Zlob False Positive?

[Doriginal]

|Name|Type|Description|ID|

Backdoor.Agent, Registry Key, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{23kln5j0-4opm-11we-aax5-24ef1f387232}, 5-11210

 

 

This is not being reported from any other scanners, Norton, SAS, etc.

I have Stardock programs installed, and I remember these UI programs sometimes got reported by Spyware Doctor in the past. Any Info on this? Thanks!

[evilfantasy]

The registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{23kln5j0-4opm-11we-aax5-24ef1f387232}\ shows up in multiple malware reports.

 

http://www.threatexpert.com/report.aspx?md5=444d7484b0abd63ddd39258cbcad9727

 

http://www.sophos.com/security/analyses/viruses-and-spyware/w32sdbotdof.html

 

http://vil.nai.com/vil/content/v_175602.htm

[Doriginal]

Hi, thanks for the info. I guess I'll delete it and keep my fingers crossed its not a false positive from something Im using. Ill post back if I run into any issues. Thanks Again!

[evilfantasy]

You can backup the Registry before making any changes.

 

Click on Start then Run and copy the following code into the Run box.

 

regedit /e C:\BackupReg1.reg

 

Click the OK button or press the Enter key. This will save a copy of the Registry to a file (C:\BackupReg1.reg) on your local hard drive.

[Doriginal]

Hmm, is there any valid use for this key, other than malware? Im asking this because i let the full scan run and after this, it picked up teamviewer as a keylogger.

I use teamviewer often to fix problems remotley for clients. So that leads me to believe the other is a false positive as well, considering no other scanners pick up the first or 2nd entries.

 

 

Name|Type|Description|ID|

Backdoor.Agent, Registry Key, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{23kln5j0-4opm-11we-aax5-24ef1f387232}, 5-11210

 

Keylogger.Winpup, File, C:\Users\Haunted\temp\TeamViewer\Version4\install.exe, 10-5430

[evilfantasy]

We can have a look and see if we can determine what it's associated with. Please post the log this tool will create.

 

Download Registry Search by Bobbi Flekman

(see the link titled RegSearch Download Link)

• Extract the files from Regsearch.zip into a folder.
  
• Doubleclick regsearch.exe to start the program.
  
• Enter (copy and then paste) {23kln5j0-4opm-11we-aax5-24ef1f387232} in the top area of the form and then click "OK".
  
• Notepad will be opened with text in it (the file named RegSearch.txt will be saved in the program's folder as well).
  
• Add the contents of the Notepad file to your next reply.

[Doriginal]

Ah thats ok, I searched a bit for the entry and could not find any info other than malware. I backed up registry and deleted it. So far nothing looks wrong with my programs. I really appreciate the help and info. Thanks for your time :)

 

P.S. I posted this in another thread maybe you have some answers, Is the IOSecurity service for heuristics? Is it ok to leave it set to manual and stopped? I use NIS09 and it has sonar tech. for those types of threats. I only use IO360 for on demand scanning.

[evilfantasy]

I searched a bit for the entry and could not find any info other than malware.

 

Yea I looked around some more and it is always mentioned as malware. I saw nothing to indicate it was associated with Team Viewer.

 

I'm not sure what the IOSecurity service is but it does use heuristic detection.

[Doriginal]

Thanks Again :)