Jump to content
Sign in to follow this  
Amethyst

Registry item, "Malware Trace"

Recommended Posts

This is the log:

 

 

SUPERAntiSpyware Scan Log
 
Generated 08/12/2013 at 08:47 PM
 
Application Version : 5.6.1020
 
Core Rules Database Version : 10685
Trace Rules Database Version: 8497
 
Scan type       : Quick Scan
Total Scan Time : 00:08:56
 
Operating System Information
Windows 7 Starter 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User
 
Memory items scanned      : 736
Memory threats detected   : 0
Registry items scanned    : 30330
Registry threats detected : 1
File items scanned        : 8334
File threats detected     : 0
 
Malware.Trace
HKU\S-1-5-21-282550803-664611072-3898706625-1000\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON#SHELL
 
 
I had installed the Oceanus Change Background program from the first download button at this link:
 
http://www.sevenforums.com/tutorials/47294-desktop-background-wallpaper-change-windows-7-starter.html
 
I scanned the executable with SuperAntispyware, Malwarebytes, and my ESET Smart Security before running it.  Also had it scanned at VirusTotal.com.
 
Since that time, SuperAntispyware free has been giving me the above result.  I looked at the registry and see there is an entry in the WinLogonShell on the right side to a file in C:\\Program Files\Oceanus\SystemSettings\WallpaperAgent.exe.  I believe this is the registry change that SuperAntispyware is objecting to.  I have uploaded WallpaperAgent.exe to VirusTotal.com and it scans clean.  I submitted a False Positive report to SuperAntispyware from within the program about 3 days ago and have heard nothing back.  The scan continues to report this as malware.  
 
The VirusTotal report is here:
 
Edited to add link to the VirusTotal report on the original executable that I downloaded to install the software:
 

Share this post


Link to post
Share on other sites

I updated, am just running the scan again.  So far, I still see the same detection there.  Is this a case of SAS just not liking a reference to an .exe file in the Winlogon Shell?  I had run a scan with SAS a day or so prior to installing the Oceanis software and there were no detections then.  I am assuming it is the Oceanis software that SAS is taking issue with, although I did install other items as well. (Western Digital backup software, Kindle for Windows, and Sony Library.)  I don't know if any of these would have made some change in this area of the registry that SAS didn't like, but I've had Kindle and Sony on an XP laptop  for and the Western Digital software on an XP desktop for years, and SAS never had an issue with them.   

 

I filed a false positive report with my email address.  I haven't heard from support, am wondering why not.  

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×