False positive?

Discussion in 'ewido anti-spyware forum' started by Sperwer, Jun 4, 2007.

Thread Status:
Not open for further replies.
  1. Sperwer

    Sperwer Registered Member

    Joined:
    Jun 4, 2007
    Posts:
    5
    Is this also a false positive?
    Created at: 21:53:25 4-6-2007

    + Scan result:



    HKLM\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF} -> Adware.RogueSuspect : Ignored.


    ::Report end
     
  2. karl.ewido

    karl.ewido former ewido team

    Joined:
    Dec 9, 2005
    Posts:
    236
    Location:
    Germany
    Please send us an exported *.reg file of this detected Registry key:
    http://www.ewido.net/en/malware/
    Use for that the Windows Registry Editor (regedit.exe).

    In the Windows Start menu click on 'Run' enter now regedit.exe and press OK.

    Now search or go to the detected key (they look like folders in the Windows Explorer).

    Now select only this detected key, right click and choose in the context menu the Option 'Export..', now choose your desktop and a good filename.

    NOTE: Choose only the detected key for the export at the bottom of the 'Save as' dialog and not(!) ALL, this would export the whole Registry in huge files.
     
  3. Sperwer

    Sperwer Registered Member

    Joined:
    Jun 4, 2007
    Posts:
    5
    Hai Karl,
    After i did this in a bat.file:
    regedit /e sperwer.txt "HKEY_CLASSES_ROOT\CLSID\{3f2bbc05-40df-11d2-9455-00104bc936ff}"
    start notepad.exe sperwer.txt
    exit
    I Got this as a result:
    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{3f2bbc05-40df-11d2-9455-00104bc936ff}]
    @="Implements DocHostUIHandler"

    [HKEY_CLASSES_ROOT\CLSID\{3f2bbc05-40df-11d2-9455-00104bc936ff}\LocalServer32]
    @="D:\\WindowsXP_Compl.exe"


    [HKEY_CLASSES_ROOT\CLSID\{3f2bbc05-40df-11d2-9455-00104bc936ff}\ProgID]
    @="example.DocHostUIHandler"

    Ps: I have send ewido the reg-file as roguesuspect.reg
     
    Last edited: Jun 5, 2007
  4. karl.ewido

    karl.ewido former ewido team

    Joined:
    Dec 9, 2005
    Posts:
    236
    Location:
    Germany
    Please send us now a copy of this WindowsXP_Compl.exe file. Thanks.
     
  5. Sperwer

    Sperwer Registered Member

    Joined:
    Jun 4, 2007
    Posts:
    5
    Hai Karl,
    The file is on a dvd with a bundle of freeware with came with a magazine.
    I don't think it is harmfull, but i send you a copy.
    Many thanks sofar for helping me out!
     
Thread Status:
Not open for further replies.