On an intelli scan SWD came up w/ 30 infections: Trojan-PSW.Win32.Delf.ej

I scanned w/ AVG and aSquared and they found nothing. Also submitted an online HJT file for auto scanning and it also found nothing.

Any thought's ???

...screamer


Edit: didn't realize that the scan wouldn't show full size :(

i can't really see the key

could you email me the image (my email is twright@antimalwaresupport.com) and i'll post a full size version

I received the same thing on the trial version. I think it's just a scam to get you to buy the program. Because I've run over 5 different spyware programs and not 1 has scanned and found a trojan other than spyware doctor. It also shows a lot of programs with warning that aren't even on my computer.

I received the same thing on the trial version. I think it's just a scam to get you to buy the program. Because I've run over 5 different spyware programs and not 1 has scanned and found a trojan other than spyware doctor. It also shows a lot of programs with warning that aren't even on my computer.
i dont think pctools SD tell you are infected just to make you buy the program
most program do it but i cant imagine pctools doing this
2 points my friend:
1 you are infected(and i can assure you SD CAn found a lot of infections and maybe other products found nothing
2- its a sd false positive..but its very rare with SD
hope this helps

I received the same thing on the trial version. I think it's just a scam to get you to buy the program. Because I've run over 5 different spyware programs and not 1 has scanned and found a trojan other than spyware doctor. It also shows a lot of programs with warning that aren't even on my computer.probably a FP then

strings of numbers can often set off FP's
it's not just to attract new customors, that's what the cookie scanner is for:D

I received the same thing on the trial version. I think it's just a scam to get you to buy the program. Because I've run over 5 different spyware programs and not 1 has scanned and found a trojan other than spyware doctor. It also shows a lot of programs with warning that aren't even on my computer.

You are wrong my friend. If SWD did use scare tactics / create FP to induce you to purchase the app, they would be on the Rouge Spyware List:

http://spywarewarrior.com/rogue_anti-spyware.htm

Instead, they are on the short list of trustworthy apps.

...screamer

i can't really see the key

could you email me the image (my email is twright@antimalwaresupport.com) and i'll post a full size version

Tom, did you get the image I sent you?

...screamer

Tom, did you get the image I sent you?

...screamerhere it is:
http://www.screencast.com/t/_46AKa4c0

sorry my main email address is twright@antimalwaresupport.co.uk (i posted the wrong one:o)

Well, I sent a support ticket to tech support regarding this find. In the meantime, I put it on the Global Action (Trust) List. We'lll see what TS says.

...screamer

SWD found this Trojan on my machine and I just clicked the fix button and it went away. A quick search shows this Tojan is present on other companies malware list. i.e. CounterSpy.

If SWD shows it as a know infection and other products don't, why do you think its a false positive and not just PC-Tools being ahead of the game?

Adrian

SWD found this Trojan on my machine and I just clicked the fix button and it went away. A quick search shows this Tojan is present on other companies malware list. i.e. CounterSpy.

If SWD shows it as a know infection and other products don't, why do you think its a false positive and not just PC-Tools being ahead of the game?

Adrianjudging by where in the redgisty it is located it not activly doing anything, it's just data sitting there (not doing more than a text file would), so it's not activly affecting the system

also taking into account the clean HJT log it's very unlikelly to be a trojan

On an intelli scan SWD came up w/ 30 infections: Trojan-PSW.Win32.Delf.ej

I scanned w/ AVG and aSquared and they found nothing. Also submitted an online HJT file for auto scanning and it also found nothing.

Any thought's ???

...screamer


Edit: didn't realize that the scan wouldn't show full size :(

Hi screamer,

In order for us to investigate this further, could you please send us a malware log?

Anthony, send it to whom, you?

...screamer

Anthony, send it to whom, you?

...screamer

Run the malware detective and PM me your email address or ticket number and I'll have the MRC team take a look at this and will get back to you :D

Hi everyone!

This is Ryan Pertusio from AutumnWave. We make HDTV tuners for PCs. A part of our software is also being identified as a 'False Positive' (Trojan-PSW.Win32.Delf.ej).

The file in question is:
C:\WINDOWS\system32\actskn43.ocx

In regards to the original poster, the registry keys mentioned ({00F442C2-5C9E-4ae5-AF7D-FB4E0350C2E3} for example) belong to ActiveSkin. There are references to 'actskn43.ocx' in those registry entries.

ActiveSkin is what makes programs 'look pretty', including our own 'OnAir HDTV Program'. (There are other programs out there that use ActiveSkin to make their programs look nice.)

To my knowledge, there is no trojan in the ActiveSkin file.

I have reported the False Positive at the Vendor reporting page. If there is any additional information that I can provide, let me know.

- Ryan Pertusio

AutumnWave Technical Support
OnAir Solution North America
http://www.autumnwave.com/

This should be resolved in tommorrows update :) Please let me know if you are still having problems with this.

Thanks for the quick fix!
- Ryan

i've had the same FP even with the new version
http://www.screencast.com/t/4i5Qh7t0

Hi All,

This will be resolved in todays update :D

Just did a Custom Scan and the FP raised its ugly head again.

...screamer

Screamer - Could you provide me with your DB version? and I'll check this up.

Hey Guys,
Just updated to .259 and SD found a similar Trojan on my system, hopefully a false positive:
Trojan-PWS.Delf.EJ
I Googled it and found this thread on MajorGeeks:

http://forums.majorgeeks.com/showthread.php?t=134644

Could you guys check that you currently have DB 5.07950. As this issue is resolved with this DB version. If you do not have this version, please run a Smart Update. If you are still continuing to receive problems with this, please reply to this thread and I'll investigate this further.

Anthony: DB Version 5.07960

...screamer

edit: BTW: I quarantined the FP w/ no ill effects -so far

Well I'm currently using DB 5.07950, but I'm not sure if that was the data base used during the initial scan after the installation.
I've also quarantined the FP and all seems to be well. :)

Thanks for getting back :)

We'll need to investigate this further.

I'm using DB 5.08220e and had the same problem.

Seems like your on the older version of SD and an older db version.

For new version check http://www.pctools.com/forum/showthread.php?t=49050.

For latest database version check http://www.pctools.com/forum/showthread.php?t=49000

If SD still detects these FP's, probably a good idea to attach the screenshot of the actual file being detected so PCT can look into this.

c_edge

I have had a few FP's over the last few months. The most recent happened after upgrading to the 5.1.0.268 version. It identified a file called "autorun.ini" as a worm that would download a keylogger onto my system. On inspection, the file had been created when the computer was bought and had references to the computer manufacturer all through it. It was a 710 byte file that contained only text. Just to be sure, I sent a copy to VirusTotal for processing and got zero positives. I don't quite know how this particular file triggered the identification, but I guess that it is only to be expected that you will get some FP's when you have such a high rate of malware identification. The moral of the story is: don't be in a hurry to delete files ID'd as malware. I don't quite know what would have happened if the .ini file was removed - something would probably have been broken. This FP is only the latest of 6 that I have had, but I frequently try different software, so that may be unusually high. Now that SD is a well-known leader in the field, more vendors are working to assure compatibility, so the FP's will likely be fewer as time goes on.