Mr Yoda Report post Posted June 19, 2007 Hi everyone. I downloaded the free version of SuperAntiSpyware. When I ran a scan it found a number of threats that i've never heard of (Oreans32). I've not yet quarantined them because i'm not sure whether they're legitimate or not. Could anybody help? I've included the log file so any help would be great. SUPERAntiSpyware Scan Log https://www.superantispyware.com Generated 06/17/2007 at 08:04 PM Application Version : 3.8.1002 Core Rules Database Version : 3256 Trace Rules Database Version: 1267 Scan type : Complete Scan Total Scan Time : 01:02:00 Memory items scanned : 509 Memory threats detected : 0 Registry items scanned : 6874 Registry threats detected : 27 File items scanned : 60119 File threats detected : 1 Unclassified.Oreans32 HKLM\System\ControlSet001\Services\oreans32 C:\WINDOWS\SYSTEM32\DRIVERS\OREANS32.SYS HKLM\System\ControlSet003\Services\oreans32 HKLM\System\CurrentControlSet\Services\oreans32 HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32 HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32#NextInstance HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000 HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Service HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Legacy HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#ConfigFlags HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Class HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#ClassGUID HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#DeviceDesc HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Capabilities HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000\LogConf HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000\Control HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000\Control#Active Service HKLM\SYSTEM\CurrentControlSet\Services\oreans32#Type HKLM\SYSTEM\CurrentControlSet\Services\oreans32#Start HKLM\SYSTEM\CurrentControlSet\Services\oreans32#ErrorControl HKLM\SYSTEM\CurrentControlSet\Services\oreans32#ImagePath HKLM\SYSTEM\CurrentControlSet\Services\oreans32#DisplayName HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Security HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Security#Security HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#0 HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#Count HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#NextInstance Share this post Link to post Share on other sites
sunniebear Report post Posted June 20, 2007 Hi Mr. Yoda. I am not into games and don't know anything about them but knew I had seen something on oceans32 not that long ago on the Kaspersky forum, managed to find the thread again http://forum.kaspersky.com/index.php?showtopic=40348 Share this post Link to post Share on other sites
fatdcuk Report post Posted June 20, 2007 Just to add that although oceans32 is used for games protection it also has been utlilized in the past by malware to cloak its presence hence why it is detected. I personally do not hold with the OP's instruction at the kaspersky forum where as to place the detection into the *trusted* folder. Since if removing/quarantining the RK dose not break the game then there is no point in having the RK loaded at all Share this post Link to post Share on other sites
Mr Yoda Report post Posted June 22, 2007 Just to add that although oceans32 is used for games protection it also has been utlilized in the past by malware to cloak its presence hence why it is detected. I personally do not hold with the OP's instruction at the kaspersky forum where as to place the detection into the *trusted* folder. Since if removing/quarantining the RK dose not break the game then there is no point in having the RK loaded at all When you same "game" what game do you actually mean? The only games on the PC are The Sims, Age of Empires and The Settlers. My girlfriend plays The Sims, if I remove them is this likely to cause problems to it? Share this post Link to post Share on other sites
fatdcuk Report post Posted June 22, 2007 Just to add that although oceans32 is used for games protection it also has been utlilized in the past by malware to cloak its presence hence why it is detected. I personally do not hold with the OP's instruction at the kaspersky forum where as to place the detection into the *trusted* folder. Since if removing/quarantining the RK dose not break the game then there is no point in having the RK loaded at all When you same "game" what game do you actually mean? The only games on the PC are The Sims, Age of Empires and The Settlers. My girlfriend plays The Sims, if I remove them is this likely to cause problems to it? Hi I'm not sure which games are commonly using Oceans32... Are any of the games misbehaving since you have already quarantined the detections which has effectively removed the rootkit If they are then you can restore the quarantined objects or if all is well then keep them in jail(where they can do no harm ). Items in quarantine are no longer active/loaded yet can be restored if an error has been made.Think of it as a saftey checkpoint(halfway house) for removals Share this post Link to post Share on other sites
