] *****
***** [ Folders ] *****
Folder Found : C:\ProgramData\{003FC4B1-B5E2-4EF0-A9B3-CCEB0DDC2E93}
Folder Found : C:\ProgramData\{0DEDF45C-1DEC-4670-AACA-9EC906125BFB}
Folder Found : C:\ProgramData\{34007C15-AD5B-4CB2-A047-04AB415A841A}
Folder Found : C:\ProgramData\{3C2CC1BA-EC03-48E5-A0EF-A0B455E1343F}
Folder Found : C:\ProgramData\{52D09854-2F4F-4842-8F87-5574CD6A7EE6}
Folder Found : C:\ProgramData\{54B6D04D-4477-4BDA-9A8C-DEB315E0282D}
Folder Found : C:\ProgramData\{7D1F40B1-FDA9-48B3-9A00-C43B98B6061B}
Folder Found : C:\ProgramData\{AA5C05EA-7FB9-4519-BBE2-03ADD8EF0E5D}
Folder Found : C:\ProgramData\{E314972B-E8D6-465D-AE74-6CC08535701F}
Folder Found : C:\ProgramData\{EC2F7042-ADE8-4F04-9A7E-2316AD6311E2}
Folder Found : C:\ProgramData\{ECC7C149-0591-48b1-A207-38A9B40B25C3}

A:adwcleaner false positives?

Hi onehurst Do you have a program called "Topaz Detail 2" installed on your system? Basically, do you have any "Topaz" programs installed?

Read other 14 answers
RELEVANCY SCORE 69.2

I am wondering about some of a-squares findings on my latest scan. Things like winamp and win7codecs muc surely be clean:






Quote:
a-squared Free - Version 4.5
Last update: 27/01/2010 12:24:14

Scan settings:

Scan type: Smart Scan
Objects: Memory, Traces, Cookies, C:\Windows\, C:\Program Files (x86)
Scan archives: On
Heuristics: Off
ADS Scan: On

Scan start: 27/01/2010 12:27:47

Value: HKEY_CLASSES_ROOT\CLSID\{44EEAD9B-4EB1-4236-83BC-1273BB4B01EF} --> AppID detected: Trace.Registry.PC Doc Pro!A2
Value: HKEY_CLASSES_ROOT\CLSID\{44EEAD9B-4EB1-4236-83BC-1273BB4B01EF}\InprocServer32 --> ThreadingModel detected: Trace.Registry.PC Doc Pro!A2
Value: HKEY_CLASSES_ROOT\CLSID\{6C9CA10D-E604-47FB-A2F9-C9A013193609}\InProcServer32 --> ThreadingModel detected: Trace.Registry.PC Doc Pro!A2
Value: HKEY_CLASSES_ROOT\CLSID\{892F787F-B650-4A3E-AA5B-2B8021CE4D0A} --> AppID detected: Trace.Registry.PC Doc Pro!A2
Value: HKEY_CLASSES_ROOT\CLSID\{892F787F-B650-4A3E-AA5B-2B8021CE4D0A}\InprocServer32 --> ThreadingModel detected: Trace.Registry.PC Doc Pro!A2
Value: HKEY_CLASSES_ROOT\CLSID\{A0B0E5AB-617C-4A7D-8A94-9937D24B6670} --> AppID detected: Trace.Registry.PC Doc Pro!A2
Value: HKEY_CLASSES_ROOT\CLSID\{A0B0E5AB-617C-4A7D-8A94-9937D24B6670}\InprocServer32 --> ThreadingModel detected: Trace.Registry.PC Doc Pro!A2
Value: HKEY_CLASSES_ROOT\CLSID\{B34CCD89-D1CD-4F9A-BA6C-936BA7F7A239} --> AppID detected: Trace.Registry.PC D... Read more

A:a-square false positives?

no opinions?

Read other 4 answers
RELEVANCY SCORE 69.2

Hello everyone!

I just got done running a Emsisoft Anti-Malware free on quick scan and it picked up a lot of stuff. Some stuff, I know about as being detected and listed as malware, but I have not had any problems with, in that area that I know of. There are others that have been detected that I am not sure about whether they are malware or are legit or have had high instances of being used by malware or is a false positive?

I am including the report from the scan I ran and also could someone please explain to me what the report says.
Emsisoft Anti-Malware - Version 5.0
Last update: 11/6/2010 9:44:57 PM

Scan settings:

Scan type: Quick Scan
Objects: Memory, Traces, Cookies
Scan archives: Off
Heuristics: Off
ADS Scan: On

Scan start: 11/6/2010 9:45:52 PM

c:\programdata\microsoft\windows\start menu\programs\The Weather Channel detected: Trace.Directory.Desktop Weather!A2
c:\program files\The Weather Channel FW detected: Trace.Directory.Desktop Weather!A2
c:\program files\search toolbar detected: Trace.Directory.HuntBar.Stoolbar!A2
c:\programdata\microsoft\windows\start menu\programs\imesh detected: Trace.Directory.IMesh!A2
c:\program files\iMesh Applications\iMesh detected: Trace.Directory.iMesh!A2
c:\program files\iMesh Applications\iMesh\HTML detected: Trace.Directory.iMesh!A2
c:\program files\iMesh Applicati... Read more

A:Not sure if I have malware or false positives?

Hello I am not sure of which you refer ,but all there are spyware and adware ,some in the form of tool bars and some the result of file sharing. I remove all those myself if I found them in my scans.Let's look at another log.Next run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware and save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.
For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner ta... Read more

Read other 7 answers
RELEVANCY SCORE 69.2

Website blocked by Trend Micro Internet Security Opening this website may put your security at risk Trend Micro has not yet evaluated this website -------------------------------------------------------------------------------- The website you wanted to see might transmit malicious software to your computer, or has done that before to someone else. It may also show signs of involvement in online scams or fraud.Because you have set your Protection Against Web Threats to "High," all websites not yet checked by Trend Micro have been blocked for your protection. Address: http://download.bleepingcomputer.com/sUBs/ComboFix.exe Rating: Dangerous What you can do: Try visiting another site to find the information you want. Notify Trend Micro to review this page if you consider it safe. If you still want to see this blocked page: 1.Open the Trend Micro Internet Security console.2.Click Internet & Email Controls. 3.Click the Settings... button under Protection Against Web Threats. 4.Click the Approved websites link in the next window that opens. 5.Copy and paste the address of the blocked website into the list.

A:Talking about false positives.

Certain embedded files that are part of legitimate programs or specialized fix tools such as Combofix may at times be detected by some anti-virus and anti-malware scanners as a "Risk Tool", "Hacking Tool", "Potentially Unwanted Program", or even "Malware" (virus/trojan) when that is not the case. This occurs for a variety of reasons to include the tool's compiler, the files it uses, registry fixes, malware strings it contains and the type of security engine that was used during the scan.Such programs have legitimate uses in contexts where a Malware Removal Expert asked you to use the tool or when an authorized user/administrator has knowingly installed it. When flagged by an anti-virus or security scanner, it's because the program includes features, behavior or files that appear suspicious or which can potentially be used for malicious purposes. These detections do not necessarily mean the file is malware or a bad program. It means it has the potential for being misused by others or that it was simply detected as suspicious due to the security program's heuristic analysis engine which provides the ability to detect possible new variants of malware. Anti-virus scanners cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert you or even automatically remove them. In these cases the detection is a "False Positive".

