Results 1 to 7 of 7

Thread: Windows XP Pro SP3 installation files identified as virus

  1. #1
    dagaey Guest

    Default Windows XP Pro SP3 installation files identified as virus

    Just installed a brand new computer with XP SP2 disk. Then installed ZA 7.0.470 with latest updated definitions.
    During Microsoft Update of Windows XP SP3, got a virus warning that the file c:\windows\softwaredistribution\............\$CABR EF$.TMP is infected with the not-a-virus:Monitor.win32.uberkeylogger.b
    - is this a false positive? Complete scans of the computer show the file as still being infected.

    Operating System:
    Windows XP Pro
    Software Version:
    7.0
    Product Name:
    ZoneAlarm Internet Security Suite


    Message Edited by dagaey on 06-25-2008 07:50 PM

    Message Edited by dagaey on 06-25-2008 08:44 PM

  2. #2
    ssiegal Guest

    Default Re: Windows XP Pro SP3 installation files identified as virus

    I have similar issue. Today ZoneAlarm scan identified
    four apparent system files as "not-a-virus:Monitor.Win32.UberKeylogger.b":C:\Windo ws\System32\ReinstallBackups\0003\DriverFiles\i386 \i8042prt.sysC:\Windows\System32\ReinstallBackups\ 0000\DriverFiles\i386\i8042prt.sysC:\i386\i8042prt .sysC:\cmdcons\i8042prt.sy_
    The file C:\WINDOWS\system32\DRIVERS\i8042prt.sys was not identified as infected.
    Are these false positives?
    ZoneAlarm Security Suite: 7.0.470.000Anti-virus engine version 3, DAT file version 953783459
    Thank you


  3. #3
    yoopermutt Guest

    Default Re: Windows XP Pro SP3 installation files identified as virus

    I have the same issue with ZA reporting not-a-virus:Monitor.Win32Uberkeylogger.b
    only difference is I'm running Vista Home Premium.
    However I had some of the data from my XP Home SP3 computer transferred to the Vista computer. ZA reports that not-a-vurus is located in:
    C:\Old_Data\1386\1804\PRT.SYSZA says to repair but in the first place I'm not sure if it is necessary or a false positive and secondly, I have absolutely no idea how to go about a repair.
    Hopefully ZA will come up with some guidance soon.

    Good luck to all!

  4. #4
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,291

    Default Re: Windows XP Pro SP3 installation files identified as virus

    Hi!
    try to follow the standard procedure when dealing with potential false positives.
    You will find it in the right forum section (malware)

    That is to upload the file to www.virustotal.com and check what most malware will say about the file.
    If it is confirmed its a false positive then you need to send it to ZA (if it is a spyware false positive) or Kaspersky (if it is a false positive from the antivirus).

    You will know if it is ZA AS or Kaspersky engine by looking into where the file is quarantined.

    For you specific case (not a virus) you need to report it to Kaspersky. Write an e-mail to newvirus kaspersky dot com. Subject: false positive. Attach the file in a password protected zip and include the password in the e-mail.

    If it is a false positive you will be informed by the malware specialist at Kaspersky.

    Cheers,
    Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  5. #5
    ssiegal Guest

    Default Re: Windows XP Pro SP3 installation files identified as virus

    Fax,
    I followed your instructions. Files are reported as virus free on VirusTotal. Sent report to Kaspersky.
    Thank you,Seth

  6. #6
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,291

    Default Re: Windows XP Pro SP3 installation files identified as virus

    Hi!virus free also by Kaspersky? If yes, then they have already fixed it.Try to update your virus definitions.Cheers,Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  7. #7
    yoopermutt Guest

    Default Re: Windows XP Pro SP3 installation files identified as virus

    I think Zone Alarm must have fixed it as a false positive.
    After posting yesterday, I ran a Windows Defender scan & a Webroot SpySweeper scan with nothing showing up.
    Then I had to go to work.
    When I got home
    I was about to follow the directions to send the file in but I thought I'd run the ZA scan again & updated the definitions first than ran the scan & nothing showed that time.
    That was last evening.
    That was pretty fast work anyway.
    ssiegal probably helped that along by sending the file in.
    Thanks to all.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •