Jump to content
Bio-Hazard

Rogue.MalWarrior HKCR\TacOnlyOne

Recommended Posts

Could this be a false positive?

Rogue.MalWarrior HKCR\TacOnlyOne

This is also being picked up on my computer, the same reg key:

If I open Regedit and find the key this is the information:

HKEY_CLASSES_ROOT\TacOnlyOne

it is named 'ab (Default)'

the Type is 'REG_SZ'

the Data is 'value not set'

I have reported this as a ?possible? false positive via SAS GUI.

SAS first picked it up on my computer on 27/02/08...the same key details. At that time I chose to quarantine it, where it still remains. So it appears that the key is being recreated.

If I Google for 'MalWarrior' I come up with this:

http://www.spywareremove.com/removeMalWarrior.html

MalWarrior is a fake anti-spyware program that is often downloaded and installed without user knowledge or consent by a Trojan or through browser security holes. MalWarrior launches on Windows startup and may generate large numbers of popup adverts. MalWarrior will also display notifications of imaginary security risks in its attempts to get the user to purchase the full version.

...and that there are processes files relating to MalWarrior: Install1.exe and MWLauncher.exe

I cannot find either of these files.

I have scannned with SAS Pro, AVG Free, A Squared, TH, NOD 3., OA, Prevx 2.0. All fully updated. These find nothing to do with MalWarrior, but maybe SAS knows more?

Is any more info is required to identify this ?possible? false/or not positive?

I am interested to know the outcome.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

×
×
  • Create New...