Read other 1 answers
RELEVANCY SCORE 69.2

After CCleaner was hacked with malware, I started to scan every .exe with VirusTotal. Unfortunately it is difficult to find a completely clean file.
I've just upload firefox installer and Uplay installer (from Ubisoft) and here you have results:
https://www.virustotal.com/it/file/d3a5e796a0e07b850a150fb15230d9620d88c2b582409b4fcc22acca0c865133/analysis/1506879300/
https://www.virustotal.com/it/file/dffa2b7fd055a691e67b07f5a303b99c6482d0cf9e455525919958782a5f38f1/analysis/1506879573/
I downloaded them from official website but the episode of CCleaner teaches that it is not enough!
Are they false positive? 

A:VirusTotal and false positives

After CCleaner was hacked with malware, I started to scan every .exe with VirusTotal. Unfortunately it is difficult to find a completely clean file.
I've just upload firefox installer and Uplay installer (from Ubisoft) and here you have results:
https://www.virustotal.com/it/file/d3a5e796a0e07b850a150fb15230d9620d88c2b582409b4fcc22acca0c865133/analysis/1506879300/
https://www.virustotal.com/it/file/dffa2b7fd055a691e67b07f5a303b99c6482d0cf9e455525919958782a5f38f1/analysis/1506879573/
I downloaded them from official website but the episode of CCleaner teaches that it is not enough!
Are they false positive? 
It is probably a dumb question, but I'd like to have some answers.

Read other 5 answers
RELEVANCY SCORE 69.2

I have XP Home Edition on a Dell Dimensions 4400. I use Avast AV and also scan with Malwarebytes and Superantispyware weekly. Last week all my contacts in my Yahoo account started getting emails that I didn't send. I scanned with the three programs mentioned above along with Panda online scan and nothing was found except for some minor spyware. I had to delete that Yahoo account and open a new one.

Lately, pages laod slower then usual and when they are loaded it takes maybe 30 seconds before they're functional jump around a little, scroll bar won't work right away, etc.]

I scanned with something called RemoveIT Pro and it says I have 19 infected files. I uploaded three of them to VirusTotal and they all came up clean so I stopped. Some of the files it claims are infected are sys32.arf [VirusTotal-clean] sys32.ssupdate [clean]. Do I have issues or is this a ploy to get me to upgrade to the paid version since the trial won't fix anything? Heres's my HJT log if needed. Thank you in advance.

ogfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:12:01 PM, on 8/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.e... Read more

Read other answers
RELEVANCY SCORE 69.2

Hi,

Was working a bit w/ Lawrence and he suggested that my problems may be FP's but said I could post here. I spent last Sat in the HJT forum to get cleaned from some other issues. Yesterday, however, my Avast detected the following & called them Rootkits...

A0001119.dll C://System Volume Information\_restore...
swg.dll C://Program Files\Google\GoogleToolbarNotifier\5.1.1309.3...

It reports that they were used last a week prior to my HJT clean up so I am not sure if they have been there, are new or are False P's. I am unable to copy all the info from the Virus Chest. Please let me know what else you need. I did notice something new that appeared in my Sch. Tasks, which is where my other infections were appearing. It is a Google Updater that is suppose to update but says it never does????

I would appreciate any assistance..Thanks!

Alan

A:Rootkits or False Positives?

Hello.That is a restore point. I'm not exactly sure on that google thing however. If you could give me a complete log via AVG's Computer scanner page and export to .xls file that would be helpful.Please run MBAM first.Download and run MalwareBytes Anti-MalwarePlease download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finishe... Read more

Read other 22 answers
RELEVANCY SCORE 69.2

Filename: C:\System Volume Information\_restore {88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP334\A0036436.exe
Detection: Is the Trojan horse TR/Agent.1402880

Filename: C:\hp\recovery\wizard\SWR_Wizard.exe
Detection: Is the Trojan horse TR/Agent.1402880

Are these couple of files viruses or false positives?
 

Read other answers
RELEVANCY SCORE 69.2

This is becoming pretty annoying.

As of late WD is reporting a lot of apps I have laying around as some virus.

Anyone?

If WD keeps reporting false positives I may consider swapping my AV for another one, even if I hate AVAST, AVG and the such with passion.

