Jump to content

Archived

This topic is now archived and is closed to further replies.

sparkym5

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32

By sparkym5, in General Questions

Recommended Posts

sparkym5   

sparkym5
Posted

Hello, this is my first post on your forum, I have just used superantispyware for the first time, and after doing a full computer scan these items were detected and I have not got a clue whether they are safe to leave or not.

I've checked the with the Details Explained Feature but that only says:

Detected Item Description and Information

Listed below is basic information about the detected application/process. This application may not be safe to have on your system.

Summary : Unclassified.Oreans32

Company : Unknown/Varies

Description : Unclassified.Oreans32 may be used for legitimate applications, but also for spyware - if you have this on your system, and you have another spyware infection, this is likley bad.

Threat Level (1-10) : 5

Processes :

CLSID List :

Below is my SUPERAntiSpyware Scan Log:

SUPERAntiSpyware Scan Log

https://www.superantispyware.com

Generated 12/10/2007 at 06:34 PM

Application Version : 3.9.1008

Core Rules Database Version : 3358

Trace Rules Database Version: 1357

Scan type : Complete Scan

Total Scan Time : 00:24:17

Memory items scanned : 410

Memory threats detected : 0

Registry items scanned : 6189

Registry threats detected : 24

File items scanned : 28678

File threats detected : 1

Adware.Tracking Cookie

C:\Documents and Settings\Sparky\Cookies\sparky@stats.powergen.co[1].txt

Unclassified.Oreans32

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32#NextInstance

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Service

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Legacy

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#ConfigFlags

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Class

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#ClassGUID

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#DeviceDesc

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Capabilities

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000\Control

HKLM\SYSTEM\CurrentControlSet\Services\oreans32

HKLM\SYSTEM\CurrentControlSet\Services\oreans32#Type

HKLM\SYSTEM\CurrentControlSet\Services\oreans32#Start

HKLM\SYSTEM\CurrentControlSet\Services\oreans32#ErrorControl

HKLM\SYSTEM\CurrentControlSet\Services\oreans32#ImagePath

HKLM\SYSTEM\CurrentControlSet\Services\oreans32#DisplayName

HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Security

HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Security#Security

HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum

HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#0

HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#Count

HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#NextInstance

HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#INITSTARTFAILED

Any help would be much apprieciated, Thankyou in advance.

Share this post

Link to post
Share on other sites

fatdcuk   

fatdcuk
Posted

Going by the info your log has provided in the alert,in your case the present of Oreans RK is not malware related because there is no other malware showing n your log.

The Rootkit is used both by legitimate software(IRC something to do with antipiracy/DRM)and has also been seen in the wild being imported with malware infections in the past.

Share this post

Link to post
Share on other sites

sparkym5   

sparkym5
Posted
Going by the info your log has provided in the alert,in your case the present of Oreans RK is not malware related because there is no other malware showing n your log.

The Rootkit is used both by legitimate software(IRC something to do with antipiracy/DRM)and has also been seen in the wild being imported with malware infections in the past.

Thankyou for the quick reply fatdcuk, can I then add these items using the Trust/Allow Items to be allowed for future scans.

Regards sparky.

Share this post

Link to post
Share on other sites

fatdcuk   

fatdcuk
Posted
Yeah i would add the to trust/allow :)
Does this apply to the tracking cookie as well, thanks.

No,nuke the cookie :lol:

Share this post

Link to post
Share on other sites

nosirrah   

nosirrah
Posted

Damn Ade , how many times have we seen this driver now ?

This is one of those files that is neither bad nor good , it depends of the files that use it .

That being said I have seen it used by malware often but never in a legit app (although I did read up on its legit use) .

Share this post

Link to post
Share on other sites
Go To Topic Listing
×
×
  • Create New...