Announcement

Collapse
No announcement yet.

How to report False Positive to us?

Collapse
This topic is closed.
X
This is a sticky topic.
X
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • KIT.AreoRemAdmin - false positive

    IObit Security 360

    OS:Windows XP
    Versione:0.4.0.20
    Versione database:1142
    Tempo trascorso:28/08/2009 3.19.09
    Oggetti analizzati:72832
    Minacce rilevate:17

    | Nome | Tipo |Descrizione|ID|
    KIT.AreoRemAdmin, File, C:\sysexplorer\SystemExplorer.exe, 12-91
    KIT.AreoRemAdmin, File, C:\AXP\utility\USB_Disk_Eject.exe, 12-91
    KIT.AreoRemAdmin, File, C:\System Volume

    Information\_restore{F0F11E82-C5DD-4281-9020-FFB9FC7147C7}\RP698\A0163120.exe, 12-91
    KIT.AreoRemAdmin, File, C:\System Volume

    Information\_restore{F0F11E82-C5DD-4281-9020-FFB9FC7147C7}\RP698\A0163121.exe, 12-91
    KIT.AreoRemAdmin, File, C:\System Volume

    Information\_restore{F0F11E82-C5DD-4281-9020-FFB9FC7147C7}\RP698\A0163129.exe, 12-91
    KIT.AreoRemAdmin, File, C:\System Volume

    Information\_restore{F0F11E82-C5DD-4281-9020-FFB9FC7147C7}\RP699\A0163133.exe, 12-91
    KIT.AreoRemAdmin, File, C:\System Volume

    Information\_restore{F0F11E82-C5DD-4281-9020-FFB9FC7147C7}\RP699\A0163134.exe, 12-91
    KIT.AreoRemAdmin, File, C:\System Volume

    Information\_restore{F0F11E82-C5DD-4281-9020-FFB9FC7147C7}\RP715\A0168390.exe, 12-91
    KIT.AreoRemAdmin, File, C:\System Volume

    Information\_restore{F0F11E82-C5DD-4281-9020-FFB9FC7147C7}\RP715\A0168391.exe, 12-91
    KIT.AreoRemAdmin, File, C:\System Volume

    Information\_restore{F0F11E82-C5DD-4281-9020-FFB9FC7147C7}\RP715\A0168393.exe, 12-91
    KIT.AreoRemAdmin, File, C:\System Volume

    Information\_restore{F0F11E82-C5DD-4281-9020-FFB9FC7147C7}\RP715\A0168395.exe, 12-91
    KIT.AreoRemAdmin, File, C:\System Volume

    Information\_restore{F0F11E82-C5DD-4281-9020-FFB9FC7147C7}\RP715\A0168397.exe, 12-91
    KIT.AreoRemAdmin, File, C:\System Volume

    Information\_restore{F0F11E82-C5DD-4281-9020-FFB9FC7147C7}\RP726\A0191344.exe, 12-91
    KIT.AreoRemAdmin, File, C:\System Volume

    Information\_restore{F0F11E82-C5DD-4281-9020-FFB9FC7147C7}\RP726\A0191351.exe, 12-91
    KIT.AreoRemAdmin, File, C:\System Volume

    Information\_restore{F0F11E82-C5DD-4281-9020-FFB9FC7147C7}\RP726\A0191352.exe, 12-91
    KIT.AreoRemAdmin, File, C:\System Volume

    Information\_restore{F0F11E82-C5DD-4281-9020-FFB9FC7147C7}\RP726\A0191353.exe, 12-91
    KIT.AreoRemAdmin, File, C:\System Volume

    Information\_restore{F0F11E82-C5DD-4281-9020-FFB9FC7147C7}\RP726\A0191354.exe, 12-91

    ---------------

    SystemExplorer is a stand alone TaskManger replacement

    http://systemexplorer.mistergroup.org/

    VirusTotal response CLEAN
    -----------

    Usb Disk Ejector is a trusted stand alone utility, it's a program that allows you to quickly remove USB devices in Windows.

    http://quick.mixnmojo.com/usb-disk-ejector


    VirusTotal response CLEAN

    --------
    Other 15 files in system restore belong to OnLine Armor 3.5 which I used before starting to use Agnitum OutPost 2009.
    Tall Emu OnLine Armor is one of the most awarded and powerfull Personal Firewall

    http://www.tallemu.com/


    VirusTotal Response CLEAN


    Last edited by leofelix; Aug. 28th, 2009, 04:26.

