Jump to content
Bradley Jensen

Possible False Positive? I'm unsure!

Recommended Posts

Hello,

I have recently been getting a strange popup on my fully patched Win XP Pro, SP3 box.

I would like you to see the .jpg file (snapshot) of this popup and the .jpg (snapshot) of what SAS free reports back.

However, try as I might to upload it into this post, I can't.

Could you please help? Your server will not let me do it.

Thanks. :)

Share this post


Link to post
Share on other sites

Hi.

Thanks for Jing!

Here is the popup that I am receiving multiple times per day in the center of my screen. The timing is totally upredictable.

See... http://screencast.com/t/1KlPUuG1hJM

Now after updating SAS (Free) to the lastest definitions, here is the report after a quick scan.

See... http://screencast.com/t/kDasjN8EK

I have worked with Bleeping Computer for some time in trying to determine if this popup is a real system error or a SAS False Positive. What I find interesting is that the file in question, AReset.exe, is the filename which appears in the popup. I think that it might come from Java (which I cleanly uninstalled and reinstalled with the latest revision,) yet I am still unsure. When SAS (Free) attempts to clean (or correct the file) Windows boots almost to the sign-in screen then reboots again. The only way to have the system boot normally is to use the "Last Known Good Configuration," which of course, works fine until the popup appears again.

Here is a URL to the thread I created on Bleeping Computer for your review. We went though many procedures and softwares that they have to validate a threat. In the end, they said to contact SAS, as it *could* be a FP. BTW, NIS 2012 and MBAM do not pick it up.

See... http://www.bleepingc...opic466484.html

FYI - My friends XP, SP3 laptop also has an AReset.exe file which does not cause any problem (different filesize, though.)

What do you think?

Bradley :)

Share this post


Link to post
Share on other sites

Hi.

AReset.exe picked up under quick Safe mode scan. Submitted to SAS as a possible FP with my notes.

I hope to get an email from them soon. Will reply back when I have an answer. Thanks.

Bradley :)

P.S. The popup does show in the Event Viewer under XP but doesn't tell me what program produced it. Any ideas for trapping that?

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

×
×
  • Create New...