Zone Alarm Pro Antispyware: false alarm?

[Pfipps]

It picked up Win32.Trojan.Spy.DeskAd.2 in the registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NTREGOPT_is1

 

Is this a mistake by Zone alarm or a real trojan?

 

NTREGOPT is just a registry defrag program.

 

This got past NOD32 so I think it might be a false alarm, but I am not sure.

[rridgely]

Seems like a fasle alarm to me. Do you have ewido? Maybe do a scan with it and an online virus scanner if your worried about it.

 

Download Ewido Anti-Spyware

1. Load Ewido and then click the Update tab at the top. Under Manual Update click Start update.
   
2. After the update finishes (the status bar at the bottom will display "Update successful")
   
3. Click on the Scanner tab at the top and then click on Complete System Scan
   
4. Ewido will list any infections found on the left, when the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. Ewido will then display "All actions have been applied" on the right.
   
5. Click on "Save Report", then "Save Report As". This will create a text file which you can then save to the Desktop and post back
   

Run Kaspersky WebScanner

• Please go HERE and click Kaspersky Online Scanner
  
• Read and Accept the Agreement
  
• You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  
• If you see a Windows dialog asking if you want to install this software, click the Install button.
  
• The program will launch and then begin downloading the latest definition files,
  
• When the "Update progress" line changes to "Ready" and the "NEXT ->" button becomes available, please click on it.
  
• Click on the Scan Settings button, and in the next window select the Extended database, and click Ok.
  
• Under "Please select a target to scan:", click My Computer to start the scan.
  
• When the scan is finished, click the "Save as Text" button, and save the file as kavscan.txt to your Desktop, close the Kaspersky On-line Scanner window.
  
• Paste kaspersky log onto forum.
  

 

Like I said its probably nothing. Only do the above if you wish too.

[Pfipps]

Ewido found nothing and Kaspersky found nothing.

 

Here is the Kaspersky log

 

 

*Infected Object Name* *Virus Name* *Last Action*

C:\Documents and Settings\All Users\Application

Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is

locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application

Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application

Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local

Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local

Settings\Temp\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local

Settings\Temp\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary

Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet

Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked

skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is

locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application

Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application

Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked

skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is

locked skipped

C:\Documents and Settings\Owner\Cookies\index.dat Object is locked

skipped

C:\Documents and Settings\Owner\Local Settings\Application

Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Application

Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Owner\Local

Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Temp\~DFC236.tmp Object

is locked skipped

C:\Documents and Settings\Owner\Local Settings\Temporary Internet

Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Owner\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped

C:\Program Files\ESET\cache\CACHE.NDB Object is locked skipped

C:\Program Files\ESET\logs\virlog.dat Object is locked skipped

C:\Program Files\ESET\logs\warnlog.dat Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is

locked skipped

C:\WINDOWS\CSC\00000001 Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped

C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped

C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped

C:\WINDOWS\Internet Logs\*******.ldb Object is locked skipped

C:\WINDOWS\ModemLog_AC97 Soft Data Fax Modem with SmartCP.txt Object is

locked skipped

C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{0D3DF712-DC90-4BF1-AC36-697C6D2522DD}.crmlog

Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked

skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked

skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked

skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked

skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked

skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked

skipped

C:\WINDOWS\Temp\ZLT01475.TMP Object is locked skipped

C:\WINDOWS\Temp\ZLT01478.TMP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

*Scan process completed.*

 

I also ran Spybot, i found nothing, and uninstalled NTREGOPT, and then ran regsupreme pro.

[rridgely]

Then it was just a false positive.

NTREGOPT is a valid program(I use it myself) I just offered the above as a piece of mind.

 

I haven't tried ZA's antispyware yet but I believe its more then likely a rebranded etrust pest patrol.(do you know?) Pest Patrol does have its fair share of false positives so maybe thats whats wrong.