    Comment


    • hi leofelix,
      have been fixed in the new version.
      IObit Support Team--Any ideas or suggestions? Please kindly share with us...Thanx

      Comment


      • Originally posted by itobe View Post
        hi leofelix,
        have been fixed in the new version.
        Hi itobe,
        I noticed it, I updated to new data base version and run a full scan: completely fixed.

        Thank you a lot:-D

        Comment


        • Originally posted by itobe View Post
          hello AlexP,

          first, please upload the file "PccScan.dll" to virustotal to make sure if it is a fp, and we will solve it as soon. much thanks.

          plus, please check out the judgment from WOT which is the wellknown Internet security website: htttp://www.mywot.com/en/scorecard/RegistryFix.com

          if u have further more doubts, everyone on board would help.

          best regards
          Hi Itobe,

          Thanks for your prompt reply.

          I checked the judgement of WOT regarding RegistryFix and I noticed that the 1st page of comments was negative while the 2nd slightly positive! Overall the picture was negative! But we can't rely on ambiguous comments!
          To the contrary in the virustotal.com site RegistryFix is considered a threat from 4 out of the 41 scanners ie a 9.76% threat.
          From my experience this registry cleaner is one of the best I have used it with no apparent harm on my systems and I use it in all 5.
          Unless someone checks this utility via a disassembler or other debuging tool as to it's inner workings most comments will remain assumptions!
          IS360 detected it 69 times and I'm sure will not be the only one! But in my experience it appears to be a false positive.
          Finally I didn't need to check "PccScan.dll" because after the online scanning of the PC with Trend Macro I deleted it together with the .housecall folder which resides in the Administrator's section.
          I'm looking forward to your points of view.
          best regards.

          Comment


          • Oh, I forgot to mention that the Administrator or UserName_atdmt.com is a persistent cookie which
            can be blocked in IE via tools>internet options>privacy>sites (add atdmt.com in the sites list).
            Does anyone know if this cookie is part of the automatic day time M T of the taskbar clock?
            Thanks in advance.
            best regards.

            Comment


            • Hi alexP,

              atdmt is a tracking cookie. Tracking cookies are shared between websites and can be used to watch you as you go from one website to another. Tracking cookies are dangerous cookies because they can be used to create a profile of you by connecting your activities over multiple, in some cases many, websites.

              I don't think that it is anything to do with taskbar clock. As, when blocked, automatic day time function wouldn't work.

              Cheers.
              enoskype

              - Beauty lies in the eye of the beholder and belongs to the man who can appreciate it. -

              Comment


              • Originally posted by AlexP View Post
                To the contrary in the virustotal.com site RegistryFix is considered a threat from 4 out of the 41 scanners ie a 9.76% threat.
                Unless someone checks this utility via a disassembler or other debuging tool as to it's inner workings most comments will remain assumptions!
                IS360 detected it 69 times and I'm sure will not be the only one! But in my experience it appears to be a false positive.
                I'm looking forward to your points of view.
                best regards.

                Hi
                I downloaded RegistryFix and scanned with MalwareBytes' AntiMalware which detected it as rogue, see image please (my system is in italian, but images often speak better than words)





                So, IS 360 detection for RegistryFix as a rogue cannot be considered a false positive

                Cheers
                Last edited by leofelix; Aug. 28th, 2009, 19:41.

