a-Squared false positives?

--> ThreadingModel detected: Trace.Registry.PC Police 2.4!A2

--> ThreadingModel detected: Trace.Registry.PC Police 2.4!A2

--> ThreadingModel detected: Trace.Registry.PC Police 2.4!A2

--> ThreadingModel detected: Trace.Registry.PC Police 2.4!A2

--> ThreadingModel detected: Trace.Registry.PC Police 2.4!A2

--> ThreadingModel detected: Trace.Registry.PC Police 2.4!A2

--> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2

--> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2

--> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2

--> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2

--> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2

--> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2

--> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2

--> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2

--> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2

--> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2

--> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2

--> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2

--> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2

--> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2

--> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2

--> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2

--> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2

--> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2

--> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2

--> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2

--> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2

--> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2

--> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2

--> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2

--> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2

--> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2

> Hi
> I run a pretty clean XP laptop, using Avast, Spybot, Ad-Aware, etc. I
> decided to run a scan using a-Squared free with its latest updates and was
> shocked by all it found.
> Many of what it found dangerous are out of my I386 which came with the
> laptop. I suspect many of these are false positives because none of my
> other utilities find them to be dangerous so I decided not to remove what it
> found. I would appreciate any advice.
> Jeff
> Here is the list from the a-Squared free log:
> Key: HKEY_CLASSES_ROOT\clsid\
> detected: Trace.Registry.KeyLogger.wintective!A2
> Key: HKEY_CLASSES_ROOT\clsid\
> detected: Trace.Registry.KeyLogger.wintective!A2
> Key: HKEY_CLASSES_ROOT\typelib\
> detected: Trace.Registry.KeyLogger.wintective!A2
> Value:
> HKEY_CLASSES_ROOT\CLSID\\InprocServer32
> --> ThreadingModel detected: Trace.Registry.PC Police 2.4!A2
> Value:
> HKEY_CLASSES_ROOT\CLSID\\InprocServer32
> --> ThreadingModel detected: Trace.Registry.PC Police 2.4!A2
> Value:
> HKEY_CLASSES_ROOT\CLSID\\InprocServer32
> --> ThreadingModel detected: Trace.Registry.PC Police 2.4!A2
> Value:
>

> --> ThreadingModel detected: Trace.Registry.PC Police 2.4!A2
> Value:
>

> --> ThreadingModel detected: Trace.Registry.PC Police 2.4!A2
> Value:
>

> --> ThreadingModel detected: Trace.Registry.PC Police 2.4!A2
> Value:
> HKEY_CLASSES_ROOT\CLSID\\InprocServer32
> --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
> Value:
> HKEY_CLASSES_ROOT\CLSID\\InprocServer32
> --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
> Value:
> HKEY_CLASSES_ROOT\CLSID\\InprocServer32
> --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
> Value:
> HKEY_CLASSES_ROOT\CLSID\\InprocServer32
> --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
> Value:
> HKEY_CLASSES_ROOT\CLSID\\InprocServer32
> --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
> Value:
> HKEY_CLASSES_ROOT\CLSID\\InprocServer32
> --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
> Value:
> HKEY_CLASSES_ROOT\CLSID\\InprocServer32
> --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
> Value:
> HKEY_CLASSES_ROOT\CLSID\\InprocServer32
> --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
> Value:
> HKEY_CLASSES_ROOT\CLSID\\InprocServer32
> --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
> Value:
> HKEY_CLASSES_ROOT\CLSID\\InprocServer32
> --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
> Value:
> HKEY_CLASSES_ROOT\CLSID\\InprocServer32
> --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
> Value:
> HKEY_CLASSES_ROOT\CLSID\\InprocServer32
> --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
> Value:
> HKEY_CLASSES_ROOT\CLSID\\InprocServer32
> --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
> Value:
>

> --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
> Value:
>

> --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
> Value:
>

> --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
> Value:
>

> --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
> Value:
>

> --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
> Value:
>

> --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
> Value:
>

> --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
> Value:
>

> --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
> Value:
>

> --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
> Value:
>

> --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
> Value:
>

> --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
> Value:
>

> --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
> Value:
>

> --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
> C:\Documents and Settings\Jeff\Cookies\jeff@media6degrees[1].txt detected:
> Trace.TrackingCookie.media!A2
> C:\Program Files\MSN Gaming Zone\Windows\bckgzm.exe detected:
> Virus.Win32.Virut.q!IK
> C:\Program Files\MSN Gaming Zone\Windows\hrtzzm.exe detected:
> Virus.Win32.Virut.q!IK
> C:\Program Files\TurboTax\Deluxe 2006bit\MSXML3.EXE detected:
> Backdoor.Win32.Beastdoor!IK
> C:\Program Files\TurboTax\Deluxe 2007bit\MSXML3.EXE detected:
> Backdoor.Win32.Beastdoor!IK
> C:\System Volume
> Information\_restore\RP354\A0174689.DLL
> detected: Trojan-Downloader.Win32.Small!IK
> C:\WINDOWS$hf_mig$\KB896423\SP2QFE\spoolsv.exe detected:
> Virus.Win32.Patched.B!IK
> C:\WINDOWS\Driver Cache\i386\driver.cab/pctspk.exe detected:
> Virus.Win32.Virut.b!IK
> C:\WINDOWS\I386\BCKGZM.EX_/bckgzm.exe detected: Virus.Win32.Virut.q!IK
> C:\WINDOWS\I386\DMSERVER.DL_/dmserver.dll detected: Virus.Win32.Messoum!IK
> C:\WINDOWS\I386\DRIVER.CAB/pctspk.exe detected: Virus.Win32.Virut.b!IK
> C:\WINDOWS\I386\EVTRIG.EX_/evtrig.exe detected: Virus.Win32.Virut.ar!IK
> C:\WINDOWS\I386\HRTZZM.EX_/hrtzzm.exe detected: Virus.Win32.Virut.q!IK
> C:\WINDOWS\I386\MQTRIG.DL_/mqtrig.dll detected: Win32.Cadoiac.A!IK
> C:\WINDOWS\I386\NWSCRIPT.EX_/nwscript.exe detected: Win32.Luder!IK
> C:\WINDOWS\I386\ODBCCONF.EX_/odbcconf.exe detected: Win32.Cadoiac.A!IK
> C:\WINDOWS\I386\RSOPPROV.EX_/rsopprov.exe detected: Win32.Luder!IK
> C:\WINDOWS\I386\RSVP.EX_/rsvp.exe detected: Win32.Luder!IK
> C:\WINDOWS\I386\SETUP50.EX_/setup50.exe detected: Virus.Win32.Vulgar!IK
> C:\WINDOWS\I386\SYSINFO.EX_/sysinfo.exe detected: Virus.Win32.Virut.ar!IK
> C:\WINDOWS\I386\TASKKILL.EX_/taskkill.exe detected: Win32.Luder!IK
> C:\WINDOWS\I386\WEXTRACT.EX_/wextract.exe detected:
> Backdoor.Win32.Beastdoor!IK
> C:\WINDOWS\I386\WININET.DL_/wininet.dll detected: Virus.Win32.Nsag.A!IK
> C:\WINDOWS\I386\WUAUSERV.DL_/wuauserv.dll detected: Virus.Win32.Messoum!IK
> C:\WINDOWS\system32\dllcache\bckgzm.exe detected: Virus.Win32.Virut.q!IK
> C:\WINDOWS\system32\dllcache\hrtzzm.exe detected: Virus.Win32.Virut.q!IK
> C:\WINDOWS\system32\dllcache\nwscript.exe detected: Win32.Luder!IK
> C:\WINDOWS\system32\dllcache\pctspk.exe detected: Virus.Win32.Virut.b!IK
> C:\WINDOWS\system32\dllcache\rsopprov.exe detected: Win32.Luder!IK
> C:\WINDOWS\system32\dllcache\rsvp.exe detected: Win32.Luder!IK
> C:\WINDOWS\system32\nwscript.exe detected: Win32.Luder!IK
> C:\WINDOWS\system32\rsopprov.exe detected: Win32.Luder!IK
> C:\WINDOWS\system32\rsvp.exe detected: Win32.Luder!IK
> E:\Downloads\arw3.exe detected: Trojan.Win32.Agent2!IK
> E:\Downloads\as25.exe detected: Trojan.Generic!IK
> E:\Downloads\FRAPS setup.exe/fraps.dll detected: Trojan.Win32.Agent!IK
> E:\Downloads\FSCaptureSetup63.exe/FSRecorder.exe detected:
> Backdoor.Win32.Lithium.10.B5!IK
> E:\Downloads\protectionid_v5.2c.rar/Protection_ID.exe detected:
> Packed.Win32.Klone.af!IK
> E:\Downloads\removewga(2).exe detected: Riskware.Risktool.RemoveWGA!IK
> E:\Downloads\RemoveWGA.exe detected: Riskware.Risktool.RemoveWGA!IK
> K:\System Volume
> Information\_restore\RP342\A0172298.exe
> detected: Trojan.Win32.Agent2!IK
> K:\System Volume
> Information\_restore\RP342\A0172299.exe
> detected: Trojan.Generic!IK
> K:\System Volume
>