A:Lots of false positives with WD lately

Originally Posted by eLPuSHeR


This is becoming pretty annoying.

As of late WD is reporting a lot of apps I have laying around as some virus.

Anyone?

If WD keeps reporting false positives I may consider swapping my AV for another one, even if I hate AVAST, AVG and the such with passion.



What Apps?

What Definition version are you on?

Read other 0 answers
RELEVANCY SCORE 69.2

I purchased a new windows ten acer tablet/surface tablet , and I noticed there was some bad ratings online postings for the checkups on their database on emsisoft hijack free , when it directs you online. The deal is brand new right out of the box...and also they sound similar to what I noticed on my pc.
The listed ones were smss.exe process i.d. 360 /crss.exe pr. id 588 /crss.exe pr id 676 / services pr. id 792 /svchost exe pr. id 6784. Just took it out of the box. If they are false positives, how would you address this or diagnose this for your machine? Thanks.
 

A:False positives on EMS HIjackfree?

Well as long the locations are valid from Windows Directory then the process shown to HijackFree are FP.

You may refer to post a problem on their forum page under Other Emsisoft Products . They will check that as possible and update HijackFree to clean possible misflagged threats.
 

Read other 6 answers
RELEVANCY SCORE 69.2

Hi,

I did post this in the Avast forum as well.

First, I keep a very clean system running multiple AV/AS protections, use a hard & soft firewall & am very careful where I go online.

Tonight, Avast picked up the following just after SuperAntiSpyware came up clean.

Infection: A0012663.exe
Location: C:\SystemVolumeInformation\_restore{.........}\RP93
Virus: Win32:Malware-gen

Infection: Inchtour.exe
Location: C:\ProgramFiles\MicrosoftWorks\
Virus: Win32:Malware-gen

I have since scanned with Avast again & MBAM & came up clean. The infections are in the chest.

I did need to download some PDF & Word email attachments today from schools. I scanned the files & they came up clean. I also ran 3 different full scans after I downloaded the docs from one school & all was clean. I then downloaded docs from the 2nd school, which is a college, & ran some scans & came up clean. Not sure if I ran Avast at that time. I did run Avast a few hours later & that's when it picked up the infections.

Any thoughts?

Thanks!

A:Avast False Positives?

Anytime you suspect a file may be a false positive, get a second opinion. Go to Jotti's virusscan or VirusTotal. In the "File to upload & scan" box, browse to the location of the suspicious file(s) and submit (upload) it for scanning/analysis.If it is a false detection, then you should contact the anti-virus tech support and advise them as you already have done so they can investigate and make corrections. Once a file is received, a technician can examine it in more detail and provide a report letting you know the results. You should also contact and advise the program vendor that one of their files is being detected as a threat. In many cases they will work with the anti-virus techs in an attempt to resolve the detection.The detected _restore{GUID}\RP***\A00*****.xxx file(s) identified by your scan are in the System Volume Information Folder (SVI) which is a part of System Restore. The *** after RP represents a sequential number automatically assigned by the operating system. The ***** after A00 represents a sequential number where the original file was backed up and renamed except for its extension. To learn more about this, refer to:Restore Point ForensicsForensic Analysis of System Restore Points in Microsoft Windows XPSystem Restore is the feature that protects your computer by monitoring a core set of system and application files and by creating backups (snapshots saved as restore points) of vital system configurations and files before change... Read more

Read other 18 answers
RELEVANCY SCORE 69.2

Malware is bad, but false positives are almost as bad, in my experience.

I know no single antimalware is perfect, and free programs aren't near the quality of pay programs, and you often have to run 2 or more to find everything. MSE is.... well, it's free and part of Window sand while it offers live protection and is okay at catching a lot of bad stuff, I've had a few false positives with it, generally jpeg files and it only happens on occasion. I think it's an instance of the new definitions set having a bug that flags an image file the second it's created on the hard drive. It's happened... maybe 3 times for me and I know the files were safe otherwise.

