Jump to content
sparkym5

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32

Recommended Posts

Hello, this is my first post on your forum, I have just used superantispyware for the first time, and after doing a full computer scan these items were detected and I have not got a clue whether they are safe to leave or not.

I've checked the with the Details Explained Feature but that only says:

Detected Item Description and Information

Listed below is basic information about the detected application/process. This application may not be safe to have on your system.

Summary : Unclassified.Oreans32

Company : Unknown/Varies

Description : Unclassified.Oreans32 may be used for legitimate applications, but also for spyware - if you have this on your system, and you have another spyware infection, this is likley bad.

Threat Level (1-10) : 5

Processes :

CLSID List :

Below is my SUPERAntiSpyware Scan Log:

SUPERAntiSpyware Scan Log

https://www.superantispyware.com

Generated 12/10/2007 at 06:34 PM

Application Version : 3.9.1008

Core Rules Database Version : 3358

Trace Rules Database Version: 1357

Scan type : Complete Scan

Total Scan Time : 00:24:17

Memory items scanned : 410

Memory threats detected : 0

Registry items scanned : 6189

Registry threats detected : 24

File items scanned : 28678

File threats detected : 1

Adware.Tracking Cookie

C:\Documents and Settings\Sparky\Cookies\sparky@stats.powergen.co[1].txt

Unclassified.Oreans32

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32#NextInstance

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Service

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Legacy

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#ConfigFlags

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Class

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#ClassGUID

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#DeviceDesc

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Capabilities

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000\Control

HKLM\SYSTEM\CurrentControlSet\Services\oreans32

HKLM\SYSTEM\CurrentControlSet\Services\oreans32#Type

HKLM\SYSTEM\CurrentControlSet\Services\oreans32#Start

HKLM\SYSTEM\CurrentControlSet\Services\oreans32#ErrorControl

HKLM\SYSTEM\CurrentControlSet\Services\oreans32#ImagePath

HKLM\SYSTEM\CurrentControlSet\Services\oreans32#DisplayName

HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Security

HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Security#Security

HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum

HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#0

HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#Count

HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#NextInstance

HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#INITSTARTFAILED

Any help would be much apprieciated, Thankyou in advance.

Share this post


Link to post
Share on other sites

Going by the info your log has provided in the alert,in your case the present of Oreans RK is not malware related because there is no other malware showing n your log.

The Rootkit is used both by legitimate software(IRC something to do with antipiracy/DRM)and has also been seen in the wild being imported with malware infections in the past.

Share this post


Link to post
Share on other sites
Going by the info your log has provided in the alert,in your case the present of Oreans RK is not malware related because there is no other malware showing n your log.

The Rootkit is used both by legitimate software(IRC something to do with antipiracy/DRM)and has also been seen in the wild being imported with malware infections in the past.

Thankyou for the quick reply fatdcuk, can I then add these items using the Trust/Allow Items to be allowed for future scans.

Regards sparky.

Share this post


Link to post
Share on other sites
Yeah i would add the to trust/allow :)
Does this apply to the tracking cookie as well, thanks.

No,nuke the cookie :lol:

Share this post


Link to post
Share on other sites

Damn Ade , how many times have we seen this driver now ?

This is one of those files that is neither bad nor good , it depends of the files that use it .

That being said I have seen it used by malware often but never in a legit app (although I did read up on its legit use) .

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...