Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Another false positive--ATI file, atiacmxx.dll

  1. #1
    amethyst Guest

    Default Another false positive--ATI file, atiacmxx.dll

    Hello,

    Just updated my ZASS and ran a spyware scan, and once again, the following .dll was picked up as being a trojan. This time the trojan was identified as Win32.Trojan.Proxy.Repsamo.1 (nothing on Google about this), and the file identified was from my graphic card software, ATI, and it is in the Program Files/ATI Technologies/ATI.ACE/atiacmxx.dll. This .dll is an ACE Context Menu item, 68 kb in size, created April 19/05, file version 1.0.0.1.

    Because of other false positives, I have my software set to report only, which the gurus here advise NOT to do [and please understand, I do not consider myself an expert!], but I have found from past experience that restoring an item from quarantine doesn't necessarily mean you get it back, because ZASS does something to the entry in the registry regarding the quarantined item. I permanently lost a .dll that way, but it was one I didn't need, so I was lucky that way.

    I had this file scanned at Virustotal.com, and it came up as clean. I'll be sending a report to ZA.

    Amethyst


    Windows XP MCE

    ZoneAlarm Security Suite version:6.5.737.000
    TrueVector version:6.5.737.000
    Driver version:6.5.737.000
    Anti-virus Vet engine version:31.1.0.000
    Anti-virus signature DAT file version:31.1.5279.000
    Anti-spyware engine version:5.0.176.0
    Anti-spyware signature DAT file version:01.200711.2785
    AntiSpam version:4.8.2.7565

  2. #2
    dmilbrath Guest

    Default Re: Another false positive--ATI file, atiacmxx.dll

    This just happened to me.
    No help on this "Trojan" (at least none that I can find).

  3. #3
    amethyst Guest

    Default Re: Another false positive--ATI file, atiacmxx.dll


    <blockquote><hr>dmilbrath wrote:
    This just happened to me. No help on this &quot;Trojan&quot; (at least none that I can find).
    <hr></blockquote>



    I found this page about a Repsamo trojan, and I just went searching through my system to see if any of the files it mentions happen to be there, and I can't find anything. I'm quite confident that this is a false positive report from ZASS.

    http://www.symantec.com/security_res...99&amp;tabid=2


    Amethyst

  4. #4
    glimmer Guest

    Default Re: Another false positive--ATI file, atiacmxx.dll

    I am also getting this message.

    Windows XP
    Zone Alarm Pro version 7.0.337.000
    True Vector Security Engine version 7.0.337.000
    Driver version 7.0.337.000
    Anti-Spyware Engine version 5.0.187.0,DAT 01.200711.2785

  5. #5
    amethyst Guest

    Default Re: Another false positive--ATI file, atiacmxx.dll

    Here's the link to file a false positive report.

    http://www.zonealarm.com/store/conte...are_report.jsp


    Amethyst

  6. #6
    spidertex Guest

    Default Re: Another false positive--ATI file, atiacmxx.dll

    yep, here also.Since I installed ATI drivers: 7-10_xp32_dd_ccc_wdm_enu_53250.exe
    (Catalyst drivers 7.10)
    Submitted false positive report.

  7. #7
    amethyst Guest

    Default Re: Another false positive--ATI file, atiacmxx.dll

    Just received an e-mail from ZASS tech support. They said they'll fix this with the next update.

    Amethyst

  8. #8
    mamfelt Guest

    Default Re: Another false positive--ATI file, atiacmxx.dll

    Good to hear: For the record (this is a double post - I am learning, but this is a newer thread)

    What is current status. I just got it flagged: Object put in Quarantine:

    File: C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll
    GUID: {5E2121EE-0300-11D4-8D3B-444553540000}
    RegistryKey: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{5E2121E E-0300-11D4-8D3B-444553540000}
    RegistryKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Shell Extensions\Approved\{5E2121EE-0300-11D4-8D3B-444553540000}

    Found with: (no cut/paste unfortunately....)
    ZA SecuritySuite: 7.0.408.000
    True vector sec engine: 7.0.408.000
    Driver: 7.0.408.000
    Anti-virus engine vers 3, DAT file version 20071109055000
    Anti Spy....: 5.0.187.0 DAT 01.200711.2795
    AntiSpam Version: 5.0.6.8903

  9. #9
    amethyst Guest

    Default Now it's saying it's a DIFFERENT trojan!

    So I just updated the antispyware and ran a scan, after removing the atiacmxx.dll from the exception list. Now ZASS is calling it Win32.Trojan.Clicker.Agent.ag.

    Virustotal.com, again, says it's clean. It would be nice if ZASS would stop picking on ATI. ;-)[And off I go to, again, file a false positive report!]

    Amethyst



    ZoneAlarm Security Suite version:6.5.737.000
    TrueVector version:6.5.737.000
    Driver version:6.5.737.000
    Anti-virus Vet engine version:31.1.0.000
    Anti-virus signature DAT file version:31.1.5281.000
    Anti-spyware engine version:5.0.176.0
    Anti-spyware signature DAT file version:01.200711.2795
    AntiSpam version:4.8.2.7565

  10. #10
    amethyst Guest

    Default Re: Another false positive--ATI file, atiacmxx.dll

    I had been e-mailed by ZASS tech support before I ran today's scan and I've written back to him about what occurred today. This is what he said:

    &quot;I apologize for this new issue. Spyware world is too dynamic and sometime we can't catch some its changes. We have fixed the first issue before releasing new update (.2795) but another spyware that used this legitimate component was added into it. Such case occurs for the first time in our practice and we will do our best to address this issue in the shortest possible time.&quot;

    I have to say, ZASS tech support was very quick with the e-mail response. I received this reply in less than an hour.


    Amethyst

    P.S. Mamfelt, if you right click on the ZASS icon in your system tray, and then select &quot;about&quot;, you'll be able to copy your info to a clipboard and then paste it here. I found that out through trial and error, makes it a lot easier to post the info on this forum. :-)

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •