Jump to content
bobbyc

2 Vundo/Variants in seperate Scans - False Positives?

Recommended Posts

this afternoon, SAS found and quarantined the following -

Adware.Vundo/Variant-MSFake

C:\PROGRAM FILES\MICROSOFT WORKS\LNCHTOUR.EXE

I am wondering if this really is a Trojan, or a False Positive?

I just rebooted (dell mini 9, XP Home) and as always I clicked the SAS Update button. It did download a new Update, and I then scanned again. Jackpot, another Vundo/Variant. here's the Log if it helps any.

SUPERAntiSpyware Scan Log

https://www.superantispyware.com

Generated 01/22/2009 at 12:50 PM

Application Version : 4.25.1012

Core Rules Database Version : 3722

Trace Rules Database Version: 1696

Scan type : Complete Scan

Total Scan Time : 00:20:47

Memory items scanned : 375

Memory threats detected : 0

Registry items scanned : 4186

Registry threats detected : 0

File items scanned : 10894

File threats detected : 1

Adware.Vundo/Variant-MSFake

C:\SYSTEM VOLUME INFORMATION\_RESTORE{3DDB9746-F6E5-42F3-AF98-CCEEC78C2E8C}\RP13\A0007601.EXE

Share this post


Link to post
Share on other sites
We are looking into it.

Thank You. I have both files in SAS quarantine, where they will stay until I hear from you.

Share this post


Link to post
Share on other sites

Same problem for me, and it has been mentioned on other forums today. Therefore, 2 remarks :

1) it's recent ;

2) it's only detected by SAS (I scanned my pc with malwarebytes, gmer, prevx edge and outpost, and they didn't detect anything), as I read everywhere.

My browser is always sandboxed, so normally I shouldn't get infected. It might be a false positive.

Share this post


Link to post
Share on other sites

I also got a recent one called "Adware.Vundo Variant"

C:\WINDOWS\SYSTEM32\DLLCACHE\MST120.DLL

Share this post


Link to post
Share on other sites

Apparently Adware.Vundo/Variant-MSFake was a false positive. After updating SAS pro I restored the quarantined files and launched a scan again. It didn't detect anything, so I guess the update corrected the overzealous detection.

Share this post


Link to post
Share on other sites

I got this too. When I removed Kompozer-portable from my sandisk usb flash drive connected to my computer, it went away. I haven't used this usb flash anywhere, *but* my computer and kompozer-portable is a trustworthy piece of software, part of portableapps which has never done me wrong. I'm also pretty careful about keeping my computer clean. I think, with me, it could be a false positive connected to kompozer-portable?

Share this post


Link to post
Share on other sites

Superantispy : Any news on the possible False Positives situation?

I would like to stay on top of this, as I oversee quite a few Family and Friends computers. I am always the first to update Programs on my two computers; before I advise F&F to update, I generally wait a couple of weeks.

btw: Since my original possible problem, I've run numerous scans using SAS version 4.25.1012 (at present, I am at Core 3734 and Trace 1703) , and I have not had any unlikely files identified as malware.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...