Jump to content
IObit Forum
Top Free Driver Updater Tools Best 25 PC Optimization Software Best 22 Antimalware Best 22 Uninstaller Software IObit Coupons & Discount Offers PC Optimizer Mac Boost Advice IObit Coupons A Good Utility Program From IObit IObit Promo Codes IObit Coupon Codes IObit Coupons and Deals FAQs Driver Booster Pro Review

Spyware False Positive?


Mamba

Recommended Posts

Downloaded AWC V.2 yesterday. Spyware scan reports CoolWebSearch infection (msacmx.dll) registry keys:

 

HKCR\CLSID\{A5366673-E8CA-11D3-9CD9-0090271D075B}

and

HKLM\SOFTWARE\Classes\CLSID\{A5366673-E8CA-11D3-9CD9-0090271D075B}

 

Ran regscanner and found the keys reported. The contents at those locations refer to jccatch.dll which is the browser helper for the FlashGet download manager. I find no instance of msacmx.dll in the registry or on disk.

 

Is this a false positive based on the classId rather than the real malware? I had a CWS infection once (on another system, not this one) and I think I'd definitely recognize the symptoms if I had it in this case.

Link to comment
Share on other sites

Thanks

 

My system is legitimate. the file is jccatch.dll, the size is 81920 bytes and it is located in the program files\flashget folder.

 

Since the CLSID is the same for the malware & presumably could even name itself jccatch.dll, it's a tricky problem. In a case like this, I'd like to be able to place it on an ignore list (which I assume can be done in the paid version) but also record a checksum of the legitimate file in case it gets changed/replaced by the malware version at some point in the future.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...