bobbyc Posted January 22, 2009 this afternoon, SAS found and quarantined the following - Adware.Vundo/Variant-MSFake C:\PROGRAM FILES\MICROSOFT WORKS\LNCHTOUR.EXE I am wondering if this really is a Trojan, or a False Positive? I just rebooted (dell mini 9, XP Home) and as always I clicked the SAS Update button. It did download a new Update, and I then scanned again. Jackpot, another Vundo/Variant. here's the Log if it helps any. SUPERAntiSpyware Scan Log https://www.superantispyware.com Generated 01/22/2009 at 12:50 PM Application Version : 4.25.1012 Core Rules Database Version : 3722 Trace Rules Database Version: 1696 Scan type : Complete Scan Total Scan Time : 00:20:47 Memory items scanned : 375 Memory threats detected : 0 Registry items scanned : 4186 Registry threats detected : 0 File items scanned : 10894 File threats detected : 1 Adware.Vundo/Variant-MSFake C:\SYSTEM VOLUME INFORMATION\_RESTORE{3DDB9746-F6E5-42F3-AF98-CCEEC78C2E8C}\RP13\A0007601.EXE Share this post Link to post Share on other sites
SUPERAntiSpy Posted January 22, 2009 We are looking into it. Share this post Link to post Share on other sites
bobbyc Posted January 22, 2009 We are looking into it. Thank You. I have both files in SAS quarantine, where they will stay until I hear from you. Share this post Link to post Share on other sites
BrendanAdams Posted January 23, 2009 Same problem for me, and it has been mentioned on other forums today. Therefore, 2 remarks : 1) it's recent ; 2) it's only detected by SAS (I scanned my pc with malwarebytes, gmer, prevx edge and outpost, and they didn't detect anything), as I read everywhere. My browser is always sandboxed, so normally I shouldn't get infected. It might be a false positive. Share this post Link to post Share on other sites
h2eau Posted January 23, 2009 I also got a recent one called "Adware.Vundo Variant" C:\WINDOWS\SYSTEM32\DLLCACHE\MST120.DLL Share this post Link to post Share on other sites
BrendanAdams Posted January 23, 2009 Apparently Adware.Vundo/Variant-MSFake was a false positive. After updating SAS pro I restored the quarantined files and launched a scan again. It didn't detect anything, so I guess the update corrected the overzealous detection. Share this post Link to post Share on other sites
dar Posted January 23, 2009 I got this too. When I removed Kompozer-portable from my sandisk usb flash drive connected to my computer, it went away. I haven't used this usb flash anywhere, *but* my computer and kompozer-portable is a trustworthy piece of software, part of portableapps which has never done me wrong. I'm also pretty careful about keeping my computer clean. I think, with me, it could be a false positive connected to kompozer-portable? Share this post Link to post Share on other sites
bobbyc Posted January 29, 2009 Superantispy : Any news on the possible False Positives situation? I would like to stay on top of this, as I oversee quite a few Family and Friends computers. I am always the first to update Programs on my two computers; before I advise F&F to update, I generally wait a couple of weeks. btw: Since my original possible problem, I've run numerous scans using SAS version 4.25.1012 (at present, I am at Core 3734 and Trace 1703) , and I have not had any unlikely files identified as malware. Share this post Link to post Share on other sites