                Comment


                • Originally posted by enoskype View Post
                  Hi alexP,

                  atdmt is a tracking cookie. Tracking cookies are shared between websites and can be used to watch you as you go from one website to another. Tracking cookies are dangerous cookies because they can be used to create a profile of you by connecting your activities over multiple, in some cases many, websites.

                  I don't think that it is anything to do with taskbar clock. As, when blocked, automatic day time function wouldn't work.

                  Cheers.
                  Hi enoskype, I agree with you that the atdmt.com cookie is a very clever notion of malware because it is using the initials of words such as date, month, time. If it were to be related with the Notification Area Clock, a cookie wouldn't be necessairy.
                  Thanks for your help, kind regards.

                  Hi
                  I downloaded RegistryFix and scanned with MalwareBytes' AntiMalware which detected it as rogue, see image please (my system is in italian, but images often speak better than words)
                  So, IS 360 detection for RegistryFix as a rogue cannot be considered a false positive
                  Hi Leofelix, I have noted everything you said and I'm using Malwarebytes' Anti-Malware myself, but it has given false positives in several occasions! Having said that, it is a reputable protection utility in its own field.
                  However, I feel that the 9.76% threat rate of RegistryFix given by the 41 scanners in virustotal.com is more reliable.
                  Regards

                  Comment


                  • Originally posted by AlexP View Post
                    Hi Leofelix, I have noted everything you said and I'm using Malwarebytes' Anti-Malware myself, but it has given false positives in several occasions! Having said that, it is a reputable protection utility in its own field.
                    However, I feel that the 9.76% threat rate of RegistryFix given by the 41 scanners in virustotal.com is more reliable.
                    Regards
                    This is not a false positive, please take a look here

                    However even if there are some very good and reputable registry cleaners available for free and you want still use "RegistryFix" you can put its files in IS 360 ignore list

                    Cheers
                    Last edited by leofelix; Aug. 29th, 2009, 01:48.

                    Comment


                    • Originally posted by AlexP View Post
                      Hi Itobe,
                      Thanks for your prompt reply.
                      I checked the judgement of WOT regarding RegistryFix and I noticed that the 1st page of comments was negative while the 2nd slightly positive! Overall the picture was negative! But we can't rely on ambiguous comments!
                      To the contrary in the virustotal.com site RegistryFix is considered a threat from 4 out of the 41 scanners ie a 9.76% threat.
                      From my experience this registry cleaner is one of the best I have used it with no apparent harm on my systems and I use it in all 5.
                      Unless someone checks this utility via a disassembler or other debuging tool as to it's inner workings most comments will remain assumptions!
                      IS360 detected it 69 times and I'm sure will not be the only one! But in my experience it appears to be a false positive.
                      Finally I didn't need to check "PccScan.dll" because after the online scanning of the PC with Trend Macro I deleted it together with the .housecall folder which resides in the Administrator's section.
                      I'm looking forward to your points of view.
                      best regards.
                      Hi, AlexP,

                      Sorry for late reply.

                      It do not hvae apparent harm to your PC.

                      After our test, we found it has some trick behaviors. It checks out a lot null value registry or some thing inconsequential to tell the users: hey, you have so much problems!!! Some users , like you, will pay $$$ for its repairing. This is conventional trick of such misleading or fraudtools.

                      So we define it as PHISH.FraudTool.

                      By now, RegistryFix is considered a threat from 4 out of the 41 scanners ie a 9.76% threat in the virustotal site, but we believe the percentage will grow not a long time. The "Registry Easy" is the best example.

                      Quote the words of leofelix, "However even if there are some very good and reputable registry cleaners available for free and you want still use "RegistryFix" you can put its files in IS 360 ignore list."It is also my truehearted suggestion.

