a-Squared false positives?

a-Squared false positives?

Secure Home | Search | About

Login Password

Microsoft Antivirus Discussions - Anti-virus discussions related to Microsoft products

Bookmark this page: YahooMyWeb

YahooMyWeb

Google

Windows Live Favorites

del.icio.us

del.icio.us digg

digg

Add to Netscape

Subject

Author

Date

a-Squared false positives?

<Jeff

05-24-2009

Re: a-Squared false positives?

Johnw

Re: a-Squared false positives?

<Jeff

Re: a-Squared false positives?

FromTheRafters

Re: a-Squared false positives?

<Jeff

Posted by on May 24, 2009, 11:55 pm

If you were Registered and logged in, you could reply and use other advanced thread options

Hi

I run a pretty clean XP laptop, using Avast, Spybot, Ad-Aware, etc. I
decided to run a scan using a-Squared free with its latest updates and was
shocked by all it found.

Many of what it found dangerous are out of my I386 which came with the
laptop. I suspect many of these are false positives because none of my
other utilities find them to be dangerous so I decided not to remove what it
found. I would appreciate any advice.

Jeff

Here is the list from the a-Squared free log:

Key: HKEY_CLASSES_ROOT\clsid\
detected: Trace.Registry.KeyLogger.wintective!A2
Key: HKEY_CLASSES_ROOT\clsid\
detected: Trace.Registry.KeyLogger.wintective!A2
Key: HKEY_CLASSES_ROOT\typelib\
detected: Trace.Registry.KeyLogger.wintective!A2
Value:
HKEY_CLASSES_ROOT\CLSID\\InprocServer32
--> ThreadingModel detected: Trace.Registry.PC Police 2.4!A2
Value:
HKEY_CLASSES_ROOT\CLSID\\InprocServer32
--> ThreadingModel detected: Trace.Registry.PC Police 2.4!A2
Value:
HKEY_CLASSES_ROOT\CLSID\\InprocServer32
--> ThreadingModel detected: Trace.Registry.PC Police 2.4!A2
Value:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\\InprocServer32
--> ThreadingModel detected: Trace.Registry.PC Police 2.4!A2
Value:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\\InprocServer32
--> ThreadingModel detected: Trace.Registry.PC Police 2.4!A2
Value:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\\InprocServer32
--> ThreadingModel detected: Trace.Registry.PC Police 2.4!A2
Value:
HKEY_CLASSES_ROOT\CLSID\\InprocServer32
--> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
Value:
HKEY_CLASSES_ROOT\CLSID\\InprocServer32
--> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
Value:
HKEY_CLASSES_ROOT\CLSID\\InprocServer32
--> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
Value:
HKEY_CLASSES_ROOT\CLSID\\InprocServer32
--> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
Value:
HKEY_CLASSES_ROOT\CLSID\\InprocServer32
--> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
Value:
HKEY_CLASSES_ROOT\CLSID\\InprocServer32
--> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
Value:
HKEY_CLASSES_ROOT\CLSID\\InprocServer32
--> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
Value:
HKEY_CLASSES_ROOT\CLSID\\InprocServer32
--> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
Value:
HKEY_CLASSES_ROOT\CLSID\\InprocServer32
--> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
Value:
HKEY_CLASSES_ROOT\CLSID\\InprocServer32
--> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
Value:
HKEY_CLASSES_ROOT\CLSID\\InprocServer32
--> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
Value:
HKEY_CLASSES_ROOT\CLSID\\InprocServer32
--> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
Value:
HKEY_CLASSES_ROOT\CLSID\\InprocServer32
--> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
Value:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\\InprocServer32
--> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
Value:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\\InprocServer32
--> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
Value:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\\InprocServer32
--> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
Value:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\\InprocServer32
--> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
Value:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\\InprocServer32
--> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
Value:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\\InprocServer32
--> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
