|
|
#1
December 14th, 2004, 08:51 AM
|
||||
|
||||
GIANT false positive?
Hi, people. Giant found NicTech.BM2, a trojan downloader, on my PC, which was missed by on-demand scans by my non-resident copies of TDS-3, McAfee VSE 8.0i, my AV, and Ewido (I ran most of these in Safe Mode, too).
As I'm at work, I can't tell you the registry keys (I am assuming that all of the apps listed above check the registry thoroughly on max settings) that GIANT fingered. One of the knowledgeable people on these forums, who I PM'd, suggested that it could be a false positive, as he obtained the same result, updated his GIANT definitions, & found it didn't turn up again. I unquarantined the reg keys, updated my defs, but had the same result. Any clues, anyone? Thanks. |
|
#2
December 14th, 2004, 09:39 AM
|
|||
|
|||
|
Re: GIANT false positive?
Yes, I had the same FP as did others on DSLreports. I emailed them. I never received a reply but it appears that with the lastest update the FP is gone. Unfortunately, I have not found an easy way to report all of the FPs I have been getting lately. They should provide a mechanism for reporting the lastest results via an email directly to their tech support. If such a mechanism exists, I have not been able to locate it yet.
Rich |
|
#3
December 14th, 2004, 09:44 AM
|
|||
|
|||
Re: GIANT false positive?
Yes, it's a False Positive.
 It's picking up an open with ... registery entry for the .cab extension ... relating to WinZip & WinRAR ... It's a valid entry. NicTech.BM2 Trojan Downloader The Regs Key were ... HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cab\OpenWithList HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cab\OpenWithProgids If you update to Def # 5677, you will see this issue has been corrected. HTH, Steve |
|
#4
December 14th, 2004, 02:58 PM
|
||||
|
||||
|
Re: GIANT false positive?
Thanks to both of you, richrf and the (delightfully-named) dog!
I've updated my defs again today, to 5677, after unquarantining the reg keys, and we're back to normal. To be honest, I'm finding GIANT to be a very enjoyable app to use, & this event has at least brought me alive to possible ways of identifying an FP, although I'll still carry on in my justly-paranoid way (How do you identify a Wilders Forum freak ? (S)he's the one who doesn't think 'rubber prophylactics' when you say 'Trojan'). Okay.. as you can see, my jokes ain't up to much, so I won't risk anymore... |
| « Previous Thread | Next Thread » |
| Thread Tools | Search this Thread |
|
|
