Jump to content
Sign in to follow this  
Daveski17

Registry Key Trojan False-Positive?

Recommended Posts

 An SAS scan on a relative’s (Vista) laptop claimed that a registry entry was a trojan. 

 

I didn’t quarantine it as I wasn’t sure, even though MBAM claimed that exactly the same file 

 

HKU\S-1-5-21-688742335-2297325631-2119768481-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{7545D8C8-F53C-4E2F-8FA0-D248EF4A6E61} 

 

was a ‘Rogue Installer’.

 

I did a complete scan (8 hrs) with Panda AV, which found nothing. Next I scanned with Bit Defender online, F-Secure online, Kaspersky Security Scan and the Microsoft Safety Scanner, all of which discovered nothing.

 

The only thing that I can think of that might be causing this almost certain false positive is that when I originally examined my relative’s laptop I employed a USB mouse originally from a ‘Tech Air 15.6-Inch Laptop Case with Shoulder Strap and Optical USB 2 Button Mouse’ I purchased six months ago. The mouse had never been used in the laptop before and had to install drivers as is normally the case. Previously the mouse had only ever been used on computers running Ubuntu. I’m guessing that MBAM and SAS may be falsely detecting those drivers as malware.

 

Any thoughts anyone?

 

sas%20fp1_zpsiu8ntsy4.jpg

Share this post


Link to post
Share on other sites

Hello Daveski17,

 

After some investigation I believe I have found the cause of the false detection. It was an older definition which needed a little 'tuning up'.

 

I have adjusted the definition database, and this should no longer be detected as of database version 12018 which will be released within the next few hours.

 

Update to version 12018 and scan again (a restart of SUPERAntiSpyware may be necessary).

 

Please let me know if you have any other questions or concerns,

SUPERAntiSpyware Malware Research

Share this post


Link to post
Share on other sites

Hello Daveski17,

 

After some investigation I believe I have found the cause of the false detection. It was an older definition which needed a little 'tuning up'.

 

I have adjusted the definition database, and this should no longer be detected as of database version 12018 which will be released within the next few hours.

 

Update to version 12018 and scan again (a restart of SUPERAntiSpyware may be necessary).

 

Please let me know if you have any other questions or concerns,

SUPERAntiSpyware Malware Research

Thanks for the reply, I will scan again when database 12018 is available, thanks.  :-P

Share this post


Link to post
Share on other sites

I scanned again after downloading database 12018 and SAS is still labelling 

 

HKU\S-1-5-21-688742335-2297325631-2119768481-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{7545D8C8-F53C-4E2F-8FA0-D248EF4A6E61} 

 

as a Trojan.Agent/Gen.

 

MBAM is also still labelling it as a Rogue Installer. 

 

Panda and Kaspersky scans still come up negative and I ran Spybot Search and Destroy which also found no trojans or rogue installers.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×