Jump to content
Sign in to follow this  
llau

too many false positives?

Recommended Posts

Hi there,

My computer is running Norton Internet Security, and I just did a scan and it found quite a few files it thought were trojans. I submitted a few to VirusTotal.com to check and the three I submitted were OK according to their results.

Here's my log file:

SUPERAntiSpyware Scan Log

https://www.superantispyware.com

Generated 01/03/2013 at 10:56 PM

Application Version : 5.6.1014

Core Rules Database Version : 9821

Trace Rules Database Version: 7633

Scan type : Complete Scan

Total Scan Time : 01:57:32

Operating System Information

Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)

Administrator

Memory items scanned : 747

Memory threats detected : 0

Registry items scanned : 39044

Registry threats detected : 1

File items scanned : 112189

File threats detected : 239

PUP.CNETInstaller

C:\DOCUMENTS AND SETTINGS\guest\MY DOCUMENTS\DOWNLOADS\CNET2_MONITORBRIGHT_ZIP.EXE

PUP.iBryte

C:\DOCUMENTS AND SETTINGS\guest\MY DOCUMENTS\DOWNLOADS\DOWNLOADMANAGER_SETUP (1).EXE

C:\DOCUMENTS AND SETTINGS\guest\MY DOCUMENTS\DOWNLOADS\DOWNLOADMANAGER_SETUP.EXE

Trojan.Agent/Gen-Trexer

C:\I386\SCHANNEL.DLL

C:\WINDOWS\$HF_MIG$\KB935840\SP2QFE\SCHANNEL.DLL

C:\WINDOWS\$NTSERVICEPACKUNINSTALL$\SCHANNEL.DLL

Trojan.Agent/Gen-Kazy[ico]

C:\PROGRAM FILES\MICROSOFT WORKS\1033\WKLNLNG.DLL

Adware.DirectDownloader

C:\RECYCLER\S-1-5-21-3271295672-706164286-3085662288-1006\DC1.EXE

C:\RECYCLER\S-1-5-21-3271295672-706164286-3085662288-1006\DC2.EXE

Trojan.Dropper/Win-NV

C:\WINDOWS\$HF_MIG$\KB896423\SP2QFE\SPOOLSV.EXE

C:\WINDOWS\$HF_MIG$\KB900725\SP2QFE\LINKINFO.DLL

C:\WINDOWS\$NTSERVICEPACKUNINSTALL$\LINKINFO.DLL

C:\WINDOWS\$NTSERVICEPACKUNINSTALL$\SPOOLSV.EXE

Can you tell me if any of these are not false positives?

Thanks very much,

V.

Share this post


Link to post
Share on other sites

Hi llau ,

I would definately get rid of :

CNET2_MONITORBRIGHT_ZIP.EXE

DOWNLOADMANAGER_SETUP (1).EXE

DOWNLOADMANAGER_SETUP.EXE

C:\RECYCLER\S-1-5-21-3271295672-706164286-3085662288-1006\DC1.EXE

C:\RECYCLER\S-1-5-21-3271295672-706164286-3085662288-1006\DC2.EXE

As for the others (win files).

You should wait for SAS to contact you, or you could try running MBAM in Safe mode.

If it detects the same/similar things (same pathway/file/folder(s)) then you may have to Disinfect them so as not to remove any critical files from the system.

Also try running SAS in Safe mode to see if results are similar.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×
×
  • Create New...