Value:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\\InprocServer32
--> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
Value:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\\InprocServer32
--> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
Value:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\\InprocServer32
--> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
Value:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\\InprocServer32
--> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
Value:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\\InprocServer32
--> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
Value:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\\InprocServer32
--> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
Value:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\\InprocServer32
--> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
C:\Documents and Settings\Jeff\Cookies\jeff@media6degrees[1].txt detected:
Trace.TrackingCookie.media!A2
C:\Program Files\MSN Gaming Zone\Windows\bckgzm.exe detected:
Virus.Win32.Virut.q!IK
C:\Program Files\MSN Gaming Zone\Windows\hrtzzm.exe detected:
Virus.Win32.Virut.q!IK
C:\Program Files\TurboTax\Deluxe 2006bit\MSXML3.EXE detected:
Backdoor.Win32.Beastdoor!IK
C:\Program Files\TurboTax\Deluxe 2007bit\MSXML3.EXE detected:
Backdoor.Win32.Beastdoor!IK
C:\System Volume
Information\_restore\RP354\A0174689.DLL
detected: Trojan-Downloader.Win32.Small!IK
C:\WINDOWS$hf_mig$\KB896423\SP2QFE\spoolsv.exe detected:
Virus.Win32.Patched.B!IK
C:\WINDOWS\Driver Cache\i386\driver.cab/pctspk.exe detected:
Virus.Win32.Virut.b!IK
C:\WINDOWS\I386\BCKGZM.EX_/bckgzm.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\I386\DMSERVER.DL_/dmserver.dll detected: Virus.Win32.Messoum!IK
C:\WINDOWS\I386\DRIVER.CAB/pctspk.exe detected: Virus.Win32.Virut.b!IK
C:\WINDOWS\I386\EVTRIG.EX_/evtrig.exe detected: Virus.Win32.Virut.ar!IK
C:\WINDOWS\I386\HRTZZM.EX_/hrtzzm.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\I386\MQTRIG.DL_/mqtrig.dll detected: Win32.Cadoiac.A!IK
C:\WINDOWS\I386\NWSCRIPT.EX_/nwscript.exe detected: Win32.Luder!IK
C:\WINDOWS\I386\ODBCCONF.EX_/odbcconf.exe detected: Win32.Cadoiac.A!IK
C:\WINDOWS\I386\RSOPPROV.EX_/rsopprov.exe detected: Win32.Luder!IK
C:\WINDOWS\I386\RSVP.EX_/rsvp.exe detected: Win32.Luder!IK
C:\WINDOWS\I386\SETUP50.EX_/setup50.exe detected: Virus.Win32.Vulgar!IK
C:\WINDOWS\I386\SYSINFO.EX_/sysinfo.exe detected: Virus.Win32.Virut.ar!IK
C:\WINDOWS\I386\TASKKILL.EX_/taskkill.exe detected: Win32.Luder!IK
C:\WINDOWS\I386\WEXTRACT.EX_/wextract.exe detected:
Backdoor.Win32.Beastdoor!IK
C:\WINDOWS\I386\WININET.DL_/wininet.dll detected: Virus.Win32.Nsag.A!IK
C:\WINDOWS\I386\WUAUSERV.DL_/wuauserv.dll detected: Virus.Win32.Messoum!IK
C:\WINDOWS\system32\dllcache\bckgzm.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\dllcache\hrtzzm.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\dllcache\nwscript.exe detected: Win32.Luder!IK
C:\WINDOWS\system32\dllcache\pctspk.exe detected: Virus.Win32.Virut.b!IK
C:\WINDOWS\system32\dllcache\rsopprov.exe detected: Win32.Luder!IK
C:\WINDOWS\system32\dllcache\rsvp.exe detected: Win32.Luder!IK
C:\WINDOWS\system32\nwscript.exe detected: Win32.Luder!IK
C:\WINDOWS\system32\rsopprov.exe detected: Win32.Luder!IK
C:\WINDOWS\system32\rsvp.exe detected: Win32.Luder!IK
E:\Downloads\arw3.exe detected: Trojan.Win32.Agent2!IK
E:\Downloads\as25.exe detected: Trojan.Generic!IK
E:\Downloads\FRAPS setup.exe/fraps.dll detected: Trojan.Win32.Agent!IK
E:\Downloads\FSCaptureSetup63.exe/FSRecorder.exe detected:
Backdoor.Win32.Lithium.10.B5!IK
E:\Downloads\protectionid_v5.2c.rar/Protection_ID.exe detected:
Packed.Win32.Klone.af!IK
E:\Downloads\removewga(2).exe detected: Riskware.Risktool.RemoveWGA!IK
E:\Downloads\RemoveWGA.exe detected: Riskware.Risktool.RemoveWGA!IK
K:\System Volume
Information\_restore\RP342\A0172298.exe
detected: Trojan.Win32.Agent2!IK
K:\System Volume
Information\_restore\RP342\A0172299.exe
detected: Trojan.Generic!IK
K:\System Volume
Information\_restore\RP342\A0172322.exe/fraps.dll
detected: Trojan.Win32.Agent!IK
K:\System Volume
Information\_restore\RP342\A0172387.exe
detected: Riskware.Risktool.RemoveWGA!IK
K:\System Volume
Information\_restore\RP342\A0172388.exe
detected: Riskware.Risktool.RemoveWGA!IK

