For those using Boclean

Discussion in 'other anti-malware software' started by Tarq57, May 21, 2007.

Thread Status:
Not open for further replies.
  1. Tarq57

    Tarq57 Registered Member

    Joined:
    Oct 7, 2006
    Posts:
    966
    Location:
    Wellington NZ
  2. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Almost unbelievable that a security software reports a valid Windows system file as a false positive. I can understand any other system file from another software, but WINDOWS ? Don't they test anything anymore nowadays,
    before giving it to users ? Sigh :rolleyes:
     
  3. EliteKiller

    EliteKiller Registered Member

    Joined:
    Jan 18, 2007
    Posts:
    1,138
    Location:
    TX
    Some trojans and other malware modify windows files. If you allow them to be deleted you will need to replace them with original windows versions or you'll probably end up in an endless reboot cycle.

    Examples:

    sfc.dll modified by bankfraud trojan
    ndis.sys modified by spambot
     
  4. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Thanks for the info. I didn't know this, but in this case it wouldn't matter.
    My boot-to-restore will fix this automatically. :)
     
  5. sukarof

    sukarof Registered Member

    Joined:
    Jun 22, 2004
    Posts:
    1,714
    Location:
    Stockholm Sweden
    Ive seen on other forums than some have this alert. I wonder what happens really. Most of us who use Boclean do not get this false positive, and all of us do have this file in question.... o_O
    I mean if it is a false positive shouldnt all the users with boclean installed and running get the FP?

    Could it be that with all the security software that we have nowadays could have something to do with it?
    I mean security software dig deep into window and acts as a layer interpreting the data flow and something goes wrong there when it is the next security software turn to interpret the data flow? provided it is actually a false positive and not a valid alert.
    I admit I do not know how security software work really, it was just a mental picture that poped up in my head.
     
  6. Rico

    Rico Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    1,694
    Location:
    Texas
    Hi Guys,

    Windows will replace the file, should you allow Bo to delete & clean the registry. Next reboot its back. Been there done that.

    The correct size of aec.sys is 140 kb, so a larger size would be a tip off. Thanks to LondonBeat for the size.

    Also the recent M$ patch tuesday, may have modified/replaced contributing to the problem, causing Bo to go a little nuts. Perhaps the folks, who did not patch tuesday don't have th FP.

    also on this subject see: https://www.wilderssecurity.com/showthread.php?t=175259.

    There seeing alot of posts on FP's at Comodo.

    Take Care
    Rico
     
  7. sukarof

    sukarof Registered Member

    Joined:
    Jun 22, 2004
    Posts:
    1,714
    Location:
    Stockholm Sweden
    Thanks Rico, I forgot all about the infamous windows updates. I noticed that I have 1 critical and 3 windows patches waiting for download at windows update. I do not know why I have not been alerted to these, but I will download them to see if I can join you all reporting a false positive :)
     
  8. Tarq57

    Tarq57 Registered Member

    Joined:
    Oct 7, 2006
    Posts:
    966
    Location:
    Wellington NZ
    Originally posted by Rico
    Which is the size of the AEC.SYS file detected, here.
     
  9. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    On my computer I have two aec.sys :
    C:\WINDOWS\Driver Cache\i386\aec.sys = 140KB
    C:\WINDOWS\system32\drivers\aec.sys = 140KB
     
  10. Rico

    Rico Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    1,694
    Location:
    Texas
    Hi Guys,

    Bo has 4 updates waiting today, which seems to have fixed the FP.

    Erik - I also have aec.sys, all over the hd, thats how windows can replace it, after Bo's supposedly deleted it.

    Take Care
    Rico
     
  11. Huupi

    Huupi Registered Member

    Joined:
    Sep 2, 2006
    Posts:
    2,024
    Also the recent M$ patch tuesday, may have modified/replaced contributing to the problem, causing Bo to go a little nuts. Perhaps the folks, who did not patch tuesday don't have th FP.

    Haven't patched yet at M$ update,though i get the BC alert !!
     
Loading...
Thread Status:
Not open for further replies.