How To Know A False/Positive?

[CChamp]

Hi all, new to SAS and these forums. I have heard a lot about False/Positives but was wondering how you can tell one from a real threat. I installed the latest version of SAS yesterday and it came up with a few things that it said needed to be deleted. I quarantined them but was wondering what they are and if they were real threats. This is the log that it gave me. Thanks in advance, CC

Generated 04/19/2011 at 09:36 AM

Application Version : 5.0.1076

Core Rules Database Version : 6869

Trace Rules Database Version: 4681

Scan type : Quick Scan

Total Scan Time : 00:06:53

Operating System Information

Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)

UAC On - Limited User

Memory items scanned : 656

Memory threats detected : 0

Registry items scanned : 60113

Registry threats detected : 12

File items scanned : 10435

File threats detected : 1

Adware.URLBlaze

(x86) HKCR\CLSID\{CE7C3CF0-4B15-11D1-ABED-709549C10000}

(x86) HKCR\CLSID\{CE7C3CF0-4B15-11D1-ABED-709549C10000}\InprocServer32

(x86) HKCR\CLSID\{CE7C3CF0-4B15-11D1-ABED-709549C10000}\InprocServer32#ThreadingModel

(x86) HKCR\CLSID\{CE7C3CF0-4B15-11D1-ABED-709549C10000}\ProgID

(x86) HKCR\CLSID\{CE7C3CF0-4B15-11D1-ABED-709549C10000}\Programmable

(x86) HKCR\CLSID\{CE7C3CF0-4B15-11D1-ABED-709549C10000}\VersionIndependentProgID

(x86) HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CE7C3CF0-4B15-11D1-ABED-709549C10000}

(x86) HKCR\CLSID\{CE7C3CF0-4B15-11D1-ABED-709549C10000}

(x86) HKCR\IEHlprObj.IEHlprObj.1

(x86) HKCR\IEHlprObj.IEHlprObj.1\CLSID

(x86) HKCR\IEHlprObj.IEHlprObj

(x86) HKCR\IEHlprObj.IEHlprObj\CurVer

C:\PROGRAM FILES\LOTUS\ORGANIZE\IEHELPER.DLL

[Seth]

Welcome to the SAS forum.

Sometimes it can be hard to identify malware just by the file name. Reason being, some malware will look like a legit file.

The following is a website in which you can upload a file for examination using numerous antimalware programs (including SAS).

http://www.virustotal.com/