hxin
-
Posts
283 -
Joined
Posts posted by hxin
-
-
IObit Security 360
OS:Windows XP
Version:1.5.0.10
Define Version:2412
Time Elapsed:00:23:46
Objects Scanned:60722
Threats Found:2
|Name|Type|Description|ID|
Tracking Cookies - Removed, Cookies, Cookie:warren droms@quantserve.com/, 7-2072
Trojan.Adware, File, C:\ACER\Preload\Autorun\DRV\Intel VGA Chip UMA\LPCO\CHS\igfxres.dll, 12-932
Hi dubyadd
You can upload your file (igfxres.dll) to http://www.wikisend.com and give us the link.
THANKS!
-
IObit Security 360
OS:Windows 7
Version:1.4.5.67
Definir Version:1716
Tiempo Transcurrido:00:02:41
Objetos Analizados:54355
Amenazas Encontradas:1
|Nombre|Tipo|Descripción|ID|
Misleading.Application, File, C:\Users\Public\Desktop\Malware Defender.lnk, 4-1297
I have downloaded Malware Defender from www.360.cn
Malware defender scan at Virustotal
Thx
Hi Sillus
This is a FP, We will solve this issue in our later update definition 1717.
Thanks for your feedback.
-
IObit Security 360
OS:Windows XP
Version:1.4.5.67
Define Version:1707
Time Elapsed:00:00:04
Objects Scanned:27
Threats Found:1
|Name|Type|Description|ID|
Trojan.Agent, File, C:\Program Files\iolo\Common\Lib\Antila.dll, 12-186
Hi Christopher Fisher
This is a FP.
We will solve this issue in our later update definition 1708.
Thank you for your feedback.
-
I tried uploading ss32.dll several times to wikisend and always got 0% progress and then it would error out. I even registered there - no difference.
I did scan that file with FIVE other security programs and it passed each one. Those programs were AVG, Glary, ASC, Malwarebytes and Spybot - all the latest versions. I have no reason to believe ss32.dll is a threat. Seems 360 is wrong on this one.
If you have another place I can upload it too, I will try. Wikisend didn't work for me...
OK, I uploaded to virus tool and there is the report:
File SS32.dll received on 2010.07.20 04:42:39 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/42 (0%)
Additional information
File size: 114688 bytes
MD5...: 44c0e0838c0b2bfb9c4fdd588c569b94
SHA1..: 7eaffa07248682cd4263adceb1f1ebcb0850739f
SHA256: ac452ca1569995e056b3774fa61ff62d265b8ebe409951c55ca57e75977aafca
ssdeep: 1536:NAbi9gE5URSRTy4HsOo95rGybk2nhTERTyo9CV7JGe7LqE2n3bo:diRSZb+
K9+HmEG3bo
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x945a
timedatestamp.....: 0x38baa0af (Mon Feb 28 16:22:07 2000)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x10492 0x11000 6.61 c4fe15eda30aa6c152d6b896f66ae560
.rdata 0x12000 0x5193 0x6000 5.02 901228882a1f3731745e830f142ace31
.data 0x18000 0x344c 0x2000 2.48 c6c45949b6853f888abb419ac99b5ef9
.reloc 0x1c000 0x1980 0x2000 4.60 7d3bdb929346fdad2a13be0510757841
( 1 imports )
> KERNEL32.dll: HeapDestroy, GetCommandLineA, GetVersion, GetProcAddress, GetModuleHandleA, RaiseException, EnterCriticalSection, LeaveCriticalSection, HeapFree, GetLastError, CloseHandle, ReadFile, InitializeCriticalSection, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, DeleteCriticalSection, SetFilePointer, WriteFile, ExitProcess, TerminateProcess, GetCurrentProcess, GetCurrentThreadId, TlsSetValue, TlsAlloc, TlsFree, SetLastError, TlsGetValue, GetModuleFileNameA, FreeEnvironmentStringsA, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStrings, GetEnvironmentStringsW, lstrcpyA, HeapCreate, VirtualFree, InterlockedDecrement, InterlockedIncrement, HeapAlloc, VirtualAlloc, HeapReAlloc, SetStdHandle, FlushFileBuffers, CreateFileA, MultiByteToWideChar, GetStringTypeA, GetStringTypeW, GetCPInfo, GetACP, GetOEMCP, LoadLibraryA, LCMapStringA, LCMapStringW, SetEndOfFile, RtlUnwind
( 31 exports )
_Aberr2@@YGXPAVCSolarSystem@@PAN1@Z, _AtmRefraction@@YGNN@Z, _CalendarToJD@@YGNPAUtagTDATE@@@Z, _ComputeAsteroid@@YGXPAVCSolarSystem@@PAUtagASTEROID_INPUT@@PAUPeriodicInfo@@@Z, _ComputeComet@@YGXPAVCSolarSystem@@PAUtagCOMET_INPUT@@PAUPeriodicInfo@@@Z, _ComputeLSTandJD@@YGXPAUWhenWhere@@PAN1@Z, _ComputeSolarSystem@@YGHPAVCSolarSystem@@PBD@Z, _CreateMinorPlFile@@YGHPAVCSolarSystem@@HPADN1@Z, _DateOfEaster@@YGXHPAUtagTDATE@@@Z, _DayOfWeek@@YGHN@Z, _DayOfYear@@YGHPAUtagTDATE@@@Z, _EqToHorizDegs@@YGXPAVCSolarSystem@@NNPAN1@Z, _EquinoxSolstice@@YGNHH@Z, _GeneralEclipseData@@YGHNPAN000@Z, _HorizToEqDegs@@YGXPAVCSolarSystem@@NNPAN1@Z, _IsDST@@YGHPAUtagTDATE@@D@Z, _JDToCalendar@@YGXNPAUtagTDATE@@D@Z, _MinorPlInputToPerInfo@@YGXPAVCSolarSystem@@PAUtagASTEROID_INPUT@@PAUPeriodicInfo@@@Z, _MoonPhase@@YGNJH@Z, _NextLunarEclipse@@YGNNHPAN00PAH@Z, _NextSolarEclipse@@YGNNPANPAH@Z, _Nutation2@@YGXNNNPAN0@Z, _Nutation@@YGXNNNPAN0@Z, _Precess@@YGXHNNPAN0@Z, _PrecessFK4@@YGXNNPAN0@Z, _PrecessFK5@@YGXNNPAN0@Z, _RiseSet@@YGXNNNNNNNNNNNPAN00PAH@Z, _SiderealTime0@@YGNN@Z, _SiderealTime@@YGNN@Z, _StaticRiseSet@@YGXPAVCSolarSystem@@NNPAN11PAH@Z, _ssGetDllVersion@@YGHXZ
RDS...: NSRL Reference Data Set
-
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
trid..: Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
pdfid.: -
Hi johnalan
OK, it's a false positive.
We will solve this issue in our later update definition 1700.
PS: http://www.2shared.com can upload files.
cheers!
-
IObit Security 360
OS:Windows XP
Version:1.4.5.67
Define Version:1642
Time Elapsed:01:14:24
Objects Scanned:120822
Threats Found:1
|Name|Type|Description|ID|
Trojan.Win32/BHO, File, C:\Program Files\Common Files\System\SS32.dll, 4-752
I am going to scan with 2 or 3 other programs I used to see if any of them show this as a trojan. It was installed by a commercial astronomy program that I got on CD, Cellestron's "The Sky". Everytime I let 360 remove it the program ceases to function and I have to reinstall it. I will update this post later tonight with results of other testing.
Thanks!!!
Hi johnalan
You can upload to http://www.wikisend.com and give us the link or send us your suspicious file (SS32.dll), and then we can further investigate it. At the same time, you can upload your suspicious file to http://www.virustotal.com for analyzing, and post your analysis report.
We are looking forward to your reply.
-
IObit Security 360
OS:Windows 7
Version:1.4.1.11
Define Version:1607
Time Elapsed:00:02:01
Objects Scanned:45399
Threats Found:2
|Name|Type|Description|ID|
Unwanted.Smart_PC, Registry Key, HKEY_CURRENT_USER\Software\Smart PC Solutions, 4-22226
----
Company: http://www.smartpctools.com/en/index.html
----
Hi PAlanis
This is a FP. Sorry for the trouble we have caused to you.
We will solve this issue in our later update definition 1610.
Thanks for your support.
-
IObit Security 360
OS:Windows 7
Version:1.4.1.11
Define Version:1602
Time Elapsed:00:02:54
Objects Scanned:47848
Threats Found:6
|Name|Type|Description|ID|
Tracking Cookies, Cookies, Cookie:yuniverse@atdmt.com/, 7-1541
Backdoor.Frauder, File, C:\Windows\system32\svchost.exe, 4-12487
This happens on all my computers with 360 installed (Windows 7, XP)
Hi yuniverse
This is a FP.We will solve the question in our later update definition 1603.
Thanks for your feeedback!
-
false positive report:
IObit Security 360
OS:Windows 7
Version:1.4.1.11
Define Version:1514
Time Elapsed:00:10:00
Objects Scanned:64304
Threats Found:2
|Name|Type|Description|ID|
Tracking Cookies, Cookies, Cookie:barb@atdmt.com/, 7-1541
Trojan.Agent, File, C:\Program Files (x86)\Microsoft Money\System\dw15.exe, 11-11669
The microsoft money file is a false positive as it's part of the program & is NOT a virus. Also scanned it with other antivirus programs to be doubley sure!
Barb
Hi BJHALLGRAV
Thanks for your feedback.
You can send us your suspicious file(dw15.exe) or upload to www.wikisend.com and give us the link . Then we can further investigate it. At the same time, you can upload your suspicious file to http://www.virustotal.com for analyzing, and post your analysis report.
We are looking forward to your reply.
-
Hi hxin,
I think the 12-856 is also a FP, see my scan report attached, and the VirusTotal link below.
--------------------------------------
IObit Security 360
OS:Windows XP
Version:1.4.1.11
Define Version:1500
Time Elapsed:00:07:53
Objects Scanned:61259
Threats Found:10
|Name|Type|Description|ID|
Tracking Cookies, Cookies, Cookie:samtso@netpass.netvigator.com/, 7-59
Tracking Cookies, Cookies, Cookie:samtso@imspmbc05.netvigator.com/, 7-59
Tracking Cookies, Cookies, Cookie:samtso@netvigator.com/, 7-59
Trojan.Agent, File, C:\WINDOWS\$NtServicePackUninstall$\mydocs.dll, 12-856
Trojan.Agent, File, C:\WINDOWS\system32\msvcrt.dll, 12-1163
Trojan.Agent, File, C:\WINDOWS\system32\mydocs.dll, 12-856
Trojan.Agent, File, C:\WINDOWS\ServicePackFiles\i386\msvcrt.dll, 12-1163
Trojan.Agent, File, C:\WINDOWS\ServicePackFiles\i386\mydocs.dll, 12-856
Trojan.Agent, File, C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll, 12-1163
Trojan.Agent, File, C:\Program Files\IObit\Advanced SystemCare 3\Backup\Drivers\Canon MP780\msvcrt.dll, 12-1163
----------------------------------------------------------------------
By the way, those cookies in the scan report are service that I use, will you remove them from the threat list? or I have to move them to ignore list?
Thank you for your kindly help.
samtso
Hi samtso
The files(msvcrt.dll, mydocs.dll ) is a FP and we have solved this issue in our definition 1501.
Some cookies and entry problems will be generated as soon as be cleaned, The ASC could clean them but should not prevent them from re-generating. So the ASC will not automatically block them.
-
Hello friends
The msvcrt.dll is a FP, We will solve the issue in our later update definition 1501.
Thanks for your feedback.
cheers.
-
IObit Security 360
OS:Windows Vista
Version:1.4.1.11
Define Version:1425
Time Elapsed:00:22:01
Objects Scanned:71708
Threats Found:1
|Name|Type|Description|ID|
Trojan.Generic, File, C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\InquisitorCoreDll.dll, 12-3467
Hi JayTeske
Can you send the file (InquisitorCoreDll.dll ) to here or upload to http://www.wikisend.com and give me the link . Then we can investigate it. At the same time, you can upload your suspicious file to http://www.virustotal.com for analyzing, and post your analysis report.
We are looking forward to your reply.
-
Hi Enoskype,
Actually, This is just our speculation.:wink:
Jim North scanned right when we updated our defenitions version so the data was still definitions version 1421. However, before he finish the scan, his program updated to 1423. So the report read 1423. This happened once before.
http://forums.iobit.com/showthread.php?t=2884&page=24
We updated defintions version twice: 1422 and 1423 yesteday because there was an another false positive in definitions version 1422.
-
The report copied below isn't formatted like the one shown in the software, but that's how it came out after saving. (And I have no idea why the smilies shown in the post preview are there.)
[beginSample]
unhandled(line:1):{***************************************************************************}
unhandled(line:1):unknown {***************************************************************************}
unhandled(line:2):{ }
unhandled(line:3):{ <b>Syntax: C:-Documents and Settings-Jim-Desktop-IObit Secur </b>}
unhandled(line:4):{ <b>Version: 0.0 </b>}
unhandled(line:5):{ <b>Date: 10.05.2010 </b>}
unhandled(line:6):{ <b>Author: n.n. from Ultraedit - see example for success </b>}
unhandled(line:7):{ }
unhandled(line:8):{ <b>source file: IObit Security 360 Report.log </b>}
unhandled(line:9):{ <b>filter: ultraedit2rjedit-awk.txt </b>}
unhandled(line:10):{ <b>filter version: $Revision: 1.23 $/$Date: 2006/08/15 20:05:10 $ </b>}
unhandled(line:11):{ }
unhandled(line:12):{ }
unhandled(line:13):{***************************************************************************}
unhandled(line:15):;------------------------------------------------------------------------------
unhandled(line:16):;IObit Security 360 Report.log:1:IObit Security 360
unhandled(line:17):[Options]
unhandled(line:19): CaseSensitive = "Yes"
unhandled(line:21):[beginSample]
unhandled(line:23):unhandled(line:1):Security 360
unhandled(line:24):unhandled(line:1):unknown Security 360
unhandled(line:25):unhandled(line:3):OS:Windows XP
unhandled(line:26):unhandled(line:4):Version:1.4.1.11
unhandled(line:27):unhandled(line:5):Define Version:1423
unhandled(line:28):unhandled(line:6):Time Elapsed:00:08:36
unhandled(line:29):unhandled(line:7):Objects Scanned:58331
unhandled(line:30):unhandled(line:8):Threats Found:1
unhandled(line:31):unhandled(line:10):-|Name|Type|Description|ID|
unhandled(line:32):unhandled(line:11):Trojan.Generic, File, C:\Program Files\OpenOffice.org 3\program\nsldap32v50.dll, 12-2454
unhandled(line:34):[EndSample]
[EndSample]
C:\Program Files\OpenOffice.org 3\program\nsldap32v50.dll was scanned online at http://virusscan.jotti.org and http://www.virustotal.com, and came out clean in both scans.
Hi Jim North
Maybe you scan just when we update our definitions version. As your data is still definitions version 1421. Please exit your running program and scan again to see whether you still have this issue.
-
IObit Security 360
OS:Windows XP
Version:1.4.1.11
Define Version:1420
Time Elapsed:01:25:22
Objects Scanned:126647
Threats Found:1
|Name|Type|Description|ID|
Trojan.Generic, File, C:\Program Files\AVG\AVG8\avgchk.exe, 12-2075
Hi onyxhawke
Thank you for your feedback!
Can you upload the file (avgchk.exe) to www.wikisend.com and give me the link, then we can further investigate it.
We are looking forward to your reply.
-
Obit Security 360
OS:Windows 7
Version:1.4.1.11
Define Version:1421
Time Elapsed:00:11:19
Objects Scanned:72225
Threats Found:5
|Name|Type|Description|ID|
Tracking Cookies - Removed, Cookies, http://feeds.wired.com/wired/index, 7-2232
Tracking Cookies - Removed, Cookies, Cookie:max c roberts@go.com/, 7-1853
Tracking Cookies - Removed, Cookies, Cookie:max c roberts@atdmt.com/, 7-1543
Tracking Cookies - Removed, Cookies, Cookie:max c roberts@m.webtrends.com/, 7-2222
Trojan.Generic, File, C:\Program Files (x86)\Microsoft Sync Framework\v1.0\Runtime\x86\Msfdb.dll, 12-2454
Hi Max Roberts
This is a FP.
We will solve the Msfdb.dll in our later update definition 1422.
Thanks for your support.
-
Hello sooners2win
cbva.dll is FP. We will soved this question at v1414.
Thank you !
-
IObit Security 360
OS: Windows 7 Home Premium 64-Bit [x86]
Version: 1.4.1.11
Define Version: 1407
Time Elapsed: 00:12:01
Objects Scanned: 66813
Threats Found: 2
|Name|Type|Description|ID|
Trojan.BuzusAovd, File, C:\Windows\winsxs\amd64_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.1.7600.16385_none_5e6da7259d4ac682\icfupgd.dll, 12-241
Trojan.BuzusAovd, File, C:\Windows\winsxs\amd64_networking-mpssvc-svc_31bf3856ad364e35_6.1.7600.16385_none_f6092d1fe18dc440\icfupgd.dll, 12-241
Every time I scan with IObit's full scan it omes up with these. Something makes me doubt that the virus continually comes back. Using Norton coupled with Malwarebytes' Anti-Malware and CCleaner I am almost positive that I DO NOT have these viruses, and it seems to convenient that they are re-appearing.