I haven't had a malware infection for months. I was clean as of March, at the very least. I run MSE, Malwarebytes and SAS, with TDSSkiller on hand. I run a scan once a week and, at most, I find the same few tracking cookies. Between Adblock Plus, NoScript and Spybot's immunizations, I'm dodging the stuff the infects through browsers.

This morning I was playing freeware game Gungirl 2 on my secondary Dell XP computer, and on exiting the game I get a popup that says "stdst.exe has stopped working". A program not quitting right on exit isn't a big deal in itself, I've gotten somewhat used to it for certain games, especially freeware titles... Google that up and find lots of mentions of malware. So I have to run scans on both PCs and files on the Dell were taken off the Gateway.

EXCEPT I'm not infected as it seems s... Read more

A:I hate false positives

I agree false positives are a problem.
When you find a questionable file, you can upload it to VirusTotal.
That will scan it with a LOT of scanners.
If only 1 or 2 show an issue while 40+ say it's ok, it's probably an FP.
https://www.virustotal.com/en/

Upload your stdst.exe and see what VT reports...

Read other 9 answers
RELEVANCY SCORE 69.2

I downloaded an update to the latest version of the Portable Apps version Libre Office. On attempting to install the program (as far as I can tell it is a complete replacement of the earlier version) my Avast virus scanner alerted on two .dll files included in the update. The flagged files were smplmaillo.dll and wpftcalclo.dll. In both cases, the virus was identified as Win32:Evo-gen[Susp].

I had similar problems with another program downloaded from the same site (don't remember now what it was), and I believe the identified virus was the same as the current detections. At that time, Avast also gave me trouble by declaring the mirror site as dangerous, which I just don't believe is the case. At that time, none of the other maleware scanner tools that I use (MalewareBytes, AdwCleaner) found any indication of a problem, and even a dedicated scan of the "infected" file with Avast turned up clean. So I just forced Avast to restore the file and went on my merry way, with no resulting problems, as far as I can tell

I would like to believe that these were false positive detections. I have obtained quite a lot of very good software from the Portable Apps site, and have been very happy with all of it.

So, I guess my question is whether anyone else has been having similar problems, either with false positives from Avast, or real problems with software that they have obtained from the Portable Apps site?
 

A:False positives from Avast ?

Read other 6 answers
RELEVANCY SCORE 69.2

I did a full scan with TSE and TS, both up-to-date with Avira/Bitdefender NOT enabled. The results for both of them were different. TSE showed about 7 false positives for malware (sorry no pic) and auto checked them for removal. TS showed 0. Both scans were performed back to back with no change in software.

Windows 10 Pro

Why is detection more accurate on TS compared to TSE in this simple test I did?
 

Read other answers
RELEVANCY SCORE 69.2

i am using windows xp and firefox browser. i have avira free antivirus and malwarebytes antimalware. noticed my browser was super slow, and earlier today avira informed me that it found 4 trojans.updated malwarebytes and did a scan, it did not detect anything. (it seems that the trojan is in the mbam.exe itself?!) next i scanned using avira, it detected the malware but was unable to remove them.any help appreciated, thanks!

A:avira gives false positives?

It looks like false positive to me.Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders, UN-check Hide protected operating system files.NOTE. Make sure to reverse the above changes, when done with this step.Upload following files to http://www.virustotal.com/ for security check:- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exeIMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.Post scan results.

