

SFdude
Members-
Content Count
5 -
Joined
-
Last visited
About SFdude
-
Rank
Newbie
-
False Positive? only SAS detects Trojan in a ZIP file
SFdude replied to SFdude's topic in False Positives
Thanks for your quick reply, Geoff. But ... I am not reporting an "FP", on this file: ....http://calc3d.com/zip/cldpen01.zip !. In fact, I don't even know if this is an FP... I am simply asking SAS if it is, (or not). after you test it. I trust SAS 100%, and take this (ominous) message: ....Trojan.Agent/Gen-Rogue[installer].Process very seriously... Even if other AV scanners found nothing, and only SAS reports the message (above), that does not make this file automatically "an FP", in my opinion... Will not install this file, until I get the "green light" from the SAS Team. Thanks Geoff! -
False Positive? only SAS detects Trojan in a ZIP file
SFdude replied to SFdude's topic in False Positives
Thanks for the quick reply, Seth! ok then, will wait for the "official" SAS response... btw, Seth: - how did you determine that this file is a false positive? -
Hi, SAS (latest defs) in my PC, and also SAS at Virus Total site, both report: SUPERAntiSpyware 4.40.0.1006 2011.04.21 Trojan.Agent/Gen-Rogue[installer].Process for this ZIP file: http://calc3d.com/zip/cldpen01.zip See the VT Report: http://goo.gl/MH5eB OR http://www.virustotal.com/file-scan/report.html?id=9400f95fdd57330b383fd206ffffb409f06067905b75d64e3bdd01a36a8368a8-1303384589 Seems the EXE file inside the ZIP, triggers the SAS alert... False Positive...or not? I will not install this in my PC, unless I get the "green light" from SAS... Help! SFdude XP-SP3 (latest patches) FF 3.6.16 SAS / MBAM / AVAST (all free, updated, latest versions)
-
I accidentally had SAS Quarantine it. Not what I wanted... So, I simply "UNQuarantined" it, until somebody from SAS, (or another Forum colleague) gives us a better = correct info. BTW: I searched in my Registry, (yes, my REGEDIT works just fine! = it's not "disabled"). Yet, I did NOT find the Registry Key which made SAS so nervous. The string does not even exist in my Registry! Madeline, try searching your Registry for the "system.RegistryEditorDisabled" string, which SAS alerts it has "detected". Meanwhile, I'm starting to become disappointed with the lack of feedback from SAS to this post. It sounds like a false positive...Anybody? MBAM and AVAST report a totally clean XP/SP3 system... SFdude
-
Hi Madeline, Yes, I'm having EXACTLY the same symptom detected by SAS today, (SAS latest version with latest updated Virus db): "system.RegistryEditorDisabled" I also ran Full System scans with the latest MalwareBytes (MBAM) and the latest AVAST. Both show: "0 infections". Only SAS shows this message... Also, I can open my REGEDIT and System Tasks windows OK, with no problems - so, they are not "disabled", as the SAS message suggests. Weird! The SAS message appeared as soon as I started scanning a a single file I d/l from a trustworthy web site. (I always scan every file I d/l, even if it's from Microsoft, Google, etc). False positive or real threat? I don't want to quarantine a critical Registry setting... SAS? Anyone? SFdude Win XP/SP3. SAS v4.36.1006 / MBAM / AVAST (all free, updated, latest versions)