False Positive ??

Greetings one and all,

I just ran a scan by Spyware Doctor which turned up a nasty trojan, called <trojan.popuper.downloader.> in my system volume information folder, a totally hidden system folder that took me a trip to MS to find out how to open.

At first NOD didn't scan it, said the folder was "invalid"; but when I finally got access to it, it did a scan and found nothing. (The file Spyware Doctor had cited was a back-up of a CCleaner setup file). I ran scans by Spy Sweeper, AVG anti-spy, and A-Squared, just for good measure, and the all came up with zilch, nada.

Then I ran Spyware Doctor again, and it now says "zero infections" are on my HD.

My concern is that the description of Trojan.Popuper.Downloader was especially nasty, doing terrible things that would make Atilla the Hun blush. Of course, SD also said they could easily "fix" my "problem" if I only purchased their (lovely) software..

Is there a chance this scan may have been a false positive ?? Perhaps an overzealous reading that just coincidentally suggested the "only cure" was to purchase the scanning company's product ?? Hm-m. IF anyone has had any dealings with this particular bad guy (the trojan, that is), would you speak up ?


//

 

Since this is more a Spyware Doctor issue as it relates to a possible False positive by that program....I have taken the liberty to move your thread to a more appropriate forum. Here you can have a better chance of SD users dropping by with the latest FP's of this program.

Bubba

 

Yes...it is more than likly a false positive,

Just yesterday, I ran a Spyware Doctor Scan and it came up with the same traojan (trojan.popuper.donloader). It was labeliong the uninstall file from CCleaner as a this trojan.

CCleaner does not have any trojans in it. I am certain that Spyware Doctor has made a mistake. They also labeled the unisntall file from edido 4 as this same trojan. Somehow, I doubt that Ewido has a trojan in it.

Spywae Doctor takes a pretty aggressive stance against Spyware, which I like. But that policy leads to a few false positives.

 

Bingo! That's exactly the same file SD flagged on my box: CCleaner uninstall (under a different name, and as an .exe file, of course).

But then it's even more Twilight Zone: I got a positive from my SpySweeper but not on the same file, but some other (sorry I didn't write down the name; it was ~4:30 AM when all this was occurring), and yet another (and yet a different file) from SuperSpyware, which I am trialling. The latter two were not described as big problems -- as opposed the nasty baddie that SD alleged to have found -- but still makes one wonder.

Maybe it was the too many anti-malware apps running in so short a time the gods decided they had to give me *something* to worry about !!

Btw, I've had NOD32 running on my computer for about six weeks now and it has yet to find anything even suspicious even though I've done a full scan every other day. If NOD doesn't find anything, the drive must be clean, right ?

 

Hi SamSpade

If the SAS detection was possibly f/p could you report this using the software function(report f/p) or post in their f/p's forum for review.The relevent information will be contained in the software logs and the file should be restorable from quarantine to allow for uploading/rechecking.

http://forums.superantispyware.com/

This one has got my curiosity going since one software with f/p is the norm but to have 3 softwares throwing up suspected f/p's in a short space of time is puzzling with some underlying cause.

TIA

 

No, you can't assume that your drive is clean simply because NOD doesn't find anything. If that were the case, why have any antispyware at all? NOD is a world class product, and is going to catch and stop most of the nasties, but it's not sufficient to be your stand alone catch all for all malware (no product can do this).

Pretty much, the safe thing to do is to run NOD in conjuction with a top notch firewall and a top notch antispyware. I consider Spyware to be top notch. But you must be willing to put up with an occassional false positive with Spyware Doctor. They take an aggressive stance against spyware and this results in more fp's than with some other options.

 

Signed up just to respond to this thread.

I have Trend Micro Anti-Virus and SpySweeper. Both (especially Trend) have been finding a nasty virus that has been impossible for me to get rid of. It is a worm RBot.ERA (the p2pnetworking.exe virus) that seems to have a associated installer in it too. When I boot up the system and quickly open Task Manager, there it sits in the processes . . . INSTALLER. Most of the time the Trend Anti-Virus quarantines a file called b.exe. I think that I've finally gotten rid of p2pnetworking.exe, but this INSTALLER is still there. As long as the INSTALLER is listed as an active application in Task Manager, I cannot open Regedit from the Run program. It says another program is using the application. Basically it blocks access to the Registry.

I too have just now run Spyware Doctor and it found the same trojan installer. It is there for me for sure, so it may be true positive for you as well.

Merry CHRISTmas,

scott