sparkym5 Posted December 10, 2007 Hello, this is my first post on your forum, I have just used superantispyware for the first time, and after doing a full computer scan these items were detected and I have not got a clue whether they are safe to leave or not. I've checked the with the Details Explained Feature but that only says: Detected Item Description and Information Listed below is basic information about the detected application/process. This application may not be safe to have on your system. Summary : Unclassified.Oreans32 Company : Unknown/Varies Description : Unclassified.Oreans32 may be used for legitimate applications, but also for spyware - if you have this on your system, and you have another spyware infection, this is likley bad. Threat Level (1-10) : 5 Processes : CLSID List : Below is my SUPERAntiSpyware Scan Log: SUPERAntiSpyware Scan Log https://www.superantispyware.com Generated 12/10/2007 at 06:34 PM Application Version : 3.9.1008 Core Rules Database Version : 3358 Trace Rules Database Version: 1357 Scan type : Complete Scan Total Scan Time : 00:24:17 Memory items scanned : 410 Memory threats detected : 0 Registry items scanned : 6189 Registry threats detected : 24 File items scanned : 28678 File threats detected : 1 Adware.Tracking Cookie C:\Documents and Settings\Sparky\Cookies\sparky@stats.powergen.co[1].txt Unclassified.Oreans32 HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32 HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32#NextInstance HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000 HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Service HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Legacy HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#ConfigFlags HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Class HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#ClassGUID HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#DeviceDesc HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Capabilities HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000\Control HKLM\SYSTEM\CurrentControlSet\Services\oreans32 HKLM\SYSTEM\CurrentControlSet\Services\oreans32#Type HKLM\SYSTEM\CurrentControlSet\Services\oreans32#Start HKLM\SYSTEM\CurrentControlSet\Services\oreans32#ErrorControl HKLM\SYSTEM\CurrentControlSet\Services\oreans32#ImagePath HKLM\SYSTEM\CurrentControlSet\Services\oreans32#DisplayName HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Security HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Security#Security HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#0 HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#Count HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#NextInstance HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#INITSTARTFAILED Any help would be much apprieciated, Thankyou in advance. Share this post Link to post Share on other sites
fatdcuk Posted December 10, 2007 Going by the info your log has provided in the alert,in your case the present of Oreans RK is not malware related because there is no other malware showing n your log. The Rootkit is used both by legitimate software(IRC something to do with antipiracy/DRM)and has also been seen in the wild being imported with malware infections in the past. Share this post Link to post Share on other sites
sparkym5 Posted December 10, 2007 Going by the info your log has provided in the alert,in your case the present of Oreans RK is not malware related because there is no other malware showing n your log.The Rootkit is used both by legitimate software(IRC something to do with antipiracy/DRM)and has also been seen in the wild being imported with malware infections in the past. Thankyou for the quick reply fatdcuk, can I then add these items using the Trust/Allow Items to be allowed for future scans.Regards sparky. Share this post Link to post Share on other sites
fatdcuk Posted December 10, 2007 Yeah i would add them to trust/allow Share this post Link to post Share on other sites
sparkym5 Posted December 10, 2007 Yeah i would add the to trust/allow Does this apply to the tracking cookie as well, thanks. Share this post Link to post Share on other sites
fatdcuk Posted December 10, 2007 Yeah i would add the to trust/allow Does this apply to the tracking cookie as well, thanks. No,nuke the cookie Share this post Link to post Share on other sites
nosirrah Posted December 11, 2007 Damn Ade , how many times have we seen this driver now ? This is one of those files that is neither bad nor good , it depends of the files that use it . That being said I have seen it used by malware often but never in a legit app (although I did read up on its legit use) . Share this post Link to post Share on other sites