Jump to content
CChamp

How To Know A False/Positive?

Recommended Posts

Hi all, new to SAS and these forums. I have heard a lot about False/Positives but was wondering how you can tell one from a real threat. I installed the latest version of SAS yesterday and it came up with a few things that it said needed to be deleted. I quarantined them but was wondering what they are and if they were real threats. This is the log that it gave me. Thanks in advance, CC

Generated 04/19/2011 at 09:36 AM

Application Version : 5.0.1076

Core Rules Database Version : 6869

Trace Rules Database Version: 4681

Scan type : Quick Scan

Total Scan Time : 00:06:53

Operating System Information

Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)

UAC On - Limited User

Memory items scanned : 656

Memory threats detected : 0

Registry items scanned : 60113

Registry threats detected : 12

File items scanned : 10435

File threats detected : 1

Adware.URLBlaze

(x86) HKCR\CLSID\{CE7C3CF0-4B15-11D1-ABED-709549C10000}

(x86) HKCR\CLSID\{CE7C3CF0-4B15-11D1-ABED-709549C10000}\InprocServer32

(x86) HKCR\CLSID\{CE7C3CF0-4B15-11D1-ABED-709549C10000}\InprocServer32#ThreadingModel

(x86) HKCR\CLSID\{CE7C3CF0-4B15-11D1-ABED-709549C10000}\ProgID

(x86) HKCR\CLSID\{CE7C3CF0-4B15-11D1-ABED-709549C10000}\Programmable

(x86) HKCR\CLSID\{CE7C3CF0-4B15-11D1-ABED-709549C10000}\VersionIndependentProgID

(x86) HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CE7C3CF0-4B15-11D1-ABED-709549C10000}

(x86) HKCR\CLSID\{CE7C3CF0-4B15-11D1-ABED-709549C10000}

(x86) HKCR\IEHlprObj.IEHlprObj.1

(x86) HKCR\IEHlprObj.IEHlprObj.1\CLSID

(x86) HKCR\IEHlprObj.IEHlprObj

(x86) HKCR\IEHlprObj.IEHlprObj\CurVer

C:\PROGRAM FILES\LOTUS\ORGANIZE\IEHELPER.DLL

Share this post


Link to post
Share on other sites

Welcome to the SAS forum.

Sometimes it can be hard to identify malware just by the file name. Reason being, some malware will look like a legit file.

The following is a website in which you can upload a file for examination using numerous antimalware programs (including SAS).

http://www.virustotal.com/

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

×