Results 1 to 5 of 5

Thread: False Positives?

Threaded View

  1. #1
    john_the_fast Guest

    Unhappy False Positives?

    Hey everyone....
    I did a definition update and this is what zone alarm tells me i have.
    if i quarantine these files the winlogon registry entry gets deleted and windows has problems logging me in and out.
    My question is are these false positives? or is my version of zone alarm unsupported?
    Zonealarm version - 8.0.298..035
    True Vector Version - ^ same as above.
    Driver Version - ^
    Anti virus engine - 6.0.2.678
    Anti Spyware engine - 5.0.209.0
    OS - XP PRO SP3 . all windows updates installed.

    trojan 1 - win32.worm.socks.BY
    RegistryKey: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ***\{4D36E965-E325-11CE-BFC1-08002BE10318}\0005

    Trojan 2 - win32.worm.socks.BW
    RegistryKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UIHost

    Trojan 3 - win32.download.fraud.load.gkh
    File: C:\Program Files\K-Lite Codec Pack\Filters\vp7dec.ax
    File: M:\Program Files (x86)\K-Lite Codec Pack\Filters\vp7dec.ax
    File: C:\Program Files\K-Lite Codec Pack\Filters\CoreVorbis.ax
    File: M:\Program Files (x86)\K-Lite Codec Pack\Filters\CoreVorbis.ax
    File: C:\Program Files\K-Lite Codec Pack\Filters\DCBassSource.ax
    File: M:\Program Files (x86)\K-Lite Codec Pack\Filters\DCBassSource.ax
    Directory: C:\Program Files\K-Lite Codec Pack\Filters

    Trojan 4 - win32.a-ymoj.mail15.su
    RegistryKey: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ***\{4D36E965-E325-11CE-BFC1-08002BE10318}\0003\DigitalAudio
    RegistryKey: HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\P references\VideoSettings
    RegistryKey: HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\General\ActiveLatchSet
    RegistryKey: HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

    Trojan 5 - win32.1sass
    RegistryKey: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ***\{4D36E965-E325-11CE-BFC1-08002BE10318}\0006
    RegistryKey: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ***\{4D36E965-E325-11CE-BFC1-08002BE10318}\0007
    RegistryKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\0005
    RegistryKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\0006
    RegistryKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\0007
    RegistryKey: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\ LEGACY_BITS
    RegistryKey: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\B ITS\Enum
    Directory: C:\Documents and Settings\Adam\Local Settings\Temporary Internet Files\Content.IE5
    Directory: C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader
    RegistryKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\BITS
    RegistryKey: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Se curityProviders\SCHANNEL\Ciphers\DES 56/56
    RegistryKey: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Se curityProviders\SCHANNEL\Ciphers\NULL
    RegistryKey: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Se curityProviders\SCHANNEL\Ciphers\RC2 128/128
    RegistryKey: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Se curityProviders\SCHANNEL\Ciphers\RC2 40/128
    RegistryKey: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Se curityProviders\SCHANNEL\Ciphers\RC2 56/128
    RegistryKey: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Se curityProviders\SCHANNEL\Ciphers\RC4 128/128
    RegistryKey: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Se curityProviders\SCHANNEL\Ciphers\RC4 40/128
    RegistryKey: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Se curityProviders\SCHANNEL\Ciphers\RC4 56/128
    RegistryKey: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Se curityProviders\SCHANNEL\Ciphers\Triple DES 168/168
    RegistryKey: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Se curityProviders\SCHANNEL\KeyExchangeAlgorithms\Dif fie-Hellman
    RegistryKey: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Se curityProviders\SCHANNEL\KeyExchangeAlgorithms\PKC S
    RegistryKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SecurityProviders\SCHANNEL\Ciphers\DES 56/56
    RegistryKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SecurityProviders\SCHANNEL\Ciphers\NULL
    RegistryKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms \Diffie-Hellman
    RegistryKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms \PKCS
    RegistryKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\BITS\Enum

    6. win32.services - Cant remember location.


    Any comments or solutions appreciated...
    Thanks
    John
    Last edited by GeorgeV; May 26th, 2010 at 03:38 AM.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Considering all the false positives...
    By amethyst in forum Malware Discussion
    Replies: 5
    Last Post: February 1st, 2008, 08:40 PM
  2. What to do about false positives?
    By phoenixgtr in forum Malware Discussion
    Replies: 3
    Last Post: May 18th, 2007, 10:59 PM
  3. JS.Feeb - false positives?
    By froggett in forum Malware Discussion
    Replies: 3
    Last Post: December 15th, 2006, 11:12 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •