Counterspy Alert Help!!

Discussion in 'other anti-malware software' started by Ptah, May 13, 2006.

Thread Status:
Not open for further replies.
  1. Ptah

    Ptah Registered Member

    Joined:
    Feb 25, 2006
    Posts:
    170
    Counterspy just alerted me that I have two trojan on my pc that nod32 and bioclean did not detect. My I think the log is saying there is something in my FD-ISR but I am not sure. I will post the second when I have rescaned.

    AFX Windows Rootkit 2003 Backdoor more information...
    Details: AFX Windows Rootkit 2003 is a backdoor trojan.
    Status: Quarantined

    Infected files detected
    C:\WINDOWS\system32\RSSControl.dll
    c:\$isr\$isr
    c:\$isr\$app\documentation\isrhelp21.chm
    c:\$isr\$app\firstdefense-isr.exe
    c:\$isr\$app\firstdefense-isr.exe.manifest
    c:\$isr\$app\isr.ico
    c:\$isr\$app\isrcmd.exe
    c:\$isr\$app\isrcmd.exe.manifest
    c:\$isr\$app\isrcontrol.exe
    c:\$isr\$app\isrcopyctrl.dll
    c:\$isr\$app\isrmonitor.exe
    c:\$isr\$app\isrmonitor.exe.manifest
    c:\$isr\$app\isrschedule.dll
    c:\$isr\$app\isrsettings.dll
    c:\$isr\$app\isrviewlogs.exe
    c:\$isr\$app\isrviewlogs.exe.manifest
    c:\$isr\$app\isrwait.exe
    c:\$isr\$app\isrwait.exe.manifest
    c:\$isr\$app\leapfrogtools.dll
    c:\$isr\$app\license.rtf
    c:\$isr\$app\mbrbackup.exe
    c:\$isr\$app\mbrbackup.exe.manifest
    c:\$isr\$app\readme.txt
    c:\$isr\$app\setup\$isrbin
    c:\$isr\$app\setup\boot.bin
    c:\$isr\$app\setup\isr.bin
    c:\$isr\$app\setup\isrcopy2k.exe
    c:\$isr\$app\setup\isrcopyrss.exe
    c:\$isr\$app\setup\isrmonitor.exe
    c:\$isr\$app\setup\isrservice.exe
    c:\$isr\$app\setup\isrsetup.exe
    c:\$isr\$app\setup\isrsetup.log
    c:\$isr\$app\setup\mbr.bin
    c:\$isr\$app\setup\mbrtool.exe
    c:\$isr\$app\setup\mbr_readme.txt
    c:\$isr\$app\setup\removeall.exe
    c:\$isr\$app\setup\setuprss.exe
    c:\$isr\$app\sounds\taskcompleted.wav
    c:\$isr\$app\supportinfo.exe
    c:\$isr\$app\supportinfo.txt
    c:\$isr\$logs\45633277.log
    c:\$isr\$logs\45640517.log
    c:\$isr\$logs\45842326.log
    c:\$isr\$logs\46180195.log
    c:\$isr\$logs\46309435.log
    c:\$isr\$logs\46310549.log
    c:\$isr\$logs\46625223.log
    c:\$isr\$logs\46742583.log
    c:\$isr\$logs\47033303.log
    c:\$isr\$logs\isr.log
    c:\$isr\$mbr\mbrtool.exe
    c:\$isr\$mbr\origmbr.bin
    c:\$isr\$mbr\readme.txt
    C:\$ISR\0\ISRCopy.exe
    C:\$ISR\0\ISRCopy2K.exe
    C:\$ISR\0\ISRService.exe
    C:\$ISR\0\MBR.bin
    C:\$ISR\0\OrigMBR.bin
    C:\$ISR\0\SAVE\RSSControl.dll
    C:\$ISR\1\$ISR

    Infected registry entries detected
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    ISR_MONITOR
     
  2. eburger68

    eburger68 Privacy Expert

    Joined:
    Mar 4, 2002
    Posts:
    244
    Ptah:

    This detection is a confirmed false positive on the part of CounterSpy. So far as I can tell from looking at your log, you do not have a rootkit on your system.

    This false positive will be corrected in the next update to CounterSpy's definitions, which should occur Tuesday or Wednesday. Please accept our apologies for the undue alarm this detection might have caused.

    Best regards,

    Eric L. Howes
    Director of Malware Research
    Sunbelt Software
     
  3. Ptah

    Ptah Registered Member

    Joined:
    Feb 25, 2006
    Posts:
    170
    Thank you for responding so quickly. I had a feeling but I was not to sure about it. The final outcome was that counterspy quarantined it which caused problems with the program. I finally had to uninstall it completely but even that had errors in it. So in the end my FD-ISR program is ruined I can not install again without getting errors.:oops:

    I have been using counterspy for a good amount of time now and this has been the only false positive but this one time has cost me pocket wise, program wise and time because FD-ISR was a recent purchase and had been working 5/5 for two weeks plus trial. I know from time to time this may happen with software but my faith in this product has been shaken and I must re-evaluate its usefullness amongest my security applications. I can ill afford this to happen to any other program on my computer. It is hard to believe that I am the only person to have Counterspy and FirstDefense ISR installed on their computer but if I am, I hope this error will help others before it does any damage to anyone else.

    Thank you,

    Ptah
     
Loading...
Thread Status:
Not open for further replies.