Amethyst Posted August 13, 2013 This is the log: SUPERAntiSpyware Scan Log https://www.superantispyware.com Generated 08/12/2013 at 08:47 PM Application Version : 5.6.1020 Core Rules Database Version : 10685 Trace Rules Database Version: 8497 Scan type : Quick Scan Total Scan Time : 00:08:56 Operating System Information Windows 7 Starter 32-bit, Service Pack 1 (Build 6.01.7601) UAC On - Limited User Memory items scanned : 736 Memory threats detected : 0 Registry items scanned : 30330 Registry threats detected : 1 File items scanned : 8334 File threats detected : 0 Malware.Trace HKU\S-1-5-21-282550803-664611072-3898706625-1000\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON#SHELL I had installed the Oceanus Change Background program from the first download button at this link: http://www.sevenforums.com/tutorials/47294-desktop-background-wallpaper-change-windows-7-starter.html I scanned the executable with SuperAntispyware, Malwarebytes, and my ESET Smart Security before running it. Also had it scanned at VirusTotal.com. Since that time, SuperAntispyware free has been giving me the above result. I looked at the registry and see there is an entry in the WinLogonShell on the right side to a file in C:\\Program Files\Oceanus\SystemSettings\WallpaperAgent.exe. I believe this is the registry change that SuperAntispyware is objecting to. I have uploaded WallpaperAgent.exe to VirusTotal.com and it scans clean. I submitted a False Positive report to SuperAntispyware from within the program about 3 days ago and have heard nothing back. The scan continues to report this as malware. The VirusTotal report is here: https://www.virustotal.com/en/file/5ab9fd8a4de15af60d8a0ef18b7f54e461bbd07565713fef89b4bdf7c6fa701f/analysis/1376362301/ Edited to add link to the VirusTotal report on the original executable that I downloaded to install the software: https://www.virustotal.com/en/file/6eea0ef951982ee0d1a27af87dc0c94bd449a471bd75b783d1271574328e33d2/analysis/1376019876/ Share this post Link to post Share on other sites
Amethyst Posted August 16, 2013 So....any response to this? Share this post Link to post Share on other sites
GuiltySpark Posted August 16, 2013 Hi Amethyst, Can you update your SAS version and definitions then try the scan again please. Share this post Link to post Share on other sites
Amethyst Posted August 16, 2013 I updated, am just running the scan again. So far, I still see the same detection there. Is this a case of SAS just not liking a reference to an .exe file in the Winlogon Shell? I had run a scan with SAS a day or so prior to installing the Oceanis software and there were no detections then. I am assuming it is the Oceanis software that SAS is taking issue with, although I did install other items as well. (Western Digital backup software, Kindle for Windows, and Sony Library.) I don't know if any of these would have made some change in this area of the registry that SAS didn't like, but I've had Kindle and Sony on an XP laptop for and the Western Digital software on an XP desktop for years, and SAS never had an issue with them. I filed a false positive report with my email address. I haven't heard from support, am wondering why not. Share this post Link to post Share on other sites