                      Best regards.
                      Last edited by itobe; Aug. 29th, 2009, 15:19.
                      IObit Support Team--Any ideas or suggestions? Please kindly share with us...Thanx

                      Comment


                      • IObit Security 360

                        OS:Windows XP
                        Version:0.4.0.20
                        Define Version:1146
                        Time Elapsed:08/29/2009 10:48:40 PM
                        Objects Scanned:87834
                        Threats Found:7

                        |Name|Type|Description|ID|
                        Worm.Dropper, File, C:\WINDOWS\system32\WanPacket.dll, 9-100077
                        Backdoor.SpyBouncer, File, C:\WINDOWS\system32\wpcap.dll, 9-78159
                        Worm.Dropper, File, E:\program files\WMR11\WanPacket.dll, 9-100077
                        Trojan.Dldr, File, E:\program files\Moyea\FLV Downloader\SockHook.dll, 12-1035
                        Trojan.Dldr, File, E:\program files\Wondershare\Video to DVD Burner\WS_DVDBurner.dll, 12-1035
                        Trojan.Drop.Agent, File, E:\program files\Kodak\Printer\Center\KodakSvc.exe, 12-551
                        Dropper.Autoit.PM, File, H:\zUSB Sync Folders\TrueCrypt Vol T\MY PROGRAMS\AutoIt v3\Aut2Exe\AutoItSC.bin, 12-1945

                        VirusTotal shows all these as being clean.
                        Dave

                        Comment


                        • KIT.AeroRemAdmin

                          I have also got this as a threat alert when firing up freecommander.exe.

                          Michael

                          Comment


                          • Possible False Positives.

                            I scanned this files with VirusTotal.com,Jotti's malware scan and NoVirusThanks.org and none of the 41 scanners reported any malware.

                            Comment


                            • These must be false

                              Most of these and others are new Microsoft updates. If they are not, please tell me.

                              IObit Security 360

                              OS:Windows XP
                              Version:1.0.0.60
                              Define Version:1168
                              Time Elapsed:00:01:11
                              Objects Scanned:38372
                              Threats Found:8

                              |Name|Type|Description|ID|
                              Trojan.Agent, File, C:\Documents and Settings\bobo\Start Menu\Programs\Startup\ChkDisk.dll, 4-4911
                              Trojan.FakeAlert, File, C:\Documents and Settings\bobo\Start Menu\Programs\Startup\ChkDisk.lnk, 4-4912
                              Trojan.Agent, File, C:\WINDOWS\system32\6to4v32.dll, 4-5323
                              Trojan.FakeAlert, File, C:\WINDOWS\system32\autochk.dll, 4-5738
                              Trojan.Agent, File, C:\WINDOWS\system32\certstore.dat, 4-6367
                              Trojan.Agent, File, C:\WINDOWS\system32\EvdoServer.dll, 4-7944
                              Backdoor.Bot, File, C:\WINDOWS\system32\wiwow64.exe, 4-15529
                              Trojan.Agent, File, C:\Documents and Settings\bobo\protect.dll, 4-17838

                              Comment


                              • I'm not sure

                                I hope this is the right section.

                                When I launched Software Information Windows (portable version) I got the following pop-up from Security360. I have never got this before but I had just updated the Security360 database.

                                Name cpuz132
                                Description New system service
                                Path C:\DOCUME~1\Wozofoz\LOCALS~1\Temp\\cpuz132\cpuz132_x32.sys
                                Process siw.exe
                                I canceled and exited SIW then I ran a Security360 Full Scan and got the following:

                                IObit Security 360

                                OS:Windows XP
                                Version:1.0.0.60
                                Define Version:1171
                                Time Elapsed:00:17:42
                                Objects Scanned:64769
                                Threats Found:1

                                |Name|Type|Description|ID|
                                Hijack.StartMenu, Registry Data, HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced Value=Start_ShowSearch, 6-680
                                I deleted this 'threat'

                                I don't know if there is any relation between the two.
                                Thanks for the help :smile:

                                All the best, woz of oz
                                FORUM USAGE GUIDELINES - Read this first
                                Description of IObit Forum features and requirements - Reading this is compulsory

                                Comment

                                Working...
                                X