> detected: Trojan.Win32.Agent!IK
> K:\System Volume
> Information\_restore\RP342\A0172387.exe
> detected: Riskware.Risktool.RemoveWGA!IK
> K:\System Volume
> Information\_restore\RP342\A0172388.exe
> detected: Riskware.Risktool.RemoveWGA!IK

> Jeff@unknown.com used his keyboard to write :
>> Hi
>> I run a pretty clean XP laptop, using Avast, Spybot, Ad-Aware, etc. I
>> decided to run a scan using a-Squared free with its latest updates
>> and was shocked by all it found.
>> Many of what it found dangerous are out of my I386 which came with
>> the laptop. I suspect many of these are false positives because
>> none of my other utilities find them to be dangerous so I decided
>> not to remove what it found. I would appreciate any advice.
>> Jeff
>> Here is the list from the a-Squared free log:

<snip>

> I have a-Squared installed with others, which I would run & then
> google what is left to see what is false.

>> Jeff@unknown.com used his keyboard to write :
>>> Hi
>>> I run a pretty clean XP laptop, using Avast, Spybot, Ad-Aware, etc.
>>> I
>>> decided to run a scan using a-Squared free with its latest updates
>>> and was shocked by all it found.
>>> Many of what it found dangerous are out of my I386 which came with
>>> the laptop. I suspect many of these are false positives because
>>> none of my other utilities find them to be dangerous so I decided
>>> not to remove what it found. I would appreciate any advice.
>>> Jeff
>>> Here is the list from the a-Squared free log:
> --
>> I have a-Squared installed with others, which I would run & then
>> google what is left to see what is false.
> But I also ran ZA Suite's virus check (which uses Kapersky) and it too
> found nothing. I cannot beleive with all these other virus checkers
> finding nothing, a-Squared alone found 82 virus signatures. Everybody
> else, including Kapersky, cannot be that off! The a-Squared findings
> have to be false positives.

>>> Jeff@unknown.com used his keyboard to write :
>>>> Hi
>>>> I run a pretty clean XP laptop, using Avast, Spybot, Ad-Aware, etc.
>>>> I
>>>> decided to run a scan using a-Squared free with its latest updates
>>>> and was shocked by all it found.
>>>> Many of what it found dangerous are out of my I386 which came with
>>>> the laptop. I suspect many of these are false positives because
>>>> none of my other utilities find them to be dangerous so I decided
>>>> not to remove what it found. I would appreciate any advice.
>>>> Jeff
>>>> Here is the list from the a-Squared free log:
>> --
>>> I have a-Squared installed with others, which I would run & then
>>> google what is left to see what is false.
>> But I also ran ZA Suite's virus check (which uses Kapersky) and it
>> too found nothing. I cannot beleive with all these other virus
>> checkers finding nothing, a-Squared alone found 82 virus signatures.
>> Everybody else, including Kapersky, cannot be that off! The
>> a-Squared findings have to be false positives.
> Sounds logical enough. You could submit some of the suspect
> executables to virustotal.com or jotti.org to see what other AV
> engines have to say. This also eliminates differences you may
> encounter by having different settings between your local second
> opinion scans. Many of the executable file detections were from
> archived (or compressed) files which your Kaspersky *might* not be
> looking in in accordance with its configuration.
> Some AV vendors make use of these services as a feedback mechanism to
> help them to correct false positives or to add detection for new
> malware.
> I'm tempted to agree with you, but that is an awful lot of malware to
> casually dismiss as FPs.

> I'm tempted to agree with you, but that is an awful lot of malware to
> casually dismiss as FPs.