Possible false alarm

Discussion in 'ewido anti-spyware forum' started by dvk01, May 29, 2006.

Thread Status:
Not open for further replies.
  1. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    I am helping someone clear up here
    http://forums.techguy.org/security/470768-help-major-spyware-issues.html#post3649876

    Ewido has discovered maslan.b & quarantined what appears to be legit files

    any comments please

    here are a ist of the files

    C:\ACTIVDOC\SETUP\01\search\SWISH-E.exe -> Worm.Maslan.b : Cleaned with backup
    C:\ACTIVDOC\SETUP\ACTVINST.EXE -> Worm.Maslan.b : Cleaned with backup
    C:\ACTIVDOC\SETUP\ARJ.EXE -> Worm.Maslan.b : Cleaned with backup
    C:\ACTIVDOC\SETUP\SETUP.EXE -> Worm.Maslan.b : Cleaned with backup
    C:\ACTIVDOC\SETUP\TOOLS\CHECKHS.EXE -> Worm.Maslan.b : Cleaned with backup
    C:\ACTIVDOC\SETUP\TOOLS\SOFTLIST.EXE -> Worm.Maslan.b : Cleaned with backup
    C:\ACTIVDOC\SETUP\TOOLS\TATTHARD.EXE -> Worm.Maslan.b : Cleaned with backup
    C:\ACTIVDOC\SETUP\TOOLS\XP\CHECKHS.EXE -> Worm.Maslan.b : Cleaned with backup
    C:\ACTIVDOC\SETUP\TOOLS\XP\TATTHARD.EXE -> Worm.Maslan.b : Cleaned with backup
    C:\Documents and Settings\All Users\Documents\AOL Downloads\AOL9\comps\acs\acssetup.exe -> Worm.Maslan.b : Cleaned with backup
    C:\Documents and Settings\All Users\Documents\AOL Downloads\AOL9\comps\asp\aspsetup.exe -> Worm.Maslan.b : Cleaned with backup
    C:\Documents and Settings\All Users\Documents\AOL Downloads\AOL9\comps\coach\aolcinst.exe -> Worm.Maslan.b : Cleaned with backup
    C:\Documents and Settings\All Users\Documents\AOL Downloads\AOL9\comps\flash\FlashAX.exe -> Worm.Maslan.b : Cleaned with backup
    C:\Documents and Settings\All Users\Documents\AOL Downloads\AOL9\comps\fw\nisale.exe -> Worm.Maslan.b : Cleaned with backup
    C:\Documents and Settings\All Users\Documents\AOL Downloads\AOL9\comps\qt\qt.exe -> Worm.Maslan.b : Cleaned with backup
    C:\Documents and Settings\All Users\Documents\AOL Downloads\AOL9\comps\rp\RealPl8.exe -> Worm.Maslan.b : Cleaned with backup
    C:\Documents and Settings\All Users\Documents\AOL Downloads\AOL9\comps\rp\rp9codec.exe -> Worm.Maslan.b : Cleaned with backup
    C:\Documents and Settings\All Users\Documents\AOL Downloads\AOL9\comps\toolbar\toolbr.exe -> Worm.Maslan.b : Cleaned with backup
    C:\Documents and Settings\All Users\Documents\AOL Downloads\AOL9\comps\vwpt\VPPrePop.exe -> Worm.Maslan.b : Cleaned with backup
    C:\Documents and Settings\All Users\Documents\AOL Downloads\AOL9\comps\vwpt\Vwpt.exe -> Worm.Maslan.b : Cleaned with backup
    C:\Documents and Settings\All Users\Documents\AOL Downloads\AOL9\Setup90.exe -> Worm.Maslan.b : Cleaned with backup
    C:\DRIVERS\SETUP\ARJ.EXE -> Worm.Maslan.b : Cleaned with backup
    C:\DRIVERS\SETUP\ARJ.PIF -> Worm.Maslan.b : Cleaned with backup
    C:\DRIVERS\SETUP\BIOSLOCK.EXE -> Worm.Maslan.b : Cleaned with backup
    C:\DRIVERS\SETUP\BIOSLOCK.PIF -> Worm.Maslan.b : Cleaned with backup
    C:\DRIVERS\SETUP\DELTREEW.EXE -> Worm.Maslan.b : Cleaned with backup
    C:\DRIVERS\SETUP\INFO.EXE -> Worm.Maslan.b : Cleaned with backup
    C:\DRIVERS\SETUP\INFO.PIF -> Worm.Maslan.b : Cleaned with backup
    C:\DRIVERS\SETUP\INSTDRV.EXE -> Worm.Maslan.b : Cleaned with backup
    C:\DRIVERS\SETUP\MAKELST.EXE -> Worm.Maslan.b : Cleaned with backup
    C:\DRIVERS\SETUP\MAKELST.PIF -> Worm.Maslan.b : Cleaned with backup
    C:\DRIVERS\SETUP\NTEXTHS.EXE -> Worm.Maslan.b : Cleaned with backup
    C:\DRIVERS\SETUP\NTMKLST.EXE -> Worm.Maslan.b : Cleaned with backup
    C:\DRIVERS\SETUP\RESTORE.EXE -> Worm.Maslan.b : Cleaned with backup
    C:\DRIVERS\SETUP\SHUTGUI.EXE -> Worm.Maslan.b : Cleaned with backup
    C:\DRIVERS\SETUP\TREECRC.EXE -> Worm.Maslan.b : Cleaned with backup
    C:\DRIVERS\SETUP\WSWITCH.EXE -> Worm.Maslan.b : Cleaned with backup
    C:\PNP\VIDEO\setupDLL\IsUninst.exe -> Worm.Maslan.b : Cleaned with backup
    C:\PNP\VIDEO\setupDLL\WAITWND.EXE -> Worm.Maslan.b : Cleaned with backup
    C:\Program Files\AOL 9.0a\download\stub.exe -> Worm.Maslan.b : Cleaned with backup
    C:\Program Files\AOL 9.0a\download\trial_setup.exe -> Worm.Maslan.b : Cleaned with backup
    C:\Program Files\Common Files\aolshare\Coach\acpredir.exe -> Worm.Maslan.b : Cleaned with backup
    C:\Program Files\Common Files\aolshare\Coach\AolCInUn.exe -> Worm.Maslan.b : Cleaned with backup
    C:\Program Files\Common Files\aolshare\Coach\Player\aolnysev.exe -> Worm.Maslan.b : Cleaned with backup
    C:\Program Files\Common Files\aolshare\Coach\uk_uk\ab3.exe -> Worm.Maslan.b : Cleaned with backup
    C:\Program Files\Common Files\aolshare\Coach\uk_uk\player\AolCabLauncher.exe -> Worm.Maslan.b : Cleaned with backup
    C:\Program Files\Common Files\aolshare\Coach\uk_uk\player\AOLNySEV.exe -> Worm.Maslan.b : Cleaned with backup
    C:\Program Files\Common Files\aolshare\Coach\uk_uk\player\tranplug.exe -> Worm.Maslan.b : Cleaned with backup
    C:\Program Files\Common Files\aolshare\Coach\unsupp.exe -> Worm.Maslan.b : Cleaned with backup
    C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe -> Worm.Maslan.b : Cleaned with backup
    C:\Program Files\Common Files\Microsoft Shared\MSInfo\OFFPRV10.EXE -> Worm.Maslan.b : Cleaned with backup
    C:\Program Files\Common Files\Microsoft Shared\MSSearch\Bin\SrchAdmStp.exe -> Worm.Maslan.b : Cleaned with backup
    C:\Program Files\Common Files\Microsoft Shared\Office10\DW.EXE -> Worm.Maslan.b : Cleaned with backup
    C:\Program Files\Common Files\Microsoft Shared\Office10\MSO7FTP.EXE -> Worm.Maslan.b : Cleaned with backup
    C:\Program Files\Common Files\Microsoft Shared\Office10\MSO7FTPA.EXE -> Worm.Maslan.b : Cleaned with backup
    C:\Program Files\Common Files\Microsoft Shared\Office10\MSO7FTPS.EXE -> Worm.Maslan.b : Cleaned with backup
    C:\Program Files\Common Files\Microsoft Shared\Office10\MSOICONS.EXE -> Worm.Maslan.b : Cleaned with backup
    C:\Program Files\Common Files\Microsoft Shared\Speech\sapisvr.exe -> Worm.Maslan.b : Cleaned with backup
    C:\Program Files\MSN\MSNCoreFiles\Setup\msnunin.exe -> Worm.Maslan.b : Cleaned with backup
    C:\Program Files\Voyager100Test\Setup\w2k\ins_pppoe.exe -> Worm.Maslan.b : Cleaned with backup
    C:\Program Files\Voyager100Test\Setup\xp\ins_pppoe.exe -> Worm.Maslan.b : Cleaned with backup
    C:\Program Files\VoyagerTest\Setup\w2k\ins_pppoe.exe -> Worm.Maslan.b : Cleaned with backup
    C:\Program Files\VoyagerTest\Setup\xp\ins_pppoe.exe -> Worm.Maslan.b : Cleaned with backup
     
    Last edited: May 29, 2006
    dvk01, May 29, 2006
    #1
  2. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    After doing some further investigations it does appear that the detections are almost certainly correct and the original files have been overwritten by this worm
     
    dvk01, May 29, 2006
    #2
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...