Read other 6 answers
RELEVANCY SCORE 69.2

I scanned my system using Malwarebytes flash scan and here is the Log Files:
1/3/2012 3:24:19 PM
mbam-log-2012-01-03 (15-24-19).txt

Scan type: Flash scan
Scan options enabled: Memory | Startup | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: Registry | File System | P2P
Objects scanned: 139684
Time elapsed: 1 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 10
e:\users\public\documents\my pictures\aweks.pikz (Backdoor.Bot) -> Delete on reboot.
e:\users\public\documents\my pictures\my pictures.exe (Worm.AutoRun) -> Delete on reboot.
e:\users\public\documents\my pictures\my pictures.url (Trojan.Zlob) -> Delete on reboot.
e:\users\public\documents\my pictures\sample pictures\blue hills.exe (Trojan.Xanib) -> Delete on reboot.
e:\users\public\documents\my pictures\sample pictures\cakep.exe (Worm.Xanib) -> Delete on reboot.
e:\users\public\documents\my pictures\sample pictures\cuakep.exe (Worm.Xanib) -> Delete on reboot.
e:\users\public\documents\my pictures\sample pictures\sunset.exe (Trojan.Xanib) -> Delete on reboot.
e:\users\public\documents\my pictures\sample pictures\water lilies.exe (Trojan.... Read more

A:Malwarebytes false positives?

Necro,

No, it may not be getting all of it. What antivirus do you have in addition to Malwarebytes, and why isn't it picking anything up?

:It isn't a false positive if it deletes it, and then it reappears. Its a false positive if it deletes something that isn't a virus.

Read other 7 answers
RELEVANCY SCORE 69.2

here's a screenshot of avg free scan.

and i've only been on the virgin cable for 1 week! Not sure but they seem to come back after deleting em.

Here's Zonealarm activity:


My hijack post:
Logfile of HijackThis v1.99.1
Scan saved at 12:55:11, on 27/11/2007
Platform: Windows XP SP2, v.2149 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2149)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Contour Shuttle\ShuttleEngine.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe... Read more

A:I got 4 trojans. R they False positives?

Hi, i know everyone is very busy sorting out other ppl's more serious issues, therefore...i was wondering, would it be safe to assume that if my zonealarm has never reported more than 4 high-rated inbound blocked attacks since i first installed it that i may have deleted those 4 trojans? It does now report 600 inbound attacks, but they are not high-rated. Is that normal? Does everyone get 50 inbound attacks everyday? Or should it read
"0" if i dont have a virus? Thanks again!

Read other 7 answers
RELEVANCY SCORE 69.2

after an update on february the 9th, antivir started flagging some of gunbound's files as trojan.Downloader with its heuristics. I am pretty sure that this is a false positive so can some1 inform the createors of AntiVir?

A:Antivir More False Positives

Hi IHateAbnormalitiesIf you are sure that these are false positives, there is a help forum for the program. I know you don't need any help but you can post a topic there and someone will be able to stop those files being flagged, or will be able to put you in the right direction.http://www.free-av.de/cgi-bin/ubb/ultimate...i?ubb=forum&f=1David

Read other 1 answers
RELEVANCY SCORE 69.2

So I ran AdwCleaner and it detected these two files:
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Even after getting rid of them, they always come back upon start up. The Windows Installer box appears and automatically installs/uploads files, which I presume to be these. Clicking cancel doesn't work, since it'll just repeatedly do it again.
 
Are these harmless files, or is there something more sinister preventing me from getting rid of them? I ran Farbar and did notice some strange files in the logs, but I can't tell if they're legitimate Windows files or the trojans/worms/backdoors, etc. For example: wuauclt.exe, conime.exe, dllhost.exe...
I'm on XP, and running RKill, TDSSKiller, Malwarebytes, Avira, JRT didn't come up with anything for the last few days. I did install something that I regretted - WinCDEmu - but it was directly from the site and came up with nothing from scans. I got rid of it I believe, although I had to do a system restore to be thorough.
Thanks for any insight.

A:False Positives or Legitimate?

You can submit the files at VirusTotal - Free Online Virus and Malware Scan  to be scanned by numerous security programs.
 
BC has this to say about one file...conime.exe...<not used> - conime.exe - Program Information but if you can, submit the file to Virus Total before deleting.
 
Use the programs below to scan for malware and adware. From web searches...those two items in AdwCleaner log should be removed...
 
Download Malwarebytes' Anti-Malware from Here
Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
The scan may take some time to finish,so please be patient.
If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
While still on the Scan tab, click the link for View detailed log, and in the ... Read more

Read other 11 answers
RELEVANCY SCORE 68.4

routine a/v scan last Sat turned up 2 "viruses/trojans" according to avira, & it disabled them then deleted them & the files turned out to be files for PowerDVD & Dell Media Experience. So, had to reinstall both of those & log the files into avira as not dangerous etc. Just now, running MBAM scan & avira popped up again saying have several .dll files in system vol that are malware/trojan, same as the prev scan, so am thinking another false pos. Can someone take a look at the avguard log & give me some advice?? Thx
 

A:Solved: Avira false positives

switched back 2 avast. 2 many fp's...
 

Read other 1 answers
RELEVANCY SCORE 68.4

My MBAM detected 65 infected Trojan Downloaders on the 1 hour old Clean re-install of Win 7!!!

Anybody who had the same detection, dont get scared it is False positive:
For confirmation look here:
Trojan.Downloader detected in 65 system files - Malwarebytes Forum

Hope you guys haven't caught heart attack

A:malwarebytes DB error false positives

That's what I like about Norton AV--it doesn't scare me to death.

Read other 9 answers
RELEVANCY SCORE 68.4

Hello,

I have a peculiar situation with an XP SP3 computer, and it is difficult to ascertain the true status of the machine.

The customer claims that they were greeted with a notification about a virus, so they promptly ran a full scan with Lavasoft Adaware. After this was completed, numerous seemingly valid EXE files were relocated to quarantine.

Most of them were tagged with - LooksLike.Win32.InfectedFile!A (v)

Many of them were EXEs from commercial/vertical software programs that had been installed for years. Since it seemed highly unlikely that all these objects were truly infected, I restored them all.

The machine is running OK. There are some quirks and performance issues, but nothing very ominous.

I have since installed and run MalwareBytes, and it found a couple of believable threats that were removed.

I then ran a Kaspersky and AVIRA scan on the machine. Both of these found multiple infected EXE files again. So I submitted a handful of these to Virustotal, and the results were all over the map. Many files were found clean, but others got several hits (New WIN32, W32/Pift, Virus.Win32.Suspic.gen). One of these hits was a component of the freshly installed Malwarebytes program (mabamgui.exe).

Not to be deterred, I just downloaded and ran the ESet online scanner. And... it found NOTHING.

What in the world am I supposed to make of this? Is there a reasonably certain way that I can confirm/deny the infection on this box?

I cannot recall when I have se... Read more

Read other answers
RELEVANCY SCORE 68.4

Hello
 
Today I ran a Boot-time scan with Avast.  I received multiple hits for Trojans, Malware and Dropper-gen.  The problem is that 5 out of 6 of these are trusted programs.  Wsop.com is a NJ online poker site and the other I believe is ZoneAlarm Firewall.  I did not want to delete them until I could get some professional advice.  So far I have them sitting in Avast's Virus Chest.  Thanks for your help.
These are the files that are in my Virus Chest:
 
Name-PresentationFontCache.ni.exe   LoacationC:\Windows\Assembly\NativeImages\_v2.0.50727_32\PresentationFontCac#\4ce7fd62d4107fbe996ab305eb21ee6a
Virus-Win32:Malware-gen
 
Name-WSOP.com_NJ.exe
Location-C:\ProgramFiles\NJ.WSOP.com\bin
Virus-WIN32:Dropper-gen[Drp]
 
Name-WSOP.com_NJ.exe
Location-C:\ProgramFiles\NJ.WSOP.com\bin
Virus-FileRepMalware
 

Name-WSOP.com_NJ.exe
Location-C:\ProgramFiles\NJ.WSOP.com\bin
Virus-FileRepMalware
 
Name-Zafwsetup_120_121_000.exe
Location-C:\Documentand Settings\Mom\My document\Downloads

Virus-Win32:Trojan-gen
 
Name-GLH059.TMP
Location-C:Program files\NJ.WSOP.com\bin
Virus-Virus-WIN32:Dropper-gen[Drp]
 

A:Could these Avast reports be false positives?

