|
Posted by <Jeff on May 24, 2009, 11:55 pm
Please log in for more thread options
Hi
I run a pretty clean XP laptop, using Avast, Spybot, Ad-Aware, etc. I
decided to run a scan using a-Squared free with its latest updates and was
shocked by all it found.
Many of what it found dangerous are out of my I386 which came with the
laptop. I suspect many of these are false positives because none of my
other utilities find them to be dangerous so I decided not to remove what it
found. I would appreciate any advice.
Jeff
Here is the list from the a-Squared free log:
Key: HKEY_CLASSES_ROOT\clsid\
detected: Trace.Registry.KeyLogger.wintective!A2
Key: HKEY_CLASSES_ROOT\clsid\
detected: Trace.Registry.KeyLogger.wintective!A2
Key: HKEY_CLASSES_ROOT\typelib\
detected: Trace.Registry.KeyLogger.wintective!A2
Value:
HKEY_CLASSES_ROOT\CLSID\\InprocServer32
show/hide quoted text
--> ThreadingModel detected: Trace.Registry.PC Police 2.4!A2
Value:
HKEY_CLASSES_ROOT\CLSID\\InprocServer32
show/hide quoted text
--> ThreadingModel detected: Trace.Registry.PC Police 2.4!A2
Value:
HKEY_CLASSES_ROOT\CLSID\\InprocServer32
show/hide quoted text
--> ThreadingModel detected: Trace.Registry.PC Police 2.4!A2
Value:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\\InprocServer32
show/hide quoted text
--> ThreadingModel detected: Trace.Registry.PC Police 2.4!A2
Value:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\\InprocServer32
show/hide quoted text
--> ThreadingModel detected: Trace.Registry.PC Police 2.4!A2
Value:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\\InprocServer32
show/hide quoted text
--> ThreadingModel detected: Trace.Registry.PC Police 2.4!A2
Value:
HKEY_CLASSES_ROOT\CLSID\\InprocServer32
show/hide quoted text
--> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
Value:
HKEY_CLASSES_ROOT\CLSID\\InprocServer32
show/hide quoted text
--> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
Value:
HKEY_CLASSES_ROOT\CLSID\\InprocServer32
show/hide quoted text
--> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
Value:
HKEY_CLASSES_ROOT\CLSID\\InprocServer32
show/hide quoted text
--> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
Value:
HKEY_CLASSES_ROOT\CLSID\\InprocServer32
show/hide quoted text
--> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
Value:
HKEY_CLASSES_ROOT\CLSID\\InprocServer32
show/hide quoted text
--> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
Value:
HKEY_CLASSES_ROOT\CLSID\\InprocServer32
show/hide quoted text
--> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
Value:
HKEY_CLASSES_ROOT\CLSID\\InprocServer32
show/hide quoted text
--> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
Value:
HKEY_CLASSES_ROOT\CLSID\\InprocServer32
show/hide quoted text
--> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
Value:
HKEY_CLASSES_ROOT\CLSID\\InprocServer32
show/hide quoted text
--> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
Value:
HKEY_CLASSES_ROOT\CLSID\\InprocServer32
show/hide quoted text
--> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
Value:
HKEY_CLASSES_ROOT\CLSID\\InprocServer32
show/hide quoted text
--> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
Value:
HKEY_CLASSES_ROOT\CLSID\\InprocServer32
show/hide quoted text
--> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
Value:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\\InprocServer32
show/hide quoted text
--> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
Value:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\\InprocServer32
show/hide quoted text
--> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
Value:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\\InprocServer32
show/hide quoted text
--> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
Value:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\\InprocServer32
show/hide quoted text
--> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
Value:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\\InprocServer32
show/hide quoted text
--> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
Value:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\\InprocServer32
show/hide quoted text
--> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
Value:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\\InprocServer32
show/hide quoted text
--> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
Value:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\\InprocServer32
show/hide quoted text
--> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
Value:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\\InprocServer32
show/hide quoted text
--> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
Value:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\\InprocServer32
show/hide quoted text
--> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
Value:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\\InprocServer32
show/hide quoted text
--> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
Value:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\\InprocServer32
show/hide quoted text
--> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
Value:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\\InprocServer32
show/hide quoted text
--> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
C:\Documents and Settings\Jeff\Cookies\jeff@media6degrees[1].txt detected:
Trace.TrackingCookie.media!A2
C:\Program Files\MSN Gaming Zone\Windows\bckgzm.exe detected:
Virus.Win32.Virut.q!IK
C:\Program Files\MSN Gaming Zone\Windows\hrtzzm.exe detected:
Virus.Win32.Virut.q!IK
C:\Program Files\TurboTax\Deluxe 2006bit\MSXML3.EXE detected:
Backdoor.Win32.Beastdoor!IK
C:\Program Files\TurboTax\Deluxe 2007bit\MSXML3.EXE detected:
Backdoor.Win32.Beastdoor!IK
C:\System Volume
Information\_restore\RP354\A0174689.DLL
detected: Trojan-Downloader.Win32.Small!IK
C:\WINDOWS$hf_mig$\KB896423\SP2QFE\spoolsv.exe detected:
Virus.Win32.Patched.B!IK
C:\WINDOWS\Driver Cache\i386\driver.cab/pctspk.exe detected:
Virus.Win32.Virut.b!IK
C:\WINDOWS\I386\BCKGZM.EX_/bckgzm.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\I386\DMSERVER.DL_/dmserver.dll detected: Virus.Win32.Messoum!IK
C:\WINDOWS\I386\DRIVER.CAB/pctspk.exe detected: Virus.Win32.Virut.b!IK
C:\WINDOWS\I386\EVTRIG.EX_/evtrig.exe detected: Virus.Win32.Virut.ar!IK
C:\WINDOWS\I386\HRTZZM.EX_/hrtzzm.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\I386\MQTRIG.DL_/mqtrig.dll detected: Win32.Cadoiac.A!IK
C:\WINDOWS\I386\NWSCRIPT.EX_/nwscript.exe detected: Win32.Luder!IK
C:\WINDOWS\I386\ODBCCONF.EX_/odbcconf.exe detected: Win32.Cadoiac.A!IK
C:\WINDOWS\I386\RSOPPROV.EX_/rsopprov.exe detected: Win32.Luder!IK
C:\WINDOWS\I386\RSVP.EX_/rsvp.exe detected: Win32.Luder!IK
C:\WINDOWS\I386\SETUP50.EX_/setup50.exe detected: Virus.Win32.Vulgar!IK
C:\WINDOWS\I386\SYSINFO.EX_/sysinfo.exe detected: Virus.Win32.Virut.ar!IK
C:\WINDOWS\I386\TASKKILL.EX_/taskkill.exe detected: Win32.Luder!IK
C:\WINDOWS\I386\WEXTRACT.EX_/wextract.exe detected:
Backdoor.Win32.Beastdoor!IK
C:\WINDOWS\I386\WININET.DL_/wininet.dll detected: Virus.Win32.Nsag.A!IK
C:\WINDOWS\I386\WUAUSERV.DL_/wuauserv.dll detected: Virus.Win32.Messoum!IK
C:\WINDOWS\system32\dllcache\bckgzm.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\dllcache\hrtzzm.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\dllcache\nwscript.exe detected: Win32.Luder!IK
C:\WINDOWS\system32\dllcache\pctspk.exe detected: Virus.Win32.Virut.b!IK
C:\WINDOWS\system32\dllcache\rsopprov.exe detected: Win32.Luder!IK
C:\WINDOWS\system32\dllcache\rsvp.exe detected: Win32.Luder!IK
C:\WINDOWS\system32\nwscript.exe detected: Win32.Luder!IK
C:\WINDOWS\system32\rsopprov.exe detected: Win32.Luder!IK
C:\WINDOWS\system32\rsvp.exe detected: Win32.Luder!IK
E:\Downloads\arw3.exe detected: Trojan.Win32.Agent2!IK
E:\Downloads\as25.exe detected: Trojan.Generic!IK
E:\Downloads\FRAPS setup.exe/fraps.dll detected: Trojan.Win32.Agent!IK
E:\Downloads\FSCaptureSetup63.exe/FSRecorder.exe detected:
Backdoor.Win32.Lithium.10.B5!IK
E:\Downloads\protectionid_v5.2c.rar/Protection_ID.exe detected:
Packed.Win32.Klone.af!IK
E:\Downloads\removewga(2).exe detected: Riskware.Risktool.RemoveWGA!IK
E:\Downloads\RemoveWGA.exe detected: Riskware.Risktool.RemoveWGA!IK
K:\System Volume
Information\_restore\RP342\A0172298.exe
detected: Trojan.Win32.Agent2!IK
K:\System Volume
Information\_restore\RP342\A0172299.exe
detected: Trojan.Generic!IK
K:\System Volume
Information\_restore\RP342\A0172322.exe/fraps.dll
detected: Trojan.Win32.Agent!IK
K:\System Volume
Information\_restore\RP342\A0172387.exe
detected: Riskware.Risktool.RemoveWGA!IK
K:\System Volume
Information\_restore\RP342\A0172388.exe
detected: Riskware.Risktool.RemoveWGA!IK
|