PDA

View Full Version : FP's??

Bugbatter
May 7th, 2007, 07:35 PM
Anybody run into this? :o


ewido anti-spyware online scanner
http://www.ewido.net
__________________________________________________

Name: Trojan.Obfuscated.dr
Path: [1388] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
Risk: High

Name: Trojan.Obfuscated.dr
Path: C:\Program Files\Common Files\AOL\1136908079\EE\AOLSoftware.exe
Risk: High

Name: Trojan.Obfuscated.dr
Path: C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
Risk: High

Name: Trojan.Obfuscated.dr
Path: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Risk: High

Name: Trojan.Obfuscated.dr
Path: C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
Risk: High

Name: Trojan.Obfuscated.dr
Path: C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
Risk: High

Name: Trojan.Obfuscated.dr
Path: C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
Risk: High

Name: Trojan.Obfuscated.dr
Path: C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
Risk: High

Name: Trojan.Obfuscated.dr
Path: C:\Program Files\Iomega\DriveIcons\deskup.exe
Risk: High

Name: Trojan.Obfuscated.dr
Path: C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
Risk: High

Name: Trojan.Obfuscated.dr
Path: C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
Risk: High

Name: Trojan.Obfuscated.dr
Path: C:\Program Files\Pure Networks\Port Magic\PortAOL.exe
Risk: High

Name: Trojan.Obfuscated.dr
Path: C:\Program Files\QuickTime\qttask.exe
Risk: High

Name: Trojan.Obfuscated.dr
Path: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
Risk: High
LoneWolf
May 7th, 2007, 08:51 PM
Just did a scan with this and came up clean. No FP's here. You should get a second opinion.SAS is a very good one.There's a link in my sig.
ASpace
May 8th, 2007, 01:57 AM
This is definitely FP . Update your signatures to see if this happens again .

About this
-{ Quote: "Path: C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe" }-

Your JAVA is very old and exposes you to risk.
Open Add/Remove programs in Control Panel , find this old Java RE old version 1.4 and uninstall it . Reboot after that . Goto C:\Program files and manually delete folder with name Java.

If you are going to use Java RE , visit their site http://java.sun.com and download the latest version
karl.ewido
May 8th, 2007, 03:06 AM
Bugbatter, please send us some copies of the files that are detected as Trojan.Obfuscated.dr:
http://www.ewido.net/en/support/?AID=34
Bugbatter
May 8th, 2007, 01:09 PM
Thanks for replying. :)

We may be a bit late, but we'll ask for them to be submitted if they are still available.
http://www.dellcommunity.com/supportforums/board/message?board.id=si_hijack&message.id=60464&query.id=269830#M60464
peter.ewido
May 9th, 2007, 05:14 AM
I highly doubt that this is a fp. In general, when a single detection affects so many normally different files, it's very unlikely that it's a fp. There is a lot malware out there that replaces legitimate files...[/URL] [URL="http://dict.leo.org/ende?lp=ende&p=/gQPU.&search=legitimately"] (http://dict.leo.org/ende?lp=ende&p=/gQPU.&search=legitimately)
Bugbatter
May 9th, 2007, 10:29 AM
I agree. 8)