Results 1 to 8 of 8

Thread: What is Win32.Trojan.Peflog.30?

  1. #1
    clayachin Guest

    Default What is Win32.Trojan.Peflog.30?

    ZA detects Win32.Trojan.Peflog.30 and I can't find a thing when Googling it.

    Here are the keys below it in the ZAlog.txt file:

    2007/02/21,12:36:18 -5:00 GMT,Win32.Trojan.Peflog.30,Trojan,Auto
    RegistryKey-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\HijackThis
    RegistryKey-HKEY_LOCAL_MACHINE\SOFTWARE\Soeperman Enterprises Ltd.
    RegistryKey-HKEY_LOCAL_MACHINE\SOFTWARE\Soeperman Enterprises Ltd.\HijackThis
    RegistryKey-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\App Paths\HijackThis.exe


    Isn't this legitimage? Is the above trojan a false positive? What other log can I look at and is there any other info on this?

    Operating System:Windows 2000 Pro
    Product Name:ZoneAlarm Pro
    Software Version:6.5

  2. #2

    Default Re: What is Win32.Trojan.Peflog.30?

    This is a false positive please report the f/p here http://www.zonelabs.com/store/conten...are_report.jsp

  3. #3
    clayachin Guest

    Default Re: What is Win32.Trojan.Peflog.30?


    <blockquote><hr>Greb49er wrote:
    This is a false positive please report the f/p here http://www.zonelabs.com/store/conten...are_report.jsp
    <hr></blockquote>


    Doing that right now.

    Are you sure it's an fp? Have you seen this situation before. I don't mean to belabor the point, but I'm sure you know that if one is really security conscious, they start searching files and the registry, and running numerous programs. Once I get started, I can spend hours checking my OS partition.

    I also found this just now when running Hijackthis. Am I correct in assuming that's it placed there by ZA when it quarantines something?

    O4 - HKLM\..\RunOnce: [srePostpone] rundll32.exe c:\winnt\system32\zonelabs\srescan.dll,DoSpecialAc tion

  4. #4

    Default Re: What is Win32.Trojan.Peflog.30?

    Hi
    RegistryKey-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\HijackThis
    RegistryKey-HKEY_LOCAL_MACHINE\SOFTWARE\Soeperman Enterprises Ltd.
    RegistryKey-HKEY_LOCAL_MACHINE\SOFTWARE\Soeperman Enterprises Ltd.\HijackThis
    RegistryKey-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\App Paths\HijackThis.exe

    Are all related to the hijackthis program .Yes I have seen this before ,I have the same registry keys from the install of hijackthis.


    O4 - HKLM\..\RunOnce: [srePostpone] rundll32.exe c:\winnt\system32\zonelabs\srescan.dll,DoSpecialAc tion from the hijackthis log is ok


    see here http://www.castlecops.com/s12837-srePostpone.html

  5. #5
    thez Guest

    Default Re: What is Win32.Trojan.Peflog.30?

    Just got it as well: Win32.Trojan.Peflog.30RegistryKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\HijackThis
    I know better than to email support..

  6. #6

    Default Re: What is Win32.Trojan.Peflog.30?

    Hi TheZ
    This is a false positive. Update your AS ,I believe this has been fixed,.

  7. #7
    robster Guest

    Default Re: What is Win32.Trojan.Peflog.30?

    I updated my AS definitions today (26 Feb 2007) and ZASS 7.0 still detected this so-called trojan.

  8. #8
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,290

    Default Re: What is Win32.Trojan.Peflog.30?


    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •