a-Squared false positives?

If you were Registered and logged in, you could reply and use other advanced thread options

Posted by <Jeff on May 24, 2009, 11:55 pm

Hi

I run a pretty clean XP laptop, using Avast, Spybot, Ad-Aware, etc. I
decided to run a scan using a-Squared free with its latest updates and was
shocked by all it found.

Many of what it found dangerous are out of my I386 which came with the
laptop. I suspect many of these are false positives because none of my
other utilities find them to be dangerous so I decided not to remove what it
found. I would appreciate any advice.

Jeff

Here is the list from the a-Squared free log:

Key: HKEY_CLASSES_ROOT\clsid\
detected: Trace.Registry.KeyLogger.wintective!A2
Key: HKEY_CLASSES_ROOT\clsid\
detected: Trace.Registry.KeyLogger.wintective!A2
Key: HKEY_CLASSES_ROOT\typelib\
detected: Trace.Registry.KeyLogger.wintective!A2
Value:
HKEY_CLASSES_ROOT\CLSID\\InprocServer32

Value:
HKEY_CLASSES_ROOT\CLSID\\InprocServer32

Value:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\\InprocServer32

Value:
HKEY_CLASSES_ROOT\CLSID\\InprocServer32

Value:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\\InprocServer32

Posted by Johnw on May 25, 2009, 1:21 am

Jeff@unknown.com used his keyboard to write :

I have a-Squared installed with others, which I would run & then google
what is left to see what is false.

Malwarebytes' Anti-Malware (MBAM)
http://www.softpedia.com/get/Antivirus/Malwarebytes-Anti-Malware.shtml
http://www.malwarebytes.org/mbam.php
Forum
http://www.malwarebytes.org/forums/
SUPERAntiSpyware (SAS)
http://www.softpedia.com/get/Internet/Popup-Ad-Spyware-Blockers/SUPERAntiSpyware.shtml
http://www.softpedia.com/progScreenshots/SUPERAntiSpyware-Screenshot-36499.html
http://www.superantispyware.com/index.html

Posted by <Jeff on May 25, 2009, 8:25 am

But I also ran ZA Suite's virus check (which uses Kapersky) and it too found
nothing.  I cannot beleive with all these other virus checkers finding
nothing, a-Squared alone found 82 virus signatures.  Everybody else,
including Kapersky, cannot be that off!  The a-Squared findings have to be
false positives.

Jeff

Posted by FromTheRafters on May 25, 2009, 9:23 am

Sounds logical enough. You could submit some of the suspect executables
to virustotal.com or jotti.org to see what other AV engines have to say.
This also eliminates differences you may encounter by having different
settings between your local second opinion scans. Many of the executable
file detections were from archived (or compressed) files which your
Kaspersky *might* not be looking in in accordance with its
configuration.

Some AV vendors make use of these services as a feedback mechanism to
help them to correct false positives or to add detection for new
malware.

I'm tempted to agree with you, but that is an awful lot of malware to
casually dismiss as FPs.

Posted by <Jeff on May 25, 2009, 4:56 pm

FromTheRafters wrote:

Your suggestion to get another opinion is a excellent one and I have been
doing that with virustotal.com. I sent several of the exe files that
a-Squared found to be infected with viruses to virustotal.com. I had them
recheck the actual files I sent and they all came back clean - including
their own a-Squared version 4.0.0.101! (Mine says it is version 4.5.0.1)

I also ran the Kapersky's online scanner (turning off my Avast AV during the
process)which also found nothing suspicious.

Unfortunately, I have no way to double check the registry entries that
a-Squared found to be infected because I cannot send these out to be
checked.

That is why I wrote this thread.  I run a very tight ship and have always
been very careful both with virus checkers and malware and rarely have
anything bad slip through. So this is unbelievable.

Could I have possibly downloaded a malware pretending to be a-Squared?  Do
you know a safe site to download a-Squared from?  The version I have was
downloaded ages ago and I do not usually use it.  I did update it before the
check that scared the life out of me!

This Thread