Jump to content
Sign in to follow this  
sandybeach

Possible False Positive? Rootkit.ITGRD ENGINE

Recommended Posts

Hi! New Member, 1ST post. SAS current v.4.26.1006 current defs.

For first time in several months & versions, SAS popped : Rootkit.ITGRD ENGINE in an 8 year old file which it has scanned at least a dozen times before without a finding anything. :? This is an old version 1 of Broderbund Family Tree Maker.

The program WAS accessed by "other user" 1 day before SAS scan. Found in:

1) F:\Program Files\Broderbund\cie2000\sapisupp.dll

2) " " \new folder\Broderbund\cie2000\sapisupp.dll

I have successfully quarantined both items but am suspicious as the program is v.1 which came with 1 spyware which Spybot took out upon original install and has been fine ever since. v.2 (2005 or 6? ) has more & more complicated spyware so have refused install of the newer version as banking is done on this machine.

I suppose last contact might have put this in :shock: BUT it hasn't tried in last 7 years & I would have expected my current AVIRA Anti-Vir to have caught it if it did try :shock:. What think Ye o Wizards of Sleuth? Thanks Sandy. :D

Share this post


Link to post
Share on other sites

One further question/ confirmation after reading instructions:

"The item must be detected during the scan, not in quarantine."

So I should restore these files to original location from quarantine first :?:

Sorry but I have never had to submit such for any program in the past so want to do it right! Thanks! Sandy :mrgreen:

Share this post


Link to post
Share on other sites

Hi Again!!

After updating to todays definitions & restoring the 2 suspect items & doing "complete scan" of both drives,

SAS no longer pops the 2 items. It did find my 2 trojan simulators from Misec (Trojan Hunter) which I keep to re-assure myself that A/S programs are scanning effectively. :mrgreen: So I conclude that all is now well!! All other scans are also clean.Thanks for your time & attention !

Sandy :D

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×
×
  • Create New...