Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Could this be a false positive

  1. #1
    arthurdent Guest

    Default Could this be a false positive

    Virus quick scan ran and found a trojan named Win32.Packer.PESpin.A at a registry address.
    First I quarantined it and
    did Google
    search on this name but did not find a single hit.
    I
    also searched Kaspersky.com and found nothing.
    ZoneAlarm's more information link just lead me to a generic trojan page.

    I clicked on the Update now button in ZA to make sure I had the latest updates and then restored this file.
    I'm running a full virus scan, which takes about 4 hours, to see if it finds anything.

    Just wondering if this could be another false positive.

    Operating System:Windows XP Pro
    Software Version:7.0
    Product Name:ZoneAlarm Internet Security Suite

  2. #2
    findley Guest

    Default Re: Could this be a false positive


    <blockquote><hr>ArthurDent wrote:
    Virus quick scan ran and found a trojan named Win32.Packer.PESpin.A at a registry address.
    First I quarantined it and
    did Google
    search on this name but did not find a single hit.
    I
    also searched Kaspersky.com and found nothing.
    ZoneAlarm's more information link just lead me to a generic trojan page.

    I clicked on the Update now button in ZA to make sure I had the latest updates and then restored this file.
    I'm running a full virus scan, which takes about 4 hours, to see if it finds anything.

    Just wondering if this could be another false positive.

    Operating System:
    Windows XP Pro
    Software Version:
    7.0
    Product Name:
    ZoneAlarm Internet Security Suite

    <hr></blockquote>ArthurDent,
    Suggestion:
    you could upload the suspect file to VirusTotal a free service that uses 35 plus antivirus engines to check suspecious files
    and you'll get an answer on whether or not this is a false positive.
    Here is a link to VirusTotal:
    http://www.virustotal.com/
    Hope this helps you.Findley

  3. #3
    arthurdent Guest

    Default Re: Could this be a false positive

    I would do that if I had an actual file to work with. The full virus scan finished and it showed the same thing the quick scan did. The trojan was detected at this registry key location:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F} . I deleted it this time.

  4. #4
    findley Guest

    Default Re: Could this be a false positive

    ArthurDent,Are you running or have ever installed Alcohol 120% Alcohol 120% is CD / DVD burning copying backup recording duplication emulation and creation software.
    Your registry key matches one I found:
    http://threatexpert.com/report.aspx?...8-453e3fbd6196 which shows Alcohol 120% and the registry keys created.Findley

    Message Edited by Findley on 04-05-2008 02:45 PM

  5. #5
    arthurdent Guest

    Default Re: Could this be a false positive

    Actually I think I did install the trial version about a year ago. I used it for about a week and then removed it.

  6. #6
    maribo Guest

    Default Re: Could this be a false positive

    I have the same problem, I have quarantined it and asked on another thread how to delete it, but I don't know if I should.
    I do have alcohol120% but haven't used it for about a year.
    Is this dangerous?

  7. #7
    blackshadow Guest

    Default Re: Could this be a false positive

    Interesting... I also woke up this morning to the same thing: &quot;Win32.Packer.PESpin.A&quot; at registry keys:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
    and
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IE Setup\Setup\Apps.InstDateTime

    I do have Alcohol 120% as well as Daemon Tools installed on my computer... but have had them for a while.

    Anyone have any idea if this is a legitimate threat?

  8. #8
    findley Guest

    Default Re: Could this be a false positive

    To all:

    As posted earlier these registry keys are part of Alcohol 120% which is a legitimate program. Searching on the internet turns up nothing beyond the posts here in this forum - so probably a false positive. If in doubt let Zone Alarm quarantine and submit a false positive report to Zone Alarm;


    Please report the false positive to:
    http://www.zonealarm.com/store/conte...are_report.jsp

    Be sure to report as much details as possible to Zone Alarm so that they can fix it.
    Use Internet Explorer browser to submit the report - other alternative browsers, Firefox, Opera and others are not recommended for use in submitting report to Zone Alarm.

    Findley

  9. #9
    merlinus Guest

    Default Re: Could this be a false positive

    Hello to all

    same problem here, I have Alcohol 52% (no change since 08/2007)
    Same alert on same registry uninstall entry (and BTW this entry have no keys in it !!!)

    Seems clearly a false positive...

    Edit: false positive submitted to ZA

    Message Edited by merlinus on 04-08-2008 12:45 PM

  10. #10
    merlinus Guest

    Default False positive confirmed by spyware team

    their answer:

    &gt;Thank you for contacting us. It's a real false-positive. Our research team already works on it. We will release appropriate fix in coming updates.

    Voil :-)

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •