CChamp Posted April 20, 2011 Hi all, new to SAS and these forums. I have heard a lot about False/Positives but was wondering how you can tell one from a real threat. I installed the latest version of SAS yesterday and it came up with a few things that it said needed to be deleted. I quarantined them but was wondering what they are and if they were real threats. This is the log that it gave me. Thanks in advance, CC Generated 04/19/2011 at 09:36 AM Application Version : 5.0.1076 Core Rules Database Version : 6869 Trace Rules Database Version: 4681 Scan type : Quick Scan Total Scan Time : 00:06:53 Operating System Information Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601) UAC On - Limited User Memory items scanned : 656 Memory threats detected : 0 Registry items scanned : 60113 Registry threats detected : 12 File items scanned : 10435 File threats detected : 1 Adware.URLBlaze (x86) HKCR\CLSID\{CE7C3CF0-4B15-11D1-ABED-709549C10000} (x86) HKCR\CLSID\{CE7C3CF0-4B15-11D1-ABED-709549C10000}\InprocServer32 (x86) HKCR\CLSID\{CE7C3CF0-4B15-11D1-ABED-709549C10000}\InprocServer32#ThreadingModel (x86) HKCR\CLSID\{CE7C3CF0-4B15-11D1-ABED-709549C10000}\ProgID (x86) HKCR\CLSID\{CE7C3CF0-4B15-11D1-ABED-709549C10000}\Programmable (x86) HKCR\CLSID\{CE7C3CF0-4B15-11D1-ABED-709549C10000}\VersionIndependentProgID (x86) HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CE7C3CF0-4B15-11D1-ABED-709549C10000} (x86) HKCR\CLSID\{CE7C3CF0-4B15-11D1-ABED-709549C10000} (x86) HKCR\IEHlprObj.IEHlprObj.1 (x86) HKCR\IEHlprObj.IEHlprObj.1\CLSID (x86) HKCR\IEHlprObj.IEHlprObj (x86) HKCR\IEHlprObj.IEHlprObj\CurVer C:\PROGRAM FILES\LOTUS\ORGANIZE\IEHELPER.DLL Share this post Link to post Share on other sites
Seth Posted April 20, 2011 Welcome to the SAS forum. Sometimes it can be hard to identify malware just by the file name. Reason being, some malware will look like a legit file. The following is a website in which you can upload a file for examination using numerous antimalware programs (including SAS). http://www.virustotal.com/ Share this post Link to post Share on other sites