archie Posted November 16, 2011 SAS detected as serious issues with NFSHS.exe and total of 5 critical errors. This is a game called Need for Speed High Stakes by Electronic Arts. There has not been any indications of malicious activity. No browser issues, no problems with banking, no signs of password theft, and no hijacked windows xp IE8 settings. Everything looks to be operating normal. Scan log: SUPERAntiSpyware Scan Log https://www.superantispyware.com Generated 11/16/2011 at 11:44 AM Application Version : 5.0.1136 Core Rules Database Version : 7948 Trace Rules Database Version: 5760 Scan type : Quick Scan Total Scan Time : 00:04:10 Operating System Information Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600) Administrator Memory items scanned : 327 Memory threats detected : 0 Registry items scanned : 31038 Registry threats detected : 2 File items scanned : 5999 File threats detected : 3 Trojan.Agent/Gen-Autoit C:\PROGRAM FILES\ELECTRONIC ARTS\NEED FOR SPEED HIGH STAKES\NFSHS.EXE HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\nfsHs.exe HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\nfsHs.exe#Path C:\DOCUMENTS AND SETTINGS\DOYLE\DESKTOP\NEED FOR SPEED HIGH STAKES.LNK C:\WINDOWS\Prefetch\NFSHS.EXE-2C0AF8F2.pf The exectuable is a no-cd modification. This does not make it malicious. Please update your definitions to exclude this false positive Thanks, archie. Share this post Link to post Share on other sites
SASJoe Posted November 17, 2011 Hi Archie, Thank you for reporting this to us. In order to review the file we need you to use our in-application 'Report as False Positive' button (located next to the results window immediately following a scan). This will send us all the vital file info we need so that we can make a ruling, and then exclude the file if it is indeed a false positive. Unless you use this Report button then we will not be able to reproduce the detection or be able to know exactly what file (you say it's modified?) you have there that is causing the detection. Thanks so much Archie, we really appreciate your help reporting False Positives! Share this post Link to post Share on other sites