Hello cascading-style
PLS update to 1408. We have saved this question.
Thank you!
-
Uploading them to virus total isn't going to help anything. I know they are legitimate files. I'm just reporting the false positive in case anyone elese runs into the same thing. Plus I'm letting iobit know just for the sake of updating your definitions.
Here ya go anyway though,
Happy Trails
Hi kins
Thanks for your feedback.
PLS update to 1403,Then scan again.If have some question,give me the report and send the egui.exe and EKRN.exe zipped file to http://www.wikisend.com. We can further investigate it.
We are looking forward to your reply.
-
OS:Windows XP
Version:1.4.1.11
Define Version:1400
Time Elapsed:00:17:17
Objects Scanned:58826
Threats Found:1
|Name|Type|Description|ID|
Downloader.Agent, File, C:\Program Files\Free Audio Pack\FreeConverter\ControlActiveX.ocx, 11-4057
Hi nickwins
Thanks for your feedback.
You can upload to http://www.wikisend.com or send us your suspicious file, and then we can further investigate it. At the same time, you can upload your suspicious file to http://www.virustotal.com for analyzing, and post your analysis report.
We are looking forward to your reply.
-
:-(IObit Security 360
OS:Windows Vista
Version:1.4.1.11
Define Version:1330
Time Elapsed:00:24:20
Objects Scanned:66560
Threats Found:3
|Name|Type|Description|ID|
Trojan.Agent, File, C:\Windows\System32\en-US\dxdiag.exe.mui, 12-912
Trojan.Agent, File, C:\Windows\winsxs\x86_microsoft-windows-d..iagnostic.resources_31bf3856ad364e35_6.0.6000.16386_en-us_7fcc66e2e30155a5\dxdiag.exe.mui, 12-912
Trojan.Agent, File, C:\Windows\winsxs\x86_prnhp001.inf_31bf3856ad364e35_6.0.6001.18000_none_d2d06b9620b04c9a\I386\HPBMIAPI.DLL, 12-912
if ANYONE GOT SOLUTION PLEASE GIVE ME A REPLY BY ADDING ME OR SEND ME AN EMAIL [LAWREN91@HOTMAIL.COM] WINDOWS LIVE MESSENGER
Hello lawren
Sorry for the trouble we have caused to you.
We will solve this issue in our later update definition 1331.
Thanks for your support.
-
-----------------------------------------------------------------------------------
I have downloaded Sophos Anti-Rootkit (Free rootkit detection and removal tool) from:
http://www.sophos.com/products/free-tools/sophos-anti-rootkit.html
-----------------------------------------------------------------------------------
IObit Security 360
OS:Windows Vista
Version:1.4.0.11
Define Version:1328
Time Elapsed:00:00:01
Objects Scanned:1
Threats Found:1
|Name|Type|Description|ID|
Trojan.Dropper, File, C:\Downloads\Software\sar_15_sfx.exe, 12-1144
-----------------------------------------------------------------------------------
?????
Dear Process Hacker
After investigation, we have assured that it's a false positive. Sorry for the trouble we have caused to you.
We will solve this issue in our later update definition 1329.
Thanks for your support.
-
Hello,
in my opinion, Security360 reported a false positive.
Here's the report:
"IObit Security 360
OS:Windows XP
Versione:1.4.0.11
Versione database:1320
Tempo trascorso:00:03:05
Oggetti analizzati:47140
Minacce rilevate:1
| Nome | Tipo |Descrizione|ID|
Trojan.Agent, File, C:\WINDOWS\system32\scarddlg.dll, 12-1046"
No other antivirus or antimalware treats this file as infected.
Dear Icaro0952
Thanks for your feedback
You can upload or send us your your suspicious file,and then we can further investigate it.
We are looking forward to your reply.
_________________
Iobit Support Team
How to report False Positive to us?
in False Positive Reports by IObit Products
Posted
hi Valuater
fter investigation, we have assured that it's a false positive. Sorry for the trouble we have caused to you.
We will solve this issue in our later update definition 1051.
Thanks!!!