Results 1 to 2 of 2

Thread: Is this a "false positive" or real virus?

  1. #1
    kludikovsky Guest

    Default Is this a "false positive" or real virus?

    Today I have got besides the Trojan.Clicker.Agent.ii (see also the

    The following detailed information was provided.

    RegistryKey: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Cl ***\{4D36E965-E325-11CE-BFC1-08002BE10318}\0005
    RegistryKey: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ***\{4D36E965-E325-11CE-BFC1-08002BE10318}\0005
    RegistryKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\0005
    RegistryKey: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\D comLaunch
    RegistryKey: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\S haredAccess\Parameters\FirewallPolicy\DomainProfil e\AuthorizedApplications

    Can someone confirm that this is a real virus please.


    Operating System:Windows XP Home Edition
    Product Name:ZoneAlarm Pro

  2. #2
    Join Date
    Dec 2005

    Default Re: Is this a "false positive" or real virus?

    Sounds like a FP. But "adware" is not a virus or even "not a virus" if that makes any sense. It should be titled ad-ware or "unwanted software that presents unwanted ads or popups or unwanted balloons".
    In the list of keys, I guess the "malware" entry would be located in a sub key, not the main key itself. Probably the "errant" key would be in the right panel (when the key is opened in the regedit and viewed)

    {4D36E965-E325-11CE-BFC1-08002BE10318} is the cd/dvd drive keys.

    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\D comLaunch usually pertans just to the svchost.exe (or generic host process) related to the DCOM Launch and RPC.

    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\S haredAccess\Parameters\FirewallPolicy\DomainProfil e\AuthorizedApplications
    is for the allowed native applications in the window's native firewall.

    Seems as though all these keys are needed and probably do not need to be deleted, edited or modified.


    Message Edited by Oldsod on 03-25-2008 11:53 AM
    Best regards.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts