Jump to content
CCleaner Community Forums
Sign in to follow this  
steve1368

False positives?

Recommended Posts

Did my regular scanning with online trend micro virus scan, then with avast. Nothing surfaced, all OK.

 

Then scanned with a squared. Got 2 items as malware.

 

Filename:

C:\WINDOWS\system32\AS-Exp2.ocx

C:\WINDOWS\system32\AS-IFce1.ocx

 

Diagnosis:

Backdoor.MSWord.Nutshell

Backdoor.MSWord.Nutshell

 

This time I didn't delete anything [ if you remember,I had a bad experience b4, http://forum.CCleaner.com/index.php?showtopic=1426&hl= ]

 

Wondering if those are false positives.

 

Cheers

Share this post


Link to post
Share on other sites

I believe that those are trojans. Try a scan with ewido to see if it finds them as well. http://www.ewido.net/en/

 

Wait to see what Tarun or DjLizard say but I personally would remove those. If ewido finds them than I would deffinately remove them. Also remember to update ewido before you scan with it.

Share this post


Link to post
Share on other sites
I believe that those are trojans. Try a scan with ewido to see if it finds them as well. http://www.ewido.net/en/

 

Wait to see what Tarun or DjLizard say but I personally would remove those. If ewido finds them than I would deffinately remove them. Also remember to update ewido before you scan with it.

 

Will try that tonite.Thanks

Share this post


Link to post
Share on other sites

Did you see This that trojan is the most popular detection of a2 for the past three days. It's been known for a while that their were vulnerabilities in word. Let us know if ewido finds the infections as well. If not I bet it's a new infection that will be added to the rest of the scanners soon. Though you never know it could be a false positive. I dought that it is I'm sure we will probably here more about that trojan soon. Good luck :) .

Share this post


Link to post
Share on other sites
I believe that those are trojans. Try a scan with ewido to see if it finds them as well. http://www.ewido.net/en/

 

Wait to see what Tarun or DjLizard say but I personally would remove those. If ewido finds them than I would deffinately remove them. Also remember to update ewido before you scan with it.

 

 

 

 

Did that, nothing found

 

Upload them to here:  http://virusscan.jotti.org/

 

 

 

 

Did it again for the 2nd time , nothing found.

 

 

I scanned again with a squared this evening. Guess...this time nothing found. I'm truly puzzled. The only thing I did last nite was to run my regular Tarun's anti-malware package, that's it, nothing else.

 

Now, nothing found with a squared.

 

I'm delighted but also very puzzled, how "backdoor" can just disappear ?

 

Anybody has any clue ?

 

Steve

Share this post


Link to post
Share on other sites

Since you know where the infected files are look for them manually maybe they were deleated by the malware scanners you ran. Do you have an AV with an active scanner maybe that deleated it.

Share this post


Link to post
Share on other sites
I'm delighted but also very puzzled, how "backdoor" can just disappear ?

 

 

 

Suppose if it's at all sophisticated enough to know it's being scanned it may "deactivate or hide" itself. Or your antivirus/antimalware may have already taken care of it since trojans, worms, etc., are usually automatically deleted since they aren't necessary executibles.

Share this post


Link to post
Share on other sites
Since you know where the infected files are look for them manually maybe they were deleated by the malware scanners you ran. Do you have an AV with an active scanner maybe that deleated it.

 

 

 

Suppose if it's at all sophisticated enough to know it's being scanned it may "deactivate or hide" itself. Or your antivirus/antimalware may have already taken care of it since trojans, worms, etc., are usually automatically deleted since they aren't necessary executibles.

 

 

 

Did a manual check , both files still there.

I have avast home resident scanner, msas & outpost pro running all the time.

 

Is there anyway to check further to be really sure, or should I just post here my current HJT log for analysis.

Share this post


Link to post
Share on other sites

It couldnt hurt to post a HJT log. Try this: refind the infected files then right click on them and choose to scan them with Avast see if it detects them as malware.

Share this post


Link to post
Share on other sites
It couldnt hurt to post a HJT log. Try this: refind the infected files then right click on them and choose to scan them with Avast see if it detects them as malware.

 

 

 

 

Did that with avast & ewido.....nothing

 

I'll post my new hijack this log in a new topic.

Hopefully nothing nasty.

 

Thanks

Share this post


Link to post
Share on other sites

Hi all. About AS-IFce1.ocx I have nothing to say, but I know that AS-Exp2.ocx is an ActiveX control I have used in my VB6 projects. Unfortunately I lost it so I've no GUID to compare. If I'll find anything I'll be back. In my opinion u don't have to be worried about them.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

×
×
  • Create New...