Jump to content
renfield

Confused about registry threats found by SAS

Recommended Posts

This is my first post here, and I hope it's in the right place.

I run WinXP Home SP2. I started using SAS free 4.25.0.1012 last week at someone else's suggestion. I've kept everything updated.

I already run Ad-Aware, Spybot, Spyware Terminator, MalwareBytes, Spyware Blaster, Spyware Guard, PC Tools Anti-Virus and Zone Alarm.

Beginning with my first scan, SAS has identified the following registry items as threats:

HKCR\Install.Install

HKCR\Install.Install\CLSID

HKCR\Install.Install\CurVer

HKCR\Install.Install.1

HKCR\Install.Install.1\CLSID

I've spent hours searching the Internet -- including SAS forums -- for more info on these entries. I've been unable to find anything that identifies them as harmful.

In fact, I've seen many SAS logs containing these entries posted in other tech forums. The logs have either been pronounced clean or, when other malware has been present, the entries haven't been addressed as threats.

None of my other anti-spyware/anti-virus programs has identified any of these entries. Further, I've done a registry search via regedit, and the entries haven't even been found.

As a result, I don't have sufficient info to make a decision about what to do. I'm very cautious about tampering with the registry, so up until now I've left them alone.

Could these be false positives? If so, can someone tell me what they represent and what purpose they serve? If not, is it safe to get rid of them? Thanks!

Share this post


Link to post
Share on other sites

It's occurred to me that maybe I should have posted my latest scan log, so here it is. Thanks.

SUPERAntiSpyware Scan Log

https://www.superantispyware.com

Generated 02/15/2009 at 07:50 PM

Application Version : 4.25.1012

Core Rules Database Version : 3759

Trace Rules Database Version: 1722

Scan type : Complete Scan

Total Scan Time : 02:08:56

Memory items scanned : 407

Memory threats detected : 0

Registry items scanned : 4268

Registry threats detected : 5

File items scanned : 256886

File threats detected : 0

Registry Cleaner Trial

HKCR\Install.Install

HKCR\Install.Install\CLSID

HKCR\Install.Install\CurVer

HKCR\Install.Install.1

HKCR\Install.Install.1\CLSID

Share this post


Link to post
Share on other sites

I can't say definitively that they don't exist, but I can say I've been unable to find them either by searching the registry or exploring the registry manually. Is there any other way of checking?

If it turns out they really aren't there, how did SAS find them?

Share this post


Link to post
Share on other sites
Could someone please respond, or should I just presume that no one is going to help?

If they don't exist, we wouldn't detect them - have you scanned in Safe Mode to see what is detected?

Share this post


Link to post
Share on other sites
Could someone please respond, or should I just presume that no one is going to help?

If they don't exist, we wouldn't detect them - have you scanned in Safe Mode to see what is detected?

Sorry -- I solved the problem and forgot to post about it here. A belated thanks for the response.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

×
×
  • Create New...