Jump to content
Sign in to follow this  
aardvark_65

Explain detected item

Recommended Posts

Hi, I've just installed SuperAntiSpyware free edition 4.48.1000. I did a complete scan while using Safe Mode of Win XP Pro SP3, and it detected a few things. I clicked on "explain detected item", but found I needed an internet connection, which I didn't have at the time. I rebooted into "normal" mode and restarted SuperAntiSpyware, but I couldn't find a way to "call up" the results of the previous scan so I could look at "explain detected item". I didn't quarantine any of the detected items.

Is there any way to do this, i.e. get some details about the results of a previous scan, without having to redo the scan?

Or alternatively, what is the web address of where "explain detected item" gets its information from? I had a look around www.superantispyware.com but couldn't find it.

I did a general Google search on one of the detected items, but got confusing results - some results said it was legitimate software, others said it was a virus/trojan/whatever

Share this post


Link to post
Share on other sites
Is there any way to do this, i.e. get some details about the results of a previous scan, without having to redo the scan?

No, there is not. The scan log is stored in .txt format with no active links. You will need to perform a rescan.

You could also post the scan log back here and let us take a look at it to see what files are being flagged as malicious.

Share this post


Link to post
Share on other sites

You could also post the scan log back here and let us take a look at it to see what files are being flagged as malicious.

Thanks. Log follows:

SUPERAntiSpyware Scan Log

https://www.superantispyware.com

Generated 02/07/2011 at 11:11 PM

Application Version : 4.48.1000

Core Rules Database Version : 6350

Trace Rules Database Version: 4162

Scan type : Complete Scan

Total Scan Time : 01:37:34

Memory items scanned : 226

Memory threats detected : 0

Registry items scanned : 8333

Registry threats detected : 29

File items scanned : 36074

File threats detected : 14

Application.Oreans32

HKLM\System\ControlSet001\Services\oreans32

C:\WINDOWS\SYSTEM32\DRIVERS\OREANS32.SYS

HKLM\System\ControlSet001\Enum\Root\LEGACY_oreans32

HKLM\System\ControlSet002\Services\oreans32

HKLM\System\ControlSet002\Enum\Root\LEGACY_oreans32

HKLM\System\CurrentControlSet\Services\oreans32

HKLM\System\CurrentControlSet\Enum\Root\LEGACY_oreans32

Unclassified.Oreans32

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32#NextInstance

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Service

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Legacy

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#ConfigFlags

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Class

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#ClassGUID

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#DeviceDesc

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Capabilities

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Driver

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000\LogConf

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000\Control

HKLM\SYSTEM\CurrentControlSet\Services\oreans32#Type

HKLM\SYSTEM\CurrentControlSet\Services\oreans32#Start

HKLM\SYSTEM\CurrentControlSet\Services\oreans32#ErrorControl

HKLM\SYSTEM\CurrentControlSet\Services\oreans32#ImagePath

HKLM\SYSTEM\CurrentControlSet\Services\oreans32#DisplayName

HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Security

HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Security#Security

HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum

HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#0

HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#Count

HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#NextInstance

Trojan.Agent/Gen-Krpytik

C:\486 BACKUPS\COMPAQ\C_DRIVE\UTILS\ICE411\ICFBMP.DLL

C:\486 BACKUPS\COMPAQ\C_DRIVE\UTILS\ICE411\ICFCUR.DLL

C:\486 BACKUPS\COMPAQ\C_DRIVE\UTILS\ICE411\ICFDLL.DLL

C:\486 BACKUPS\COMPAQ\C_DRIVE\UTILS\ICE411\ICFICO.DLL

C:\486 BACKUPS\COMPAQ\C_DRIVE\UTILS\ICE411\ICFIFF.DLL

C:\486 BACKUPS\COMPAQ\C_DRIVE\UTILS\ICE411\ICFMAC.DLL

C:\486 BACKUPS\COMPAQ\C_DRIVE\UTILS\ICE411\ICFOS2.DLL

C:\486 BACKUPS\COMPAQ\C_DRIVE\UTILS\ICE411\ICFWMF.DLL

C:\486 BACKUPS\COMPAQ\C_DRIVE\UTILS\ICE411\ICFXPM.DLL

C:\486 BACKUPS\COMPAQ\C_DRIVE\UTILS\ICE411\ICUBMAP.DLL

Trojan.Agent/Gen-Falcomp[Cont]

C:\486 BACKUPS\COMPAQ\C_DRIVE\WINDOWS\SYSTEM\ETEXCH32.DLL

Trojan.Agent/Gen-FakeAlert[Local]

C:\DATA\DOWNLOAD\DVD EDITORS\X\EXE\DVDISO\MUXMAN.EXE

C:\DATA\DOWNLOAD\TOUCH 2\X\BIN\SH.EXE

Share this post


Link to post
Share on other sites

I think that you have a series of False Positives. I recommend that you create a Customer Support Ticket and let the SAS gurus diagnose this. All the registry detections (Oreans32) look like False Positives. The only files that are possibly not False Positives are:

C:\486 BACKUPS\COMPAQ\C_DRIVE\UTILS\ICE411\ICFBMP.DLL

C:\486 BACKUPS\COMPAQ\C_DRIVE\UTILS\ICE411\ICFCUR.DLL

C:\486 BACKUPS\COMPAQ\C_DRIVE\UTILS\ICE411\ICFDLL.DLL

C:\486 BACKUPS\COMPAQ\C_DRIVE\UTILS\ICE411\ICFICO.DLL

C:\486 BACKUPS\COMPAQ\C_DRIVE\UTILS\ICE411\ICFIFF.DLL

C:\486 BACKUPS\COMPAQ\C_DRIVE\UTILS\ICE411\ICFMAC.DLL

C:\486 BACKUPS\COMPAQ\C_DRIVE\UTILS\ICE411\ICFOS2.DLL

C:\486 BACKUPS\COMPAQ\C_DRIVE\UTILS\ICE411\ICFWMF.DLL

C:\486 BACKUPS\COMPAQ\C_DRIVE\UTILS\ICE411\ICFXPM.DLL

C:\486 BACKUPS\COMPAQ\C_DRIVE\UTILS\ICE411\ICUBMAP.DLL

Below is the CSR link.

https://www.superantispyware.com/precreateticket.html

You could also run the detected files through VirusTotal and see what other scanners say about them.

http://www.virustotal.com/

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×