How to report False Positive to us?

[enoskype]

Hi Shonix,

 

Please have a look at THAT post.

 

Cheers.

[samtso]

hi samtso,

 

we saw the info you offered and the FPs will be resolved next db version 1212. thanks for your quick response.

 

best regards.

 

Hi itobe,

 

I just do another scan with the latest update, but still found this:

 

IObit Security 360

 

OS:Windows XP

Version:1.0.1.30

Define Version:1213

Time Elapsed:00:12:09

Objects Scanned:2308

Threats Found:1

 

|Name|Type|Description|ID|

Adware.ADON, File, F:\Programs\Multimedia\Exact Audio Copy\eac-0.99pb4.exe, 10-9585

 

Any suggestion for me?

 

Thanks and regards,

Sam

[pascalg]

Just in time, I have made another scan with Iobit360 today, and even if I do no have deleted the keys, the new scan do not show the problem again. Who have fixed the problem? Iobit, Comodo or Windows Defender? I do not know.

[lordsoth1]

Hi,

Just downloaded Iobit 360 and did a scan, here's the report.

 

IObit Security 360

 

OS:Windows 7

Version:1.0.1.30

Define Version:1213

Time Elapsed:00:09:58

Objects Scanned:71548

Threats Found:1

 

|Name|Type|Description|ID|

Trojan.Cript.XPACK, File, D:\games\Blood Bowl\Data\Sound\Plugins\codec_asf.dll, 11-272

 

Im sure this is a false positive or cyanide started releasing games containing malmare :razz: dont think so.

 

Anyways do regular scans with SAS, malwarebytes and spyware terminator all report no problems.

 

Cheers

[Noeljarod]

I have previously reported this to you as feedback but received nothing helpful in response. The following is the last scan report from IObit 360:

 

IObit Security 360

 

OS:Windows XP

Version:0.1.1.8

Time:6/26/2009 12:35:49 PM

 

|Name|Type|Description|

Rogue.RegistryFix, File, C:\Program Files\RegistryFix7\logs\26-6-2009 (12-13-56).txt

Rogue.RegistryFix, File, C:\Program Files\RegistryFix7\logs\26-6-2009 (12-16-17).txt

Rogue.RegistryFix, File, C:\Program Files\RegistryFix7\logs\26-6-2009 (9-58-55).txt

Rogue.RegistryFix, File, C:\Program Files\RegistryFix7\RegistryFix7Backup\6,26,2009_10,9,11.cab

 

I have contacted the folks at Registry Fix and they have said that they have attempted to contact you about this issue. They have assured me that their program contains no malware. I have tested for it with other prominent detection tools and yours is the only one that shows Registry Fix 7.1 to be rouge-ware. Please consider removing Registry Fix 7.1 from your list of malware. Otherwise, explain your rationale and justify why you categorized it as such. Thanks.

 

CAS

 

I have the same problem man!!!

 

Also I called the maintenance people from registry fix, and they said the same. Here is my log

 

IObit Security 360

 

OS:Windows Vista

Version:1.0.0.60

Definir Version:1205

Tiempo Transcurrido:00:10:19

Objetos Analizados:59999

Amenazas Encontradas:65

 

|Nombre|Tipo|Descripción|ID|

Rogue.RegistryFix, Folder, C:\Program Files\RegistryFix7, 3-2957

Rogue.RegistryFix, Folder, C:\Program Files\RegistryFix7\logs, 3-2957

Rogue.RegistryFix, File, C:\Program Files\RegistryFix7\RegistryFix.exe, 3-2957

Rogue.RegistryFix, Folder, C:\Program Files\RegistryFix7\RegistryFix7, 3-2957

Rogue.RegistryFix, Folder, C:\Program Files\RegistryFix7\RegistryFix7Backup, 3-2957

Rogue.RegistryFix, File, C:\Program Files\RegistryFix7\UninstlDll.dll, 3-2957

Rogue.RegistryFix, File, C:\Program Files\RegistryFix7\logs\1-12-2008 (3-14-6).txt, 3-2957

Rogue.RegistryFix, File, C:\Program Files\RegistryFix7\logs\1-12-2008 (3-24-42).txt, 3-2957

Rogue.RegistryFix, File, C:\Program Files\RegistryFix7\logs\1-5-2009 (0-57-43).txt, 3-2957

Rogue.RegistryFix, File, C:\Program Files\RegistryFix7\logs\10-5-2009 (1-54-29).txt, 3-2957

Rogue.RegistryFix, File, C:\Program Files\RegistryFix7\logs\11-3-2009 (19-8-51).txt, 3-2957

Rogue.RegistryFix, File, C:\Program Files\RegistryFix7\logs\11-4-2009 (19-59-39).txt, 3-2957

Rogue.RegistryFix, File, C:\Program Files\RegistryFix7\logs\11-4-2009 (23-51-26).txt, 3-2957

Rogue.RegistryFix, File, C:\Program Files\RegistryFix7\logs\14-11-2008 (14-52-56).txt, 3-2957

Rogue.RegistryFix, File, C:\Program Files\RegistryFix7\logs\14-7-2009 (11-5-33).txt, 3-2957

Rogue.RegistryFix, File, C:\Program Files\RegistryFix7\logs\17-8-2009 (9-43-0).txt, 3-2957

Rogue.RegistryFix, File, C:\Program Files\RegistryFix7\logs\19-11-2008 (11-50-54).txt, 3-2957

Rogue.RegistryFix, File, C:\Program Files\RegistryFix7\logs\2-11-2008 (3-32-13).txt, 3-2957

Rogue.RegistryFix, File, C:\Program Files\RegistryFix7\logs\2-12-2008 (4-41-58).txt, 3-2957

Rogue.RegistryFix, File, C:\Program Files\RegistryFix7\logs\23-5-2009 (8-33-3).txt, 3-2957

Rogue.RegistryFix, File, C:\Program Files\RegistryFix7\logs\23-6-2009 (15-37-28).txt, 3-2957

Rogue.RegistryFix, File, C:\Program Files\RegistryFix7\logs\23-9-2009 (0-19-18).txt, 3-2957

Rogue.RegistryFix, File, C:\Program Files\RegistryFix7\logs\24-3-2009 (19-26-26).txt, 3-2957

Rogue.RegistryFix, File, C:\Program Files\RegistryFix7\logs\24-9-2009 (1-50-9).txt, 3-2957

Rogue.RegistryFix, File, C:\Program Files\RegistryFix7\logs\29-7-2009 (9-53-26).txt, 3-2957

Rogue.RegistryFix, File, C:\Program Files\RegistryFix7\logs\30-10-2008 (11-22-1).txt, 3-2957

Rogue.RegistryFix, File, C:\Program Files\RegistryFix7\logs\30-10-2008 (2-26-50).txt, 3-2957

Rogue.RegistryFix, File, C:\Program Files\RegistryFix7\logs\30-10-2008 (7-6-44).txt, 3-2957

Rogue.RegistryFix, File, C:\Program Files\RegistryFix7\logs\31-10-2008 (17-21-31).txt, 3-2957

Rogue.RegistryFix, File, C:\Program Files\RegistryFix7\logs\4-11-2008 (20-36-39).txt, 3-2957

Rogue.RegistryFix, File, C:\Program Files\RegistryFix7\logs\5-12-2008 (2-4-36).txt, 3-2957

Rogue.RegistryFix, File, C:\Program Files\RegistryFix7\logs\6-11-2008 (1-37-14).txt, 3-2957

Rogue.RegistryFix, File, C:\Program Files\RegistryFix7\logs\6-11-2008 (19-59-25).txt, 3-2957

Rogue.RegistryFix, File, C:\Program Files\RegistryFix7\logs\6-6-2009 (16-40-35).txt, 3-2957

Rogue.RegistryFix, File, C:\Program Files\RegistryFix7\logs\8-2-2009 (15-2-50).txt, 3-2957

Rogue.RegistryFix, File, C:\Program Files\RegistryFix7\RegistryFix7Backup\10,30,2008_11,27,50.cab, 3-2957

Rogue.RegistryFix, File, C:\Program Files\RegistryFix7\RegistryFix7Backup\10,30,2008_2,38,1.cab, 3-2957

Rogue.RegistryFix, File, C:\Program Files\RegistryFix7\RegistryFix7Backup\10,30,2008_7,18,28.cab, 3-2957

Rogue.RegistryFix, File, C:\Program Files\RegistryFix7\RegistryFix7Backup\10,31,2008_17,35,2.cab, 3-2957

Rogue.RegistryFix, File, C:\Program Files\RegistryFix7\RegistryFix7Backup\11,14,2008_15,0,55.cab, 3-2957

Rogue.RegistryFix, File, C:\Program Files\RegistryFix7\RegistryFix7Backup\11,19,2008_12,38,8.cab, 3-2957

Rogue.RegistryFix, File, C:\Program Files\RegistryFix7\RegistryFix7Backup\11,2,2008_3,48,55.cab, 3-2957

Rogue.RegistryFix, File, C:\Program Files\RegistryFix7\RegistryFix7Backup\11,4,2008_21,2,35.cab, 3-2957

Rogue.RegistryFix, File, C:\Program Files\RegistryFix7\RegistryFix7Backup\11,6,2008_1,48,25.cab, 3-2957

Rogue.RegistryFix, File, C:\Program Files\RegistryFix7\RegistryFix7Backup\11,6,2008_20,7,21.cab, 3-2957

Rogue.RegistryFix, File, C:\Program Files\RegistryFix7\RegistryFix7Backup\12,1,2008_3,24,37.cab, 3-2957

Rogue.RegistryFix, File, C:\Program Files\RegistryFix7\RegistryFix7Backup\12,1,2008_3,38,4.cab, 3-2957

Rogue.RegistryFix, File, C:\Program Files\RegistryFix7\RegistryFix7Backup\12,2,2008_7,3,59.cab, 3-2957

Rogue.RegistryFix, File, C:\Program Files\RegistryFix7\RegistryFix7Backup\12,5,2008_2,31,31.cab, 3-2957

Rogue.RegistryFix, File, C:\Program Files\RegistryFix7\RegistryFix7Backup\3,11,2009_19,18,25.cab, 3-2957

Rogue.RegistryFix, File, C:\Program Files\RegistryFix7\RegistryFix7Backup\3,24,2009_19,57,37.cab, 3-2957

Rogue.RegistryFix, File, C:\Program Files\RegistryFix7\RegistryFix7Backup\4,11,2009_20,15,27.cab, 3-2957

Rogue.RegistryFix, File, C:\Program Files\RegistryFix7\RegistryFix7Backup\4,12,2009_7,45,21.cab, 3-2957

Rogue.RegistryFix, File, C:\Program Files\RegistryFix7\RegistryFix7Backup\5,1,2009_9,9,50.cab, 3-2957

Rogue.RegistryFix, File, C:\Program Files\RegistryFix7\RegistryFix7Backup\5,10,2009_6,54,46.cab, 3-2957

Rogue.RegistryFix, File, C:\Program Files\RegistryFix7\RegistryFix7Backup\5,23,2009_8,55,11.cab, 3-2957

Rogue.RegistryFix, File, C:\Program Files\RegistryFix7\RegistryFix7Backup\6,23,2009_15,57,12.cab, 3-2957

Rogue.RegistryFix, File, C:\Program Files\RegistryFix7\RegistryFix7Backup\6,6,2009_17,11,3.cab, 3-2957

Rogue.RegistryFix, File, C:\Program Files\RegistryFix7\RegistryFix7Backup\7,14,2009_11,34,24.cab, 3-2957

Rogue.RegistryFix, File, C:\Program Files\RegistryFix7\RegistryFix7Backup\7,29,2009_10,5,35.cab, 3-2957

Rogue.RegistryFix, File, C:\Program Files\RegistryFix7\RegistryFix7Backup\8,17,2009_9,57,48.cab, 3-2957

Rogue.RegistryFix, File, C:\Program Files\RegistryFix7\RegistryFix7Backup\9,23,2009_0,46,18.cab, 3-2957

Rogue.RegistryFix, File, C:\Program Files\RegistryFix7\RegistryFix7Backup\9,24,2009_6,37,35.cab, 3-2957

Rogue.RegistryFix, Folder, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegistryFix7, 3-2958

Rogue.RegistryFix, File, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegistryFix7\RegistryFix7.lnk, 3-2958

 

[enoskype]

333halfevil has given the reply!!!

 

This is a correct detection and is a rogue program. Remove immediately :neutral:

 

I would listen to 333halfevil!!!

 

Cheers.

[gregkitchen]

I Keep getting this adware coming up i bit tells me it has deleted it but has not

 

IObit Security 360

 

OS:Windows XP

Version:1.0.1.30

Define Version:1215

Time Elapsed:00:01:35

Objects Scanned:44986

Threats Found:1

 

|Name|Type|Description|ID|

Tracking Cookies - Removed, Cookies, Cookie:user@zedo.com/, 7-1537

[pascalg]

BtwNamespaceExt ? FP???

 

Runing IOBit-S360 today it found this guy. Comodo do not acuse nothing.

 

IObit Security 360

 

OS:Windows Vista

Version:1.0.1.30

Define Version:1217

Time Elapsed:00:03:05

Objects Scanned:60518

Threats Found:1

 

|Name|Type|Description|ID|

Win32.Agent, File, C:\Windows\system32\BtwNamespaceExt.dll, 11-18054

 

 

 

 

Had submited to VirusTotal and get nothing. Part only of the report is below because it exceds the limit. The print report in PDF too is to great 144KB and could not be sent here

 

My question is: It is a virus or not?

 

Arquivo 21473D8200248935E07D0968AF2BE5001E11D2C8.dll recebido em 2009.07.13 18:49:30 (UTC)

Andamento: terminado

Resultado: 0/41 (0.00%)

Modo compacto

Imprimir resultados

Antivírus Versão Última Atualização Resultado

a-squared 4.5.0.22 2009.07.13 -

AhnLab-V3 5.0.0.2 2009.07.13 -

AntiVir 7.9.0.204 2009.07.13 -

Antiy-AVL 2.0.3.1 2009.07.10 -

Authentium 5.1.2.4 2009.07.13 -

Avast 4.8.1335.0 2009.07.13 -

AVG 8.5.0.387 2009.07.13 -

BitDefender 7.2 2009.07.13 -

CAT-QuickHeal 10.00 2009.07.10 -

ClamAV 0.94.1 2009.07.13 -

Comodo 1602 2009.07.13 -

DrWeb 5.0.0.12182 2009.07.13 -

eSafe 7.0.17.0 2009.07.13 -

eTrust-Vet 31.6.6610 2009.07.13 -

F-Prot 4.4.4.56 2009.07.13 -

F-Secure 8.0.14470.0 2009.07.13 -

Fortinet 3.120.0.0 2009.07.13 -

GData 19 2009.07.13 -

Ikarus T3.1.1.64.0 2009.07.13 -

Jiangmin 11.0.706 2009.07.13 -

K7AntiVirus 7.10.791 2009.07.13 -

Kaspersky 7.0.0.125 2009.07.13 -

McAfee 5675 2009.07.13 -

McAfee+Artemis 5675 2009.07.13 -

McAfee-GW-Edition 6.8.5 2009.07.13 -

Microsoft 1.4803 2009.07.13 -

NOD32 4240 2009.07.13 -

Norman 2009.07.13 -

nProtect 2009.1.8.0 2009.07.13 -

Panda 10.0.0.14 2009.07.12 -

PCTools 4.4.2.0 2009.07.13 -

Prevx 3.0 2009.07.13 -

Rising 21.38.04.00 2009.07.13 -

Sophos 4.43.0 2009.07.13 -

Sunbelt 3.2.1858.2 2009.07.13 -

Symantec 1.4.4.12 2009.07.13 -

TheHacker 6.3.4.3.366 2009.07.12 -

TrendMicro 8.950.0.1094 2009.07.13 -

VBA32 3.12.10.8 2009.07.12 -

ViRobot 2009.7.13.1833 2009.07.13 -

VirusBuster 4.6.5.0 2009.07.13 -

Informações adicionais

File size: 647168 bytes

MD5 : 6b388b4e6cb0a1e4b665416f68aba86e

SHA1 : ee15ea1530715458c30bda65a1e1f83f3e620f82

SHA256: 6edd555729614ee3295093dd21030fbf2c927a8bcbda2faf7807bddee5dfc09d

PEInfo: PE Structure information

 

( base data )

entrypointaddress.: 0x4B40D

timedatestamp.....: 0x4550EC8B (Tue Nov 7 21:28:59 2006)

machinetype.......: 0x14C (Intel I386)

 

( 5 sections )

name viradd virsiz rawdsiz ntrpy md5

.text 0x1000 0x510F6 0x52000 6.47 32d578a6dd871d512a1308cc68a35636

.rdata 0x53000 0x1C91C 0x1D000 5.24 ab5cf0104a1f27045c497ec7885f4345

.data 0x70000 0x303FC 0x3000 3.99 48ec660fea8a9112bb8c7148c4fe2992

.rsrc 0xA1000 0x1D338 0x1E000 4.28 88ca0b57060143589ef536ace7e30d20

.reloc 0xBF000 0xC060 0xD000 5.14 20e51bb1b36d7a0ec5a2a2912e9409d7

 

================ etc etc etc

 

> DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer

TrID : File type identification

DirectShow filter (52.6%)

Windows OCX File (32.2%)

Win32 Executable MS Visual C++ (generic) (9.8%)

Win32 Executable Generic (2.2%)

Win32 Dynamic Link Library (generic) (1.9%)

ssdeep: 12288:Xkni0JMox5FDO7lMLg7+mUpUA/J+YpYkUjQhu3oegI3U:X0VMUF5Q6pjB7YdjQhu3BgI3

PEiD : -

RDS : NSRL Reference Data Set

-

ATENÇÃO: VirusTotal é um serviço gratuito oferecido por Hispasec Sistemas. Não há garantias quanto à disponibilidade e continuidade desse serviço. Apesar da taxa de detecção proporcionada pelo uso de múltiplos mecanismos de antivírus ser muito superior àquela oferecida por um único produto, os resultados NÃO garantem a possibilidade de um arquivo ser inofensivo. Atualmente, não há qualquer solução que ofereça 100% de eficiência na detecção de vírus e arquivos maliciosos..

[Anonymous 1]

IOBit Security 360 V1.01 (Free) reports WINDOWS SYSTEM FILE as a THREAT!!!

 

THIS IS WHAT THE SCAN REPORT FILE STATES:

 

IObit Security 360

 

OS:Windows Vista

Version:1.0.1.30

Define Version:1230

Time Elapsed:00:03:50

Objects Scanned:61246

Threats Found:1

 

|Name|Type|Description|ID|

Rogueware.Dropped.Malware, File, C:\Windows\system32\MSVolume.dll, 4-13085

 

As you can see in this scan report that IOBit Security 360 V1.01 (Free) has reported a WINDOWS SYSTEM FILE as a THREAT!!!. This is the FIRST TIME I actually installed and ran a scan using this software so I have NO PREVIOUS KNOWLEDGE about it. All I know that WINDOWS SYSTEM FILES are EXTREMELY IMPORTANT!!! for the proper functioning of the computer and should not be tampered with. I HAVE NO IDEA WHAT TO DO, CAN SOMEBODY PLEASE HELP!!!!!!

[solbjerg]

Hi Anonymous

Please submit it to VirusTotal

I do not have that file on my XP system

I am fairly sure it is malware.

At least place it in quarantine until you/VirusTotal determine that it is in fact malware.

Just becaused it is placed in Window System32 files does not mean that it is an original Windows file, the producers of malware often tries to place their malware files where they can do the most damage.

Cheers

solbjerg

 

THIS IS WHAT THE SCAN REPORT FILE STATES:

 

IObit Security 360

 

OS:Windows Vista

Version:1.0.1.30

Define Version:1230

Time Elapsed:00:03:50

Objects Scanned:61246

Threats Found:1

 

|Name|Type|Description|ID|

Rogueware.Dropped.Malware, File, C:\Windows\system32\MSVolume.dll, 4-13085

 

As you can see in this scan report that IOBit Security 360 V1.01 (Free) has reported a WINDOWS SYSTEM FILE as a THREAT!!!. This is the FIRST TIME I actually installed and ran a scan using this software so I have NO PREVIOUS KNOWLEDGE about it. All I know that WINDOWS SYSTEM FILES are EXTREMELY IMPORTANT!!! for the proper functioning of the computer and should not be tampered with. I HAVE NO IDEA WHAT TO DO, CAN SOMEBODY PLEASE HELP!!!!!!

[Anonymous 1]

File Size Is 0 Bytes!!! Virus Total Doesn"t Scan My File

 

Hi Solbjerg,

This is Anonymous 1.

 

As you said, I tried to upload file to Virus Total but it says that FILE SIZE IS 0 BYTES. And it displays this weird message in a different language. I will place the file in Quarantine until you respond. I really don't know what I should do with this file, should I completely remove even from Quarantine or just leave it there.

 

PLEASE HELP!!!

[itobe]

Hi Solbjerg,

This is Anonymous 1.

 

As you said, I tried to upload file to Virus Total but it says that FILE SIZE IS 0 BYTES. And it displays this weird message in a different language. I will place the file in Quarantine until you respond. I really don't know what I should do with this file, should I completely remove even from Quarantine or just leave it there.

 

PLEASE HELP!!!

 

hi Anonymous 1,

 

MSVolume.dll is NOT an essential WINDOWS SYSTEM FILE.

 

It is a malware that spreads by infecting Windows executable files via Windows security loopholes. When inside, MSVolume will drop corrupt msvolume.dll files into Windows registry and inundate the desktop with unsolicited pop ups. Typically MSVolume.dll is spread via unwanted spam emails, news groups, schat rooms and infected file sharing downloads. The MSVolume.dll malware is a high risk security infection!

 

Either "completely remove even from Quarantine or just leave it there" is all right. :grin:

 

Cheers.

[Georgi]

Hello, 2 FP for me:

 

IObit Security 360

 

OS:Windows 7

Version:1.0.2.2

Define Version:1239

Time Elapsed:00:56:15

Objects Scanned:231488

Threats Found:2

 

|Name|Type|Description|ID|

Adware.Winpup, File, C:\Users\B-boy\AppData\Roaming\Skype\b-boy_style\etilqs_DD5DhM8iCafJgP3VTsid, 9-93385

Win32.Dialer.NCG, File, D:\GAMES\TOTAL ANNIHILATION\tawirepx.dll, 11-3133

 

tawirepx.dll - VirusTotal

 

http://www.virustotal.com/analisis/e198858f7cc46d0d23c6e060fb8da683891c614a14b21c9285d368c7a18c12bc-1255910295

 

Regards,

Georgi

[itobe]

Hello, 2 FP for me:

 

IObit Security 360

 

OS:Windows 7

Version:1.0.2.2

Define Version:1239

Time Elapsed:00:56:15

Objects Scanned:231488

Threats Found:2

 

|Name|Type|Description|ID|

Adware.Winpup, File, C:\Users\B-boy\AppData\Roaming\Skype\b-boy_style\etilqs_DD5DhM8iCafJgP3VTsid, 9-93385

Win32.Dialer.NCG, File, D:\GAMES\TOTAL ANNIHILATION\tawirepx.dll, 11-3133

 

tawirepx.dll - VirusTotal

 

http://www.virustotal.com/analisis/e198858f7cc46d0d23c6e060fb8da683891c614a14b21c9285d368c7a18c12bc-1255910295

 

Regards,

Georgi

 

hi Georgi,

 

thanks for your warmhearted feedback.

 

the tawirepx.dll is proved as a FP, it will be solved soon.

 

urmmm, how about the other one?

 

thanks in advanced and expect your reply soon.

[Georgi]

Hello itobe,

 

Thanks for your fast reply.

The second file is virus free too.

Skype and Mozilla Firefox creates those temp files as well. :)

 

http://www.virustotal.com/analisis/cc61635da46b2c9974335ea37e0b5fd660a5c8a42a89b271fa7ec2ac4b8b26f6-1255918467

 

http://img21.imageshack.us/img21/3729/80252296.jpg

 

Regards,

Georgi

[333halfevil]

Hello itobe,

 

Thanks for your fast reply.

The second file is virus free too.

Skype and Mozilla Firefox creates those temp files as well. :)

 

http://www.virustotal.com/analisis/cc61635da46b2c9974335ea37e0b5fd660a5c8a42a89b271fa7ec2ac4b8b26f6-1255918467

 

http://img21.imageshack.us/img21/3729/80252296.jpg

 

Regards,

Georgi

 

Hi there. Sometimes if you have transferred a malicious file or visited a malicious site which has replicated a small piece of it's malicious 'code', it can be stored in this temporary file. Once you exit the program however, it is immediately deleted and it poses no 'real' security risk to your computer.

[itobe]

Hello itobe,

 

Thanks for your fast reply.

The second file is virus free too.

Skype and Mozilla Firefox creates those temp files as well. :)

 

http://www.virustotal.com/analisis/cc61635da46b2c9974335ea37e0b5fd660a5c8a42a89b271fa7ec2ac4b8b26f6-1255918467

 

http://img21.imageshack.us/img21/3729/80252296.jpg

 

Regards,

Georgi

 

hi Georgi,

 

they are solved. please update your definition version to 1240.

 

cheers.

[Georgi]

Hi there. Sometimes if you have transferred or visited a malicious site which has replicated a small piece of it's malicious 'code', it can be stored in this temporary file. Once you exit the program however, it is immediately deleted and it poses no 'real' security risk to your computer.

 

Hello 333halfevil,

 

Thanks for your reply too.

I know that very well.

I am very familiar with HJT, Combofix by sUBs, Otmoveit by OldTimer, The Avenger by Swandog46, AVZ etc. believe me. It's what we use to help users everyday; I am a Malware Fighter. :)

 

Keep on with your good work.

 

Hi itobe,

i ran a scan and i will replay back with the results tomorrow. :)

 

All the best,

Georgi :)

 

EDIT => All is fixed. Thank you both.

[Mr Statto]

SQL Files are False Positives

 

IObit Security 360

 

OS:Windows XP

Version:1.0.1.30

Define Version:1244

Time Elapsed:00:56:20

Objects Scanned:81938

Threats Found:6

 

|Name|Type|Description|ID|

 

Adware.Winpup, File, C:\Program Files\Microsoft SQL Server\sql2ksp4\x86\binn\isql.exe, 9-95464

Worm.Adhelper, File, C:\Program Files\Microsoft SQL Server\sql2ksp4\x86\binn\xplog70.dll, 9-69500

 

 

There were another couple which were the same files, but in a different folder (C:\Program Files\Microsoft SQL Server\MSSQL\Binn) but I added those to the ignore list before I thought about reporting false positives. :oops:

[itobe]

IObit Security 360

 

OS:Windows XP

Version:1.0.1.30

Define Version:1244

Time Elapsed:00:56:20

Objects Scanned:81938

Threats Found:6

 

|Name|Type|Description|ID|

 

Adware.Winpup, File, C:\Program Files\Microsoft SQL Server\sql2ksp4\x86\binn\isql.exe, 9-95464

Worm.Adhelper, File, C:\Program Files\Microsoft SQL Server\sql2ksp4\x86\binn\xplog70.dll, 9-69500

 

 

There were another couple which were the same files, but in a different folder (C:\Program Files\Microsoft SQL Server\MSSQL\Binn) but I added those to the ignore list before I thought about reporting false positives. :oops:

 

Hi Mr Statto,

 

Thanks in advanced.:-D

 

After further investigation, we found they are 100% False Positive. They do will be solved in definition version 1246 about half an hour later.

 

Sorry for the inconvenience and much thanks for your kindly feedback.

 

Best Regards.

[ShadowZone]

Princess Waltz

 

IObit Security 360

 

OS:Windows 7

Version:1.0.1.30

Define Version:1247

Time Elapsed:00:12:49

Objects Scanned:70328

Threats Found:6

 

|Name|Type|Description|ID|

Tracking Cookies, Cookies, Cookie:zach@ads.pointroll.com/, 7-14

Tracking Cookies, Cookies, Cookie:zach@pointroll.com/, 7-2048

Tracking Cookies, Cookies, Cookie:zach@atdmt.com/, 7-1543

Tracking Cookies, Cookies, Cookie:zach@doubleclick.net/, 7-1380

Tracking Cookies, Cookies, Cookie:zach@com.com/, 7-9

Win32.Inject, File, C:\Program Files\Will\PRINCESS WALTZ\prwaltz.exe, 11-23412

 

princess waltz is not a trojan, i have had it scanned with several programs that do not report it and it is not a crack it is from the actual CD/DVD

[itobe]

IObit Security 360

 

OS:Windows 7

Version:1.0.1.30

Define Version:1247

Time Elapsed:00:12:49

Objects Scanned:70328

Threats Found:6

 

|Name|Type|Description|ID|

Tracking Cookies, Cookies, Cookie:zach@ads.pointroll.com/, 7-14

Tracking Cookies, Cookies, Cookie:zach@pointroll.com/, 7-2048

Tracking Cookies, Cookies, Cookie:zach@atdmt.com/, 7-1543

Tracking Cookies, Cookies, Cookie:zach@doubleclick.net/, 7-1380

Tracking Cookies, Cookies, Cookie:zach@com.com/, 7-9

Win32.Inject, File, C:\Program Files\Will\PRINCESS WALTZ\prwaltz.exe, 11-23412

 

princess waltz is not a trojan, i have had it scanned with several programs that do not report it and it is not a crack it is from the actual CD/DVD

 

hi ShadowZone,

 

for improving efficiency, please read this guidelines for reporting a false positive.

 

http://forums.iobit.com/showthread.php?t=4586

 

best regards.

[divinebaboon]

IObit Security 360

 

OS:Windows 7

Version:1.0.1.30

Define Version:1248

Time Elapsed:00:14:52

Objects Scanned:75393

Threats Found:1

 

|Name|Type|Description|ID|

Hijack.DisplayProperties - Removed, Registry Data, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer Value=NoActiveDesktopChanges, 6-96

[SJSF]

ClamWin Portable component detected as Zuten.AF

 

OS:Windows XP

Version:1.0.1.30

Define Version:1248

Time Elapsed:00:00:13

Objects Scanned:62

Threats Found:1

 

|Name|Type|Description|ID|

Zuten.AF, File, C:\LucasArts\ClamWin\ClamWinPortable\App\clamwin\bin\ClamTray.exe, 12-377

It is a component of ClamWin AntiVirus Portable.

Of the 41 Anti-Virus scanners in Virus Total.com only eSafe detected the file as suspicious.

[Mr Statto]

Hi Mr Statto,

 

Thanks in advanced.:-D

 

After further investigation, we found they are 100% False Positive. They do will be solved in definition version 1246 about half an hour later.

 

Sorry for the inconvenience and much thanks for your kindly feedback.

 

Best Regards.

 

No problem - glad to be of assistance