Posted by Johnw on May 25, 2009, 1:21 am

If you were Registered and logged in, you could reply and use other advanced thread options

Jeff@unknown.com used his keyboard to write :

> Hi

>

> I run a pretty clean XP laptop, using Avast, Spybot, Ad-Aware, etc. I

> decided to run a scan using a-Squared free with its latest updates and was

> shocked by all it found.

>

> Many of what it found dangerous are out of my I386 which came with the

> laptop. I suspect many of these are false positives because none of my

> other utilities find them to be dangerous so I decided not to remove what it

> found. I would appreciate any advice.

>

> Jeff

>

> Here is the list from the a-Squared free log:

>

> Key: HKEY_CLASSES_ROOT\clsid\

> detected: Trace.Registry.KeyLogger.wintective!A2

> Key: HKEY_CLASSES_ROOT\clsid\

> detected: Trace.Registry.KeyLogger.wintective!A2

> Key: HKEY_CLASSES_ROOT\typelib\

> detected: Trace.Registry.KeyLogger.wintective!A2

> Value:

> HKEY_CLASSES_ROOT\CLSID\\InprocServer32

> --> ThreadingModel detected: Trace.Registry.PC Police 2.4!A2

> Value:

> HKEY_CLASSES_ROOT\CLSID\\InprocServer32

> --> ThreadingModel detected: Trace.Registry.PC Police 2.4!A2

> Value:

> HKEY_CLASSES_ROOT\CLSID\\InprocServer32

> --> ThreadingModel detected: Trace.Registry.PC Police 2.4!A2

> Value:

>

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\\InprocServer32

> --> ThreadingModel detected: Trace.Registry.PC Police 2.4!A2

> Value:

>

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\\InprocServer32

> --> ThreadingModel detected: Trace.Registry.PC Police 2.4!A2

> Value:

>

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\\InprocServer32

> --> ThreadingModel detected: Trace.Registry.PC Police 2.4!A2

> Value:

> HKEY_CLASSES_ROOT\CLSID\\InprocServer32

> --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2

> Value:

> HKEY_CLASSES_ROOT\CLSID\\InprocServer32

> --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2

> Value:

> HKEY_CLASSES_ROOT\CLSID\\InprocServer32

> --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2

> Value:

> HKEY_CLASSES_ROOT\CLSID\\InprocServer32

> --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2

> Value:

> HKEY_CLASSES_ROOT\CLSID\\InprocServer32

> --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2

> Value:

> HKEY_CLASSES_ROOT\CLSID\\InprocServer32

> --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2

> Value:

> HKEY_CLASSES_ROOT\CLSID\\InprocServer32

> --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2

> Value:

> HKEY_CLASSES_ROOT\CLSID\\InprocServer32

> --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2

> Value:

> HKEY_CLASSES_ROOT\CLSID\\InprocServer32

> --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2

> Value:

> HKEY_CLASSES_ROOT\CLSID\\InprocServer32

> --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2

> Value:

> HKEY_CLASSES_ROOT\CLSID\\InprocServer32

> --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2

> Value:

> HKEY_CLASSES_ROOT\CLSID\\InprocServer32

> --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2

> Value:

> HKEY_CLASSES_ROOT\CLSID\\InprocServer32

> --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2

> Value:

>

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\\InprocServer32

> --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2

> Value:

>

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\\InprocServer32

> --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2

> Value:

>

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\\InprocServer32

> --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2

> Value:

>

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\\InprocServer32

> --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2

> Value:

>

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\\InprocServer32

> --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2

> Value:

>

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\\InprocServer32

> --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2

> Value:

>

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\\InprocServer32

> --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2

> Value:

>

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\\InprocServer32

> --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2

> Value:

>

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\\InprocServer32

> --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2

> Value:

>

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\\InprocServer32

> --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2

> Value:

>

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\\InprocServer32

> --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2

> Value:

>

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\\InprocServer32

> --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2

> Value:

>

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\\InprocServer32

> --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2

> C:\Documents and Settings\Jeff\Cookies\jeff@media6degrees[1].txt detected:

> Trace.TrackingCookie.media!A2

> C:\Program Files\MSN Gaming Zone\Windows\bckgzm.exe detected:

> Virus.Win32.Virut.q!IK

> C:\Program Files\MSN Gaming Zone\Windows\hrtzzm.exe detected:

> Virus.Win32.Virut.q!IK

> C:\Program Files\TurboTax\Deluxe 2006bit\MSXML3.EXE detected:

> Backdoor.Win32.Beastdoor!IK

> C:\Program Files\TurboTax\Deluxe 2007bit\MSXML3.EXE detected:

> Backdoor.Win32.Beastdoor!IK

> C:\System Volume

> Information\_restore\RP354\A0174689.DLL

> detected: Trojan-Downloader.Win32.Small!IK

> C:\WINDOWS$hf_mig$\KB896423\SP2QFE\spoolsv.exe detected:

> Virus.Win32.Patched.B!IK

> C:\WINDOWS\Driver Cache\i386\driver.cab/pctspk.exe detected:

> Virus.Win32.Virut.b!IK

> C:\WINDOWS\I386\BCKGZM.EX_/bckgzm.exe detected: Virus.Win32.Virut.q!IK

> C:\WINDOWS\I386\DMSERVER.DL_/dmserver.dll detected: Virus.Win32.Messoum!IK

> C:\WINDOWS\I386\DRIVER.CAB/pctspk.exe detected: Virus.Win32.Virut.b!IK

> C:\WINDOWS\I386\EVTRIG.EX_/evtrig.exe detected: Virus.Win32.Virut.ar!IK

> C:\WINDOWS\I386\HRTZZM.EX_/hrtzzm.exe detected: Virus.Win32.Virut.q!IK

> C:\WINDOWS\I386\MQTRIG.DL_/mqtrig.dll detected: Win32.Cadoiac.A!IK

> C:\WINDOWS\I386\NWSCRIPT.EX_/nwscript.exe detected: Win32.Luder!IK

> C:\WINDOWS\I386\ODBCCONF.EX_/odbcconf.exe detected: Win32.Cadoiac.A!IK

> C:\WINDOWS\I386\RSOPPROV.EX_/rsopprov.exe detected: Win32.Luder!IK

> C:\WINDOWS\I386\RSVP.EX_/rsvp.exe detected: Win32.Luder!IK

> C:\WINDOWS\I386\SETUP50.EX_/setup50.exe detected: Virus.Win32.Vulgar!IK

> C:\WINDOWS\I386\SYSINFO.EX_/sysinfo.exe detected: Virus.Win32.Virut.ar!IK

> C:\WINDOWS\I386\TASKKILL.EX_/taskkill.exe detected: Win32.Luder!IK

> C:\WINDOWS\I386\WEXTRACT.EX_/wextract.exe detected:

> Backdoor.Win32.Beastdoor!IK

> C:\WINDOWS\I386\WININET.DL_/wininet.dll detected: Virus.Win32.Nsag.A!IK

> C:\WINDOWS\I386\WUAUSERV.DL_/wuauserv.dll detected: Virus.Win32.Messoum!IK

> C:\WINDOWS\system32\dllcache\bckgzm.exe detected: Virus.Win32.Virut.q!IK

> C:\WINDOWS\system32\dllcache\hrtzzm.exe detected: Virus.Win32.Virut.q!IK

> C:\WINDOWS\system32\dllcache\nwscript.exe detected: Win32.Luder!IK

> C:\WINDOWS\system32\dllcache\pctspk.exe detected: Virus.Win32.Virut.b!IK

> C:\WINDOWS\system32\dllcache\rsopprov.exe detected: Win32.Luder!IK

> C:\WINDOWS\system32\dllcache\rsvp.exe detected: Win32.Luder!IK

> C:\WINDOWS\system32\nwscript.exe detected: Win32.Luder!IK

> C:\WINDOWS\system32\rsopprov.exe detected: Win32.Luder!IK

> C:\WINDOWS\system32\rsvp.exe detected: Win32.Luder!IK

> E:\Downloads\arw3.exe detected: Trojan.Win32.Agent2!IK

> E:\Downloads\as25.exe detected: Trojan.Generic!IK

> E:\Downloads\FRAPS setup.exe/fraps.dll detected: Trojan.Win32.Agent!IK

> E:\Downloads\FSCaptureSetup63.exe/FSRecorder.exe detected:

> Backdoor.Win32.Lithium.10.B5!IK

> E:\Downloads\protectionid_v5.2c.rar/Protection_ID.exe detected:

> Packed.Win32.Klone.af!IK

> E:\Downloads\removewga(2).exe detected: Riskware.Risktool.RemoveWGA!IK

> E:\Downloads\RemoveWGA.exe detected: Riskware.Risktool.RemoveWGA!IK

> K:\System Volume

> Information\_restore\RP342\A0172298.exe

> detected: Trojan.Win32.Agent2!IK

> K:\System Volume

> Information\_restore\RP342\A0172299.exe

> detected: Trojan.Generic!IK

> K:\System Volume

>

Information\_restore\RP342\A0172322.exe/fraps.dll

> detected: Trojan.Win32.Agent!IK

> K:\System Volume

> Information\_restore\RP342\A0172387.exe

> detected: Riskware.Risktool.RemoveWGA!IK

> K:\System Volume

> Information\_restore\RP342\A0172388.exe

> detected: Riskware.Risktool.RemoveWGA!IK

I have a-Squared installed with others, which I would run & then google
what is left to see what is false.

Malwarebytes' Anti-Malware (MBAM)
http://www.softpedia.com/get/Antivirus/Malwarebytes-Anti-Malware.shtml
http://www.malwarebytes.org/mbam.php
Forum
http://www.malwarebytes.org/forums/
SUPERAntiSpyware (SAS)
http://www.softpedia.com/get/Internet/Popup-Ad-Spyware-Blockers/SUPERAntiSpyware.shtml
http://www.softpedia.com/progScreenshots/SUPERAntiSpyware-Screenshot-36499.html
http://www.superantispyware.com/index.html

Posted by on May 25, 2009, 8:25 am

If you were Registered and logged in, you could reply and use other advanced thread options

> Jeff@unknown.com used his keyboard to write :

>> Hi

>>

>> I run a pretty clean XP laptop, using Avast, Spybot, Ad-Aware, etc. I

>> decided to run a scan using a-Squared free with its latest updates

>> and was shocked by all it found.

>>

>> Many of what it found dangerous are out of my I386 which came with

>> the laptop. I suspect many of these are false positives because

>> none of my other utilities find them to be dangerous so I decided

>> not to remove what it found. I would appreciate any advice.

>>

>> Jeff

>>

>> Here is the list from the a-Squared free log:

>>

--

<snip>

> I have a-Squared installed with others, which I would run & then

> google what is left to see what is false.

But I also ran ZA Suite's virus check (which uses Kapersky) and it too found
nothing. I cannot beleive with all these other virus checkers finding
nothing, a-Squared alone found 82 virus signatures. Everybody else,
including Kapersky, cannot be that off! The a-Squared findings have to be
false positives.

Jeff

Posted by FromTheRafters on May 25, 2009, 9:23 am

If you were Registered and logged in, you could reply and use other advanced thread options

>> Jeff@unknown.com used his keyboard to write :

>>> Hi

>>>

>>> I run a pretty clean XP laptop, using Avast, Spybot, Ad-Aware, etc.

>>> I

>>> decided to run a scan using a-Squared free with its latest updates

>>> and was shocked by all it found.

>>>

>>> Many of what it found dangerous are out of my I386 which came with

>>> the laptop. I suspect many of these are false positives because

>>> none of my other utilities find them to be dangerous so I decided

>>> not to remove what it found. I would appreciate any advice.

>>>

>>> Jeff

>>>

>>> Here is the list from the a-Squared free log:

>>>

>

> --

>

> <snip>

>

>> I have a-Squared installed with others, which I would run & then

>> google what is left to see what is false.

>

> But I also ran ZA Suite's virus check (which uses Kapersky) and it too

> found nothing. I cannot beleive with all these other virus checkers

> finding nothing, a-Squared alone found 82 virus signatures. Everybody

> else, including Kapersky, cannot be that off! The a-Squared findings

> have to be false positives.

Sounds logical enough. You could submit some of the suspect executables
to virustotal.com or jotti.org to see what other AV engines have to say.
This also eliminates differences you may encounter by having different
settings between your local second opinion scans. Many of the executable
file detections were from archived (or compressed) files which your
Kaspersky *might* not be looking in in accordance with its
configuration.

Some AV vendors make use of these services as a feedback mechanism to
help them to correct false positives or to add detection for new
malware.

I'm tempted to agree with you, but that is an awful lot of malware to
casually dismiss as FPs.

Posted by on May 25, 2009, 4:56 pm

If you were Registered and logged in, you could reply and use other advanced thread options

FromTheRafters wrote:

>>> Jeff@unknown.com used his keyboard to write :

>>>> Hi

>>>>

>>>> I run a pretty clean XP laptop, using Avast, Spybot, Ad-Aware, etc.

>>>> I

>>>> decided to run a scan using a-Squared free with its latest updates

>>>> and was shocked by all it found.

>>>>

>>>> Many of what it found dangerous are out of my I386 which came with

>>>> the laptop. I suspect many of these are false positives because

>>>> none of my other utilities find them to be dangerous so I decided

>>>> not to remove what it found. I would appreciate any advice.

>>>>

>>>> Jeff

>>>>

>>>> Here is the list from the a-Squared free log:

>>>>

>>

>> --

>>

>> <snip>

>>

>>> I have a-Squared installed with others, which I would run & then

>>> google what is left to see what is false.

>>

>> But I also ran ZA Suite's virus check (which uses Kapersky) and it

>> too found nothing. I cannot beleive with all these other virus

>> checkers finding nothing, a-Squared alone found 82 virus signatures.

>> Everybody else, including Kapersky, cannot be that off! The

>> a-Squared findings have to be false positives.

>

> Sounds logical enough. You could submit some of the suspect

> executables to virustotal.com or jotti.org to see what other AV

> engines have to say. This also eliminates differences you may

> encounter by having different settings between your local second

> opinion scans. Many of the executable file detections were from

> archived (or compressed) files which your Kaspersky *might* not be

> looking in in accordance with its configuration.

>

> Some AV vendors make use of these services as a feedback mechanism to

> help them to correct false positives or to add detection for new

> malware.

> I'm tempted to agree with you, but that is an awful lot of malware to

> casually dismiss as FPs.

Your suggestion to get another opinion is a excellent one and I have been
doing that with virustotal.com. I sent several of the exe files that
a-Squared found to be infected with viruses to virustotal.com. I had them
recheck the actual files I sent and they all came back clean - including
their own a-Squared version 4.0.0.101! (Mine says it is version 4.5.0.1)

I also ran the Kapersky's online scanner (turning off my Avast AV during the
process)which also found nothing suspicious.

Unfortunately, I have no way to double check the registry entries that
a-Squared found to be infected because I cannot send these out to be
checked.

> I'm tempted to agree with you, but that is an awful lot of malware to

> casually dismiss as FPs.

That is why I wrote this thread. I run a very tight ship and have always
been very careful both with virus checkers and malware and rarely have
anything bad slip through. So this is unbelievable.

Could I have possibly downloaded a malware pretending to be a-Squared? Do
you know a safe site to download a-Squared from? The version I have was
downloaded ages ago and I do not usually use it. I did update it before the
check that scared the life out of me!

Similar Threads	Posted
False Positives?	February 13, 2010, 10:09 pm
False Reading?	November 9, 2005, 11:43 pm
WIN2000NT False prophets(!).	November 19, 2005, 7:21 am
seemingly false "webmaster" reports?	November 6, 2005, 1:13 pm
Win32.TrojanSpy.Goldun False Positive?	January 27, 2008, 5:16 pm
Zone Alarm Pro - False Positive Report of Ardamax.e?	November 12, 2007, 9:31 am
McAfee false-positive glitch [DAT 5664] fells PCs worldwide - FYI	July 4, 2009, 10:13 am
Is this a false positive or bug with IE 6, McAfee 8/9/10 or both IE 6 and McAfee?	June 26, 2006, 6:57 am

The site map in XML format XML site map

Contact Us | Privacy Policy