Results 1 to 2 of 2

Thread: Is this a "false positive" or real virus?

  1. #1
    kludikovsky Guest

    Default Is this a "false positive" or real virus?

    Today I have got besides the Trojan.Clicker.Agent.ii (see http://forum.zonelabs.org/zonelabs/b...ssage.id=27699) also the

    Win32.AdWare.Wintool.ao

    reported.
    The following detailed information was provided.

    RegistryKey: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Cl ***\{4D36E965-E325-11CE-BFC1-08002BE10318}\0005
    RegistryKey: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ***\{4D36E965-E325-11CE-BFC1-08002BE10318}\0005
    RegistryKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\0005
    RegistryKey: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\D comLaunch
    RegistryKey: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\S haredAccess\Parameters\FirewallPolicy\DomainProfil e\AuthorizedApplications


    Can someone confirm that this is a real virus please.

    Thanks

    Operating System:Windows XP Home Edition
    Product Name:ZoneAlarm Pro

  2. #2
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: Is this a "false positive" or real virus?

    Sounds like a FP. But "adware" is not a virus or even "not a virus" if that makes any sense. It should be titled ad-ware or "unwanted software that presents unwanted ads or popups or unwanted balloons".
    In the list of keys, I guess the "malware" entry would be located in a sub key, not the main key itself. Probably the "errant" key would be in the right panel (when the key is opened in the regedit and viewed)

    {4D36E965-E325-11CE-BFC1-08002BE10318} is the cd/dvd drive keys.

    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\D comLaunch usually pertans just to the svchost.exe (or generic host process) related to the DCOM Launch and RPC.

    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\S haredAccess\Parameters\FirewallPolicy\DomainProfil e\AuthorizedApplications
    is for the allowed native applications in the window's native firewall.

    Seems as though all these keys are needed and probably do not need to be deleted, edited or modified.

    Oldsod

    Message Edited by Oldsod on 03-25-2008 11:53 AM
    Best regards.
    oldsod

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •