Jump to content
IObit Forum
Top Free Driver Updater Tools Best 25 PC Optimization Software Best 22 Antimalware Best 22 Uninstaller Software IObit Coupons & Discount Offers PC Optimizer

How to report False Positive to us?


Recommended Posts

My False Positive reports

 

IObit Security 360

 

OS:Windows 7

Version:0.4.0.20

Define Version:1142

Time Elapsed:8/28/2009 12:57:27 AM

Objects Scanned:55231

Threats Found:1

 

|Name|Type|Description|ID|

Tracking Cookies - Removed, Cookies, Cookie:johan@atdmt.com/, 7-1545

 

..tyvm :wink:

Link to comment
Share on other sites

IObit Security 360

 

OS:Windows XP

Version:0.4.0.20

Define Version:1142

Time Elapsed:8/28/2009 2:36:11 AM

Objects Scanned:65549

Threats Found:5

 

|Name|Type|Description|ID|

Spyware.OnlineGames, File, D:\G - Unot\Programs\Trainers\TRAINER.EXE, 11-78

Spyware.OnlineGames, File, D:\Movies\PROGRAMS\TRAINERS\TRAINER.EXE, 11-78

Trojan.Backdoor, File, D:\G - Unot\Programs\Reflexive\02_ALL_R\FFF_REFL.EXE, 9-36099

Trojan.Backdoor - Quarantined, File, D:\Movies\PROGRAMS\REFLEXIV\02_ALL_R\FFF_REFL.EXE, 9-36099

Trojan.Dldr, File, D:\Program Files\Garena\plugins\Game\WC3VC.dll, 12-914

Link to comment
Share on other sites

IObit Security 360

|Name|Type|Description|ID|

Spyware.OnlineGames, File, D:\G - Unot\Programs\Trainers\TRAINER.EXE, 11-78

Spyware.OnlineGames, File, D:\Movies\PROGRAMS\TRAINERS\TRAINER.EXE, 11-78

Trojan.Backdoor, File, D:\G - Unot\Programs\Reflexive\02_ALL_R\FFF_REFL.EXE, 9-36099

Trojan.Backdoor - Quarantined, File, D:\Movies\PROGRAMS\REFLEXIV\02_ALL_R\FFF_REFL.EXE, 9-36099

Trojan.Dldr, File, D:\Program Files\Garena\plugins\Game\WC3VC.dll, 12-914

 

hi westside_game,

Sorry, the False Positives troubled you.

however, please send the suspicious files to virustotal to make sure they do are false positives. (also you could PM to me)

thanks a lot.

best regards

Link to comment
Share on other sites

KIT.AreoRemAdmin - false positive

 

IObit Security 360

 

OS:Windows XP

Versione:0.4.0.20

Versione database:1142

Tempo trascorso:28/08/2009 3.19.09

Oggetti analizzati:72832

Minacce rilevate:17

 

| Nome | Tipo |Descrizione|ID|

KIT.AreoRemAdmin, File, C:\sysexplorer\SystemExplorer.exe, 12-91

KIT.AreoRemAdmin, File, C:\AXP\utility\USB_Disk_Eject.exe, 12-91

KIT.AreoRemAdmin, File, C:\System Volume

 

Information\_restore{F0F11E82-C5DD-4281-9020-FFB9FC7147C7}\RP698\A0163120.exe, 12-91

KIT.AreoRemAdmin, File, C:\System Volume

 

Information\_restore{F0F11E82-C5DD-4281-9020-FFB9FC7147C7}\RP698\A0163121.exe, 12-91

KIT.AreoRemAdmin, File, C:\System Volume

 

Information\_restore{F0F11E82-C5DD-4281-9020-FFB9FC7147C7}\RP698\A0163129.exe, 12-91

KIT.AreoRemAdmin, File, C:\System Volume

 

Information\_restore{F0F11E82-C5DD-4281-9020-FFB9FC7147C7}\RP699\A0163133.exe, 12-91

KIT.AreoRemAdmin, File, C:\System Volume

 

Information\_restore{F0F11E82-C5DD-4281-9020-FFB9FC7147C7}\RP699\A0163134.exe, 12-91

KIT.AreoRemAdmin, File, C:\System Volume

 

Information\_restore{F0F11E82-C5DD-4281-9020-FFB9FC7147C7}\RP715\A0168390.exe, 12-91

KIT.AreoRemAdmin, File, C:\System Volume

 

Information\_restore{F0F11E82-C5DD-4281-9020-FFB9FC7147C7}\RP715\A0168391.exe, 12-91

KIT.AreoRemAdmin, File, C:\System Volume

 

Information\_restore{F0F11E82-C5DD-4281-9020-FFB9FC7147C7}\RP715\A0168393.exe, 12-91

KIT.AreoRemAdmin, File, C:\System Volume

 

Information\_restore{F0F11E82-C5DD-4281-9020-FFB9FC7147C7}\RP715\A0168395.exe, 12-91

KIT.AreoRemAdmin, File, C:\System Volume

 

Information\_restore{F0F11E82-C5DD-4281-9020-FFB9FC7147C7}\RP715\A0168397.exe, 12-91

KIT.AreoRemAdmin, File, C:\System Volume

 

Information\_restore{F0F11E82-C5DD-4281-9020-FFB9FC7147C7}\RP726\A0191344.exe, 12-91

KIT.AreoRemAdmin, File, C:\System Volume

 

Information\_restore{F0F11E82-C5DD-4281-9020-FFB9FC7147C7}\RP726\A0191351.exe, 12-91

KIT.AreoRemAdmin, File, C:\System Volume

 

Information\_restore{F0F11E82-C5DD-4281-9020-FFB9FC7147C7}\RP726\A0191352.exe, 12-91

KIT.AreoRemAdmin, File, C:\System Volume

 

Information\_restore{F0F11E82-C5DD-4281-9020-FFB9FC7147C7}\RP726\A0191353.exe, 12-91

KIT.AreoRemAdmin, File, C:\System Volume

 

Information\_restore{F0F11E82-C5DD-4281-9020-FFB9FC7147C7}\RP726\A0191354.exe, 12-91

---------------

 

SystemExplorer is a stand alone TaskManger replacement

 

http://systemexplorer.mistergroup.org/

 

VirusTotal response CLEAN

-----------

 

Usb Disk Ejector is a trusted stand alone utility, it's a program that allows you to quickly remove USB devices in Windows.

 

http://quick.mixnmojo.com/usb-disk-ejector

 

VirusTotal response CLEAN

--------

Other 15 files in system restore belong to OnLine Armor 3.5 which I used before starting to use Agnitum OutPost 2009.

Tall Emu OnLine Armor is one of the most awarded and powerfull Personal Firewall

 

http://www.tallemu.com/

 

 

VirusTotal Response CLEAN

 

 

http://img156.imageshack.us/img156/1048/oafp.jpg

Link to comment
Share on other sites

hello AlexP,

 

first, please upload the file "PccScan.dll" to virustotal to make sure if it is a fp, and we will solve it as soon. much thanks.

 

plus, please check out the judgment from WOT which is the wellknown Internet security website: htttp://www.mywot.com/en/scorecard/RegistryFix.com

 

if u have further more doubts, everyone on board would help.

 

best regards

 

Hi Itobe,

 

Thanks for your prompt reply.

 

I checked the judgement of WOT regarding RegistryFix and I noticed that the 1st page of comments was negative while the 2nd slightly positive! Overall the picture was negative! But we can't rely on ambiguous comments!

To the contrary in the virustotal.com site RegistryFix is considered a threat from 4 out of the 41 scanners ie a 9.76% threat.

From my experience this registry cleaner is one of the best I have used it with no apparent harm on my systems and I use it in all 5.

Unless someone checks this utility via a disassembler or other debuging tool as to it's inner workings most comments will remain assumptions!

IS360 detected it 69 times and I'm sure will not be the only one! But in my experience it appears to be a false positive.

Finally I didn't need to check "PccScan.dll" because after the online scanning of the PC with Trend Macro I deleted it together with the .housecall folder which resides in the Administrator's section.

I'm looking forward to your points of view.

best regards.

Link to comment
Share on other sites

Oh, I forgot to mention that the Administrator or UserName_atdmt.com is a persistent cookie which

can be blocked in IE via tools>internet options>privacy>sites (add atdmt.com in the sites list).

Does anyone know if this cookie is part of the automatic day time M T of the taskbar clock?

Thanks in advance.

best regards.

Link to comment
Share on other sites

Hi alexP,

 

atdmt is a tracking cookie. Tracking cookies are shared between websites and can be used to watch you as you go from one website to another. Tracking cookies are dangerous cookies because they can be used to create a profile of you by connecting your activities over multiple, in some cases many, websites.

 

I don't think that it is anything to do with taskbar clock. As, when blocked, automatic day time function wouldn't work.

 

Cheers.

Link to comment
Share on other sites

To the contrary in the virustotal.com site RegistryFix is considered a threat from 4 out of the 41 scanners ie a 9.76% threat.

Unless someone checks this utility via a disassembler or other debuging tool as to it's inner workings most comments will remain assumptions!

IS360 detected it 69 times and I'm sure will not be the only one! But in my experience it appears to be a false positive.

I'm looking forward to your points of view.

best regards.

 

 

Hi

I downloaded RegistryFix and scanned with MalwareBytes' AntiMalware which detected it as rogue, see image please (my system is in italian, but images often speak better than words)

 

 

http://img190.imageshack.us/img190/354/registryfix.jpg

 

 

So, IS 360 detection for RegistryFix as a rogue cannot be considered a false positive

 

Cheers

Link to comment
Share on other sites

Hi alexP,

 

atdmt is a tracking cookie. Tracking cookies are shared between websites and can be used to watch you as you go from one website to another. Tracking cookies are dangerous cookies because they can be used to create a profile of you by connecting your activities over multiple, in some cases many, websites.

 

I don't think that it is anything to do with taskbar clock. As, when blocked, automatic day time function wouldn't work.

 

Cheers.

 

Hi enoskype, I agree with you that the atdmt.com cookie is a very clever notion of malware because it is using the initials of words such as date, month, time. If it were to be related with the Notification Area Clock, a cookie wouldn't be necessairy.

Thanks for your help, kind regards.

 

Hi

I downloaded RegistryFix and scanned with MalwareBytes' AntiMalware which detected it as rogue, see image please (my system is in italian, but images often speak better than words)

So, IS 360 detection for RegistryFix as a rogue cannot be considered a false positive

 

Hi Leofelix, I have noted everything you said and I'm using Malwarebytes' Anti-Malware myself, but it has given false positives in several occasions! Having said that, it is a reputable protection utility in its own field.

However, I feel that the 9.76% threat rate of RegistryFix given by the 41 scanners in virustotal.com is more reliable.

Regards

Link to comment
Share on other sites

Hi Leofelix, I have noted everything you said and I'm using Malwarebytes' Anti-Malware myself, but it has given false positives in several occasions! Having said that, it is a reputable protection utility in its own field.

However, I feel that the 9.76% threat rate of RegistryFix given by the 41 scanners in virustotal.com is more reliable.

Regards

 

This is not a false positive, please take a look here

 

However even if there are some very good and reputable registry cleaners available for free and you want still use "RegistryFix" you can put its files in IS 360 ignore list

 

Cheers

Link to comment
Share on other sites

Hi Itobe,

Thanks for your prompt reply.

I checked the judgement of WOT regarding RegistryFix and I noticed that the 1st page of comments was negative while the 2nd slightly positive! Overall the picture was negative! But we can't rely on ambiguous comments!

To the contrary in the virustotal.com site RegistryFix is considered a threat from 4 out of the 41 scanners ie a 9.76% threat.

From my experience this registry cleaner is one of the best I have used it with no apparent harm on my systems and I use it in all 5.

Unless someone checks this utility via a disassembler or other debuging tool as to it's inner workings most comments will remain assumptions!

IS360 detected it 69 times and I'm sure will not be the only one! But in my experience it appears to be a false positive.

Finally I didn't need to check "PccScan.dll" because after the online scanning of the PC with Trend Macro I deleted it together with the .housecall folder which resides in the Administrator's section.

I'm looking forward to your points of view.

best regards.

 

Hi, AlexP,

 

Sorry for late reply.

 

It do not hvae apparent harm to your PC.

 

After our test, we found it has some trick behaviors. It checks out a lot null value registry or some thing inconsequential to tell the users: hey, you have so much problems!!! Some users , like you, will pay $$$ for its repairing. This is conventional trick of such misleading or fraudtools.

 

So we define it as PHISH.FraudTool.

 

By now, RegistryFix is considered a threat from 4 out of the 41 scanners ie a 9.76% threat in the virustotal site, but we believe the percentage will grow not a long time. The "Registry Easy" is the best example.

 

Quote the words of leofelix, "However even if there are some very good and reputable registry cleaners available for free and you want still use "RegistryFix" you can put its files in IS 360 ignore list."It is also my truehearted suggestion.

 

Best regards.

Link to comment
Share on other sites

IObit Security 360

 

OS:Windows XP

Version:0.4.0.20

Define Version:1146

Time Elapsed:08/29/2009 10:48:40 PM

Objects Scanned:87834

Threats Found:7

 

|Name|Type|Description|ID|

Worm.Dropper, File, C:\WINDOWS\system32\WanPacket.dll, 9-100077

Backdoor.SpyBouncer, File, C:\WINDOWS\system32\wpcap.dll, 9-78159

Worm.Dropper, File, E:\program files\WMR11\WanPacket.dll, 9-100077

Trojan.Dldr, File, E:\program files\Moyea\FLV Downloader\SockHook.dll, 12-1035

Trojan.Dldr, File, E:\program files\Wondershare\Video to DVD Burner\WS_DVDBurner.dll, 12-1035

Trojan.Drop.Agent, File, E:\program files\Kodak\Printer\Center\KodakSvc.exe, 12-551

Dropper.Autoit.PM, File, H:\zUSB Sync Folders\TrueCrypt Vol T\MY PROGRAMS\AutoIt v3\Aut2Exe\AutoItSC.bin, 12-1945

 

VirusTotal shows all these as being clean.

Link to comment
Share on other sites

  • 2 weeks later...

These must be false

 

Most of these and others are new Microsoft updates. If they are not, please tell me.

 

IObit Security 360

 

OS:Windows XP

Version:1.0.0.60

Define Version:1168

Time Elapsed:00:01:11

Objects Scanned:38372

Threats Found:8

 

|Name|Type|Description|ID|

Trojan.Agent, File, C:\Documents and Settings\bobo\Start Menu\Programs\Startup\ChkDisk.dll, 4-4911

Trojan.FakeAlert, File, C:\Documents and Settings\bobo\Start Menu\Programs\Startup\ChkDisk.lnk, 4-4912

Trojan.Agent, File, C:\WINDOWS\system32\6to4v32.dll, 4-5323

Trojan.FakeAlert, File, C:\WINDOWS\system32\autochk.dll, 4-5738

Trojan.Agent, File, C:\WINDOWS\system32\certstore.dat, 4-6367

Trojan.Agent, File, C:\WINDOWS\system32\EvdoServer.dll, 4-7944

Backdoor.Bot, File, C:\WINDOWS\system32\wiwow64.exe, 4-15529

Trojan.Agent, File, C:\Documents and Settings\bobo\protect.dll, 4-17838

Link to comment
Share on other sites

I'm not sure

 

I hope this is the right section.

 

When I launched Software Information Windows (portable version) I got the following pop-up from Security360. I have never got this before but I had just updated the Security360 database.

 

Name cpuz132

Description New system service

Path C:\DOCUME~1\Wozofoz\LOCALS~1\Temp\\cpuz132\cpuz132_x32.sys

Process siw.exe

 

I canceled and exited SIW then I ran a Security360 Full Scan and got the following:

 

IObit Security 360

 

OS:Windows XP

Version:1.0.0.60

Define Version:1171

Time Elapsed:00:17:42

Objects Scanned:64769

Threats Found:1

 

|Name|Type|Description|ID|

Hijack.StartMenu, Registry Data, HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced Value=Start_ShowSearch, 6-680

 

I deleted this 'threat'

 

I don't know if there is any relation between the two.

Thanks for the help :smile:

 

All the best, woz of oz

Link to comment
Share on other sites

Sorry to be a pest

 

I deleted the 'theat' that I got in the previous post but it has come back again. Here is the report from today and it is exactly the same as on the 11th

 

IObit Security 360

 

OS:Windows XP

Version:1.0.0.60

Define Version:1174

Time Elapsed:00:05:20

Objects Scanned:57576

Threats Found:1

 

|Name|Type|Description|ID|

Hijack.StartMenu, Registry Data, HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced Value=Start_ShowSearch, 6-680

 

Maybe this has something to do with it:

 

I installed Everything Search and then went to Administrative Tools > Settings and changed Windows Search from Automatic to Disabled.

 

I also customized the Start Menu and took the Search icon out.

 

After deleting the threat on the 11th I found that the Search icon was back in the Start Menu the next time I started my computer.

 

I have not deleted the 'threat' this time (it does not quarantine just deletes) and will see what happens :)

 

 

EDIT: Here is the Hijack Scan report. The 'threat' is still on my computer during this scan

 

 

Logfile of IObit HijackScan v1.0.0.0

Scan saved at 3:48:26, on 2009-9-13

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\IObit\IObit Security 360\IS360srv.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\LAUNCH~1\QtZgAcer.EXE

C:\Acer\Empowering Technology\eRecovery\eRAgent.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\RocketDock\RocketDock.exe

C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\PhraseExpress\phraseexpress.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\igfxext.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\IObit\IObit Security 360\is360.exe

C:\Program Files\IObit\IObit Security 360\IS360tray.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\WordWeb\wweb32.exe

C:\Program Files\IObit\IObit Security 360\a_hijackscan.exe

 

O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\SPYBOT~1\SDHelper.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKCU|\Software\Microsoft\Windows\CurrentVersion\Run\: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"

O4 - HKCU|\Software\Microsoft\Windows\CurrentVersion\Run\: [smartRAM] "C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" /m

O4 - HKCU|\Software\Microsoft\Windows\CurrentVersion\Run\: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [LaunchApp] Alaunch

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [M3000Mnt] Rundll32.exe M3000Rmv.dll ,WinMainRmv /StartStillMnt

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O8 - Extra context menu item: &Download by Arles Download Manager -

O8 - Extra context menu item: E&xport to Microsoft Excel -

O9 - Extra button: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}LegitCheckControl.LegitCheck.1 - http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}Java Plug-in 1.6.0_16 - http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}Java Plug-in 1.6.0_16 - http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}Java Plug-in 1.6.0_16 - http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

O23 - Service: Apple Mobile Device (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus (avast! Antivirus) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner (avast! Mail Scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner (avast! Web Scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Bonjour Service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: iPod Service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: IS360service (IS360service) - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

NOTE:

O8 - Extra context menu item: &Download by Arles Download Manager

 

I tried and deleted Arles Download Manager using Revo UnInstaller long ago, other than that I don't know.

 

All the best, woz of oz

Link to comment
Share on other sites

hwdrv.sys - False Positive

 

IObit Security 360

 

OS:Windows XP

Version:1.0.0.60

Define Version:1179

Time Elapsed:00:25:47

Objects Scanned:74709

Threats Found:1

 

|Name|Type|Description|ID|

Rootkit.Gen, File, E:\WINDOWS\system32\Drivers\hwdrv.sys, 4-7422

 

The file, hwdrv.sys on my system, is a false positive. ABIT uGURU Utility has a legit system file named HWDRV.SYS with date stamp of 12/21/1998 and removing it will crash Windows. My motherboard is the ABIT Fatal1ty Socket 775 gaming motherboard which has a uGURU feature. This utility makes Windows boot dependent upon this HWDRV.SYS file.

 

http://file.abit.com.tw/pub/download/utilities/uguru/2.110/2_110_release_note.txt

Link to comment
Share on other sites

Several false positives being reported:

 

IObit Security 360

 

OS:Windows Vista

Version:1.0.0.60

Define Version:1182

Time Elapsed:00:43:43

Objects Scanned:91268

Threats Found:12

 

|Name|Type|Description|ID|

Misleading.EvidenceEliminator, Folder, C:\Users\nannie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Evidence Eliminator, 3-1771

Misleading.EvidenceEliminator, Folder, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evidence Eliminator, 3-1771

Misleading.EvidenceEliminator, File, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evidence Eliminator\Evidence Eliminator Help.lnk, 3-1771

Misleading.EvidenceEliminator, File, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evidence Eliminator\Evidence Eliminator License Agreement.lnk, 3-1771

Misleading.EvidenceEliminator, File, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evidence Eliminator\Evidence Eliminator Read Me.lnk, 3-1771

Misleading.EvidenceEliminator, File, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evidence Eliminator\Evidence Eliminator.lnk, 3-1771

Hijack.DisplayProperties, Registry Data, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer Value=NoActiveDesktopChanges, 6-56

