View Full Version : Trojan.Generic FP or Real?
Jarava
09-02-2009, 05:51 PM
I just ran a full scan and it found this.
http://img142.imageshack.us/img142/5538/spywaredoctor92092.png
I just wanted to check an see if it was real or a FP. I already told spyware doctor to remove them.
GoneToPlaid
09-02-2009, 08:12 PM
I am getting the exact same thing on my computer too.
haapy
09-02-2009, 08:19 PM
I hope you quarantined them rather than deleted them in case it is a false positive. Always a good practice to quarantine rather than delete.
i happened to run a full scan on one computer and an intelli-scan (quick scan) on another computer earlier today (.447) and it picked up nothing.
So if it's a FP, those files aren't on these two computers of ours. Could be real.
Like haapy said, always quarantine.
toaster045
09-02-2009, 09:56 PM
Funny same here with SDwAV 6.5.0.460 although in fairness i had disabled SDwAV to go online gaming but then turned it on ran a quick scan and bingo there they were.
snorlax
09-02-2009, 10:18 PM
Exact same here.
6.1.0.447
After scan with SD, but before quarantining in SD, I did a scan with Malwarebytes that came up clean.
lucid
09-03-2009, 01:24 AM
I have the latest SD+AV and very latest updates and picked up something similar to this too. as well as another file which is a FP also.
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\Interface\{248 DD892-BB45-11CF-9ABC-0080C7E7B78D}\ProxyStubClsid, (Default)
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\Interface\{248 DD892-BB45-11CF-9ABC-0080C7E7B78D}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\Interface\{248 DD892-BB45-11CF-9ABC-0080C7E7B78D}\ProxyStubClsid32, (Default)
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\Interface\{248 DD892-BB45-11CF-9ABC-0080C7E7B78D}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\Interface\{248 DD892-BB45-11CF-9ABC-0080C7E7B78D}\TypeLib, (Default)
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\Interface\{248 DD892-BB45-11CF-9ABC-0080C7E7B78D}\TypeLib, Version
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\Interface\{248 DD892-BB45-11CF-9ABC-0080C7E7B78D}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\Interface\{248 DD892-BB45-11CF-9ABC-0080C7E7B78D}
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TypeLib\{248DD 890-BB45-11CF-9ABC-0080C7E7B78D}\1.0, (Default)
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TypeLib\{248DD 890-BB45-11CF-9ABC-0080C7E7B78D}\1.0\0\win32, (Default)
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TypeLib\{248DD 890-BB45-11CF-9ABC-0080C7E7B78D}\1.0\0\win32
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TypeLib\{248DD 890-BB45-11CF-9ABC-0080C7E7B78D}\1.0\0
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TypeLib\{248DD 890-BB45-11CF-9ABC-0080C7E7B78D}\1.0\FLAGS, (Default)
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TypeLib\{248DD 890-BB45-11CF-9ABC-0080C7E7B78D}\1.0\FLAGS
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TypeLib\{248DD 890-BB45-11CF-9ABC-0080C7E7B78D}\1.0\HELPDIR, (Default)
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TypeLib\{248DD 890-BB45-11CF-9ABC-0080C7E7B78D}\1.0\HELPDIR
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TypeLib\{248DD 890-BB45-11CF-9ABC-0080C7E7B78D}\1.0
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TypeLib\{248DD 890-BB45-11CF-9ABC-0080C7E7B78D}
Jarava
09-03-2009, 01:39 AM
I hope you quarantined them rather than deleted them in case it is a false positive. Always a good practice to quarantine rather than delete.
I have the "Quarantine infections before removal" always checked in the scan settings just to be safe.
-I'm glad I posted about it here, I feel better knowing I'm not the only one an it could be a FP.
AChen
09-03-2009, 01:58 AM
Hi All,
This is currently with the MRC team, and will provide an udpate shortly.
AChen
09-03-2009, 03:34 AM
Thanks for all the info.
This will be addressed in the next Smart update :)
snorlax
09-03-2009, 04:40 AM
Thanks for all the info.
This will be addressed in the next Smart update :)
So if we have quarantined these items, we can/should put them back NOW?
Can you shed some light as to what the entries are?
Thanx!
AChen
09-03-2009, 05:35 AM
So if we have quarantined these items, we can/should put them back NOW?
Can you shed some light as to what the entries are?
Thanx!
You can restore these files. Once the fix is available from the update, a scan shouldn't detect these files again.
The keys are related to a classid that a malware/threat which is usually a browser helper or adware (dll) uses for proper installation.
snorlax
09-05-2009, 09:36 PM
You can restore these files. Once the fix is available from the update, a scan shouldn't detect these files again.
The keys are related to a classid that a malware/threat which is usually a browser helper or adware (dll) uses for proper installation.
Hi...this appears to be back.
6.1.0.447, latest database.
AChen
09-07-2009, 01:14 AM
Hi...this appears to be back.
6.1.0.447, latest database.
What DB are you currently on? I tried testing this with DB v6.13200 but could not recreate the problem.
snorlax
09-07-2009, 10:11 PM
What DB are you currently on? I tried testing this with DB v6.13200 but could not recreate the problem.
Well, I guess the False Positive is on ME this time...sorry. :o
All's well as of DB 6.13210. Thanks for your prompt attention!
Jim W.
vecchio
09-09-2009, 12:12 AM
This problem seems to resolved with the update
Powered by vBulletin™ Version 4.1.0 Copyright © 2012 vBulletin Solutions, Inc. All rights reserved.