prevx ,possible fp

Discussion in 'other anti-malware software' started by virtumonde, Feb 7, 2008.

Thread Status:
Not open for further replies.
  1. virtumonde

    virtumonde Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    504
    Hi.I recently downloaded prevx csi free,i used it in the past ,but heard about the upgrade.,so i decided to give it a try.It found these 2 files on my pc,it looks like the villons got me:) ,but i think they are fp.If so i will be very dissapointed
    http://i246.photobucket.com/albums/gg96/kayali_2007/2008-02-08_045506prevx.png

    http://www.virustotal.com/analisis/6d593874e80ffe864d20384973d9dd08
    http://www.virustotal.com/analisis/ef92d1c95f3587f528e61f693c1d5eb2
    Can someone from prevx confirm? I did not found theyir forum
     
    Last edited: Feb 7, 2008
  2. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,121
    Location:
    Mountaineer Country
    Hi, did you check the Prevx links at the bottom of the VirusTotal links you posted. They provide a little more information. Here they are.
    http://info.prevx.com/aboutprogramtext.asp?PX5=7F60912D00A8F6C9C81301A24CC76E003CB6A59D
    http://info.prevx.com/aboutprogramtext.asp?PX5=3A15C58C00EF54D9AAC72C88C3FEB80023D95E5E

    Prevx forums can also be found at CastleCops.com. http://www.castlecops.com/f146-Prevx.html

    Is there a way to submit the files to Prevx through CSI? That may be your best bet. It looks like there FP's, according to VT, but it always good to be sure and/or report them as FP's.

    I hope this helps,
    innerpeace
     
  3. Stijnson

    Stijnson Registered Member

    Joined:
    Nov 7, 2007
    Posts:
    533
    Location:
    Paranoia Heaven
    The Prevx info on the explorer.exe file states that it is normally located in x:\Windows\system32-folder, but on Virtumonde's box it is located in c:\windows. Perhaps that's why CSI reports it?
     
  4. virtumonde

    virtumonde Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    504
    I have vista ultimate sp1 .As far as i know is ok for explorer.exe to be in C/Windows .And spyware quake alert is definetly a fp.I ran hijack this and no traces of it.I recently installed service pack 1,i had to remove the security programs,and that is why i got worriyed seeing this.I ran dr web cure it,it found nothing.Thank you both for your answers
     
  5. Biscuit

    Biscuit Registered Member

    Joined:
    May 26, 2006
    Posts:
    978
    Location:
    Isle of Man
    SpywareQuake is a serious fake anti-spyware product. Why are you suggesting that it's detection is a FP?
     
  6. virtumonde

    virtumonde Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    504
    I don't see the simptoms.I will install kaspersky tonight ,as i'm at work write now.But i don't have pop-ups ,no slow browsing,no suspicious autoloading programs from registry,as far as hijack this log shows,nothing,only the prevx alert.
     
  7. EraserHW

    EraserHW Malware Expert

    Joined:
    Oct 19, 2005
    Posts:
    588
    Location:
    Italy
    Hello,

    please can you send me a log of Prevx CSI along with a copy of these two files?
    Tell me when you're ready and I'll give you my e-mail address thru pm.

    Many thanks,

    Marco
     
  8. virtumonde

    virtumonde Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    504
    This is nice.I arrived home ran prevx again and is clean now.I don't remember seeing dr web detecting something.Marco if u still need it i'll send u the log and the files(you've got to tell me how to do that(the files).
    Lukas if you still need it pm me and i'll send you the log.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.