Hello and Welcome on board ,my Name is Machiavelli and I will assist you with your problem.If you booted into safe mode on your computer then print my instructions!I'm in the 'Malware Staff Team' and will provide you with advice:To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.Below are a few tips:Removing Malware is usually very difficult.We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day!Please follow these instructionsIf you don't follow the instructions your computer may crash. If you fix your PC by yourself, this can be very risky!Please stay in contact with me until your problem is resolvedAs Malware may not be totally removed in one session or in one day, please stay in contact with me until the problem is resolved.Please don't run any other tools without consulting with me as this can complicate finding and removing all MalwareDon't run any tools while I'm fixing your PC. That is counter productive and again, will only complicate finding and removing all Malware!Read my post completelyIf you don't do so, you may make mistakes that could result in your System crashing by your own ... Read more

Read other 6 answers
RELEVANCY SCORE 68.4

I recently updated AVG Free Edition to version 2014. After the update I run a scan and AVG reported 22 IRP Hooks that it couldn't remove so I downloaded Malwarebytes' Anti-Malware and run a scan and MB Anti-Malware found nothing. A few days after I run another scan (AVG) and it reported 40 IRP Hooks. So I downloaded Malwarebytes' Anti-Rootkit and run a scan but it found nothing. Another few days after I run a scan agan with AVG and it found 22 IRP Hooks. Are that false positives, or?
(I attached the reports. The Malwarebytes' reports are on Croatian, so use Google Translate.)

A:AVG reports IRP Hooks - false positives, or?

Please download and run Belarc.
 
Scroll down to toward the bottom of the page where Software Versions and Usage is located.  
 
Please copy and past the list of software in your next post.  
 
What I'm about to post should not be taken personally, it is simply an explanation.
 
Since I do not have any idea what I'm downloading from links provided in topics I will not download these to my computer.  If you can copy and paste these logs in this topic, please do so.
 
Thank you for understanding.

Read other 2 answers
RELEVANCY SCORE 68.4

Whilst browsing the Internet, I got an alert from Bitdefender that an obscure file on my PC had been declared malicious and was asking me to confirm whether to block it or not. No sooner had that happened than another message appeared concerning another file, and then another and another, and I kept blocking them until I realised that these were flagging trusted programs I have had installed for years. I ran a deep scan straightaway and located a single trojan which was apparently deleted without any fuss (I don't know when precisely I may have picked this up). However I am still getting alerts whenever I try to open an .exe file, saying that Bitdefender considers it a malicious program and advises blocking it. Beyond the alerts, though, there doesn't seem to be any problem - nothing has appeared on scans, even when scanning an individual file that Bitdefender has specifically warned against, and I don't appear to be suffering from any traditional symptoms of viruses (slowdowns, pop-ups, re-directions etc).
Is it possible that Bitdefender itself is at fault here, and is trying to block perfectly clean files (could this be related to the recent mess over their update?), or is it possible than my PC is genuinely infected? I would appreciate any help or advice on this matter; I find it hard to believe that Bitdefender would warn against opening dangerous files and then show no sign of recognition when they are scanned with the same program...

A:False positives or a genuine threat?

Honestly, I would ask one of the responders to take a look at your logs. While the files themselves might not be infected, it's quite possible you have an active infection that is being detected when those trusted programs are run, thus setting off a false positive on the file, when the infection is already in memory. Perhaps a bad winlogon notifier dll entry or similar. Just an example, of course - I would pursue more active detection, though.Remove unnecessary quote. ~ OB

Read other 5 answers