Trojan.Dldr, File, C:\Program Files (x86)\Kodak\AiO\Center\dib.dll, 12-1814

Worm.Autorun, File, C:\Users\nannie\AppData\Roaming\SystemRequirementsLab\SRLProxyQ.dll, 12-1938

Worm.Autorun, File, C:\Users\nannie\AppData\Roaming\SystemRequirementsLab\SRLProxyR.dll, 12-1938

Worm.Autorun, File, C:\Users\nannie\AppData\Roaming\SystemRequirementsLab\SRLProxyS.dll, 12-1938

Worm.Autorun, File, C:\Users\nannie\AppData\Roaming\SystemRequirementsLab\SRLProxyT.dll, 12-1938

 

Evidence Eliminator: http://www.evidence-eliminator.com it's legit been using it for years no problem.

 

dib.dll: Needed by printer Kodak AiO EasyShare 5300

 

System Requirements Lab:http://www.systemrequirementslab.com/referrer/srtest for checking comp specs against recs for games.

Link to comment
Share on other sites

The file, hwdrv.sys on my system, is a false positive. ABIT uGURU Utility has a legit system file named HWDRV.SYS with date stamp of 12/21/1998 and removing it will crash Windows. My motherboard is the ABIT Fatal1ty Socket 775 gaming motherboard which has a uGURU feature. This utility makes Windows boot dependent upon this HWDRV.SYS file.

http://file.abit.com.tw/pub/download/utilities/uguru/2.110/2_110_release_note.txt

 

hi CJK,

 

sorry for the trouble with u.

 

it had been solved in definitions version 1183.

 

best regards.

Link to comment
Share on other sites

Several false positives being reported:

IObit Security 360

OS:Windows Vista

Version:1.0.0.60

Define Version:1182

Time Elapsed:00:43:43

Objects Scanned:91268

Threats Found:12

|Name|Type|Description|ID|

Misleading.EvidenceEliminator, Folder, C:\Users\nannie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Evidence Eliminator, 3-1771

Misleading.EvidenceEliminator, Folder, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evidence Eliminator, 3-1771

Misleading.EvidenceEliminator, File, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evidence Eliminator\Evidence Eliminator Help.lnk, 3-1771

Misleading.EvidenceEliminator, File, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evidence Eliminator\Evidence Eliminator License Agreement.lnk, 3-1771

Misleading.EvidenceEliminator, File, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evidence Eliminator\Evidence Eliminator Read Me.lnk, 3-1771

Misleading.EvidenceEliminator, File, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evidence Eliminator\Evidence Eliminator.lnk, 3-1771

Hijack.DisplayProperties, Registry Data, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer Value=NoActiveDesktopChanges, 6-56

Trojan.Dldr, File, C:\Program Files (x86)\Kodak\AiO\Center\dib.dll, 12-1814

Worm.Autorun, File, C:\Users\nannie\AppData\Roaming\SystemRequirementsLab\SRLProxyQ.dll, 12-1938

Worm.Autorun, File, C:\Users\nannie\AppData\Roaming\SystemRequirementsLab\SRLProxyR.dll, 12-1938

Worm.Autorun, File, C:\Users\nannie\AppData\Roaming\SystemRequirementsLab\SRLProxyS.dll, 12-1938

Worm.Autorun, File, C:\Users\nannie\AppData\Roaming\SystemRequirementsLab\SRLProxyT.dll, 12-1938

 

Evidence Eliminator: http://www.evidence-eliminator.com it's legit been using it for years no problem.

dib.dll: Needed by printer Kodak AiO EasyShare 5300

System Requirements Lab:http://www.systemrequirementslab.com/referrer/srtest for checking comp specs against recs for games.

 

hi chbimun,

 

first of all, sorry for the Fp trouble with you.

 

we saw the information u offered above.

 

the System Requirements and dib.dll must be Fps and they had been solved in definitions version 1183.

 

for the "Hijack.DisplayProperties, Registry Data", it is a new restriction correction , one that seems to be disabled on Vista by default. For now whitelist it and we will look into asap.

 

Evidence Eliminator, which defined as rogue by us, it is fake privacy protection or rogue registry cleaner software. here for reference:http://www.411-spyware.com/remove-evidence-eliminator

 

you would better remove it asap.

 

however, if you really like it, put it into ignore list (not recommended).

 

best regards

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...