FP's??

Discussion in 'ewido anti-spyware forum' started by Bugbatter, May 7, 2007.

Thread Status:
Not open for further replies.
  1. Bugbatter

    Bugbatter Security Expert

    Joined:
    Jun 2, 2004
    Posts:
    14
    Location:
    USA
    Anybody run into this? :eek:


    ewido anti-spyware online scanner
    http://www.ewido.net
    __________________________________________________

    Name: Trojan.Obfuscated.dr
    Path: [1388] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
    Risk: High

    Name: Trojan.Obfuscated.dr
    Path: C:\Program Files\Common Files\AOL\1136908079\EE\AOLSoftware.exe
    Risk: High

    Name: Trojan.Obfuscated.dr
    Path: C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    Risk: High

    Name: Trojan.Obfuscated.dr
    Path: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    Risk: High

    Name: Trojan.Obfuscated.dr
    Path: C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    Risk: High

    Name: Trojan.Obfuscated.dr
    Path: C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
    Risk: High

    Name: Trojan.Obfuscated.dr
    Path: C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
    Risk: High

    Name: Trojan.Obfuscated.dr
    Path: C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
    Risk: High

    Name: Trojan.Obfuscated.dr
    Path: C:\Program Files\Iomega\DriveIcons\deskup.exe
    Risk: High

    Name: Trojan.Obfuscated.dr
    Path: C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
    Risk: High

    Name: Trojan.Obfuscated.dr
    Path: C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
    Risk: High

    Name: Trojan.Obfuscated.dr
    Path: C:\Program Files\Pure Networks\Port Magic\PortAOL.exe
    Risk: High

    Name: Trojan.Obfuscated.dr
    Path: C:\Program Files\QuickTime\qttask.exe
    Risk: High

    Name: Trojan.Obfuscated.dr
    Path: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    Risk: High
     
  2. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
    Just did a scan with this and came up clean. No FP's here. You should get a second opinion.SAS is a very good one.There's a link in my sig.
     
  3. ASpace

    ASpace Guest

    This is definitely FP . Update your signatures to see if this happens again .

    About this
    Your JAVA is very old and exposes you to risk.
    Open Add/Remove programs in Control Panel , find this old Java RE old version 1.4 and uninstall it . Reboot after that . Goto C:\Program files and manually delete folder with name Java.

    If you are going to use Java RE , visit their site http://java.sun.com and download the latest version
     
  4. karl.ewido

    karl.ewido former ewido team

    Joined:
    Dec 9, 2005
    Posts:
    236
    Location:
    Germany
  5. Bugbatter

    Bugbatter Security Expert

    Joined:
    Jun 2, 2004
    Posts:
    14
    Location:
    USA
  6. peter.ewido

    peter.ewido former ewido team

    Joined:
    Nov 10, 2003
    Posts:
    737
    Location:
    Brno, Czech Republic
    I highly doubt that this is a fp. In general, when a single detection affects so many normally different files, it's very unlikely that it's a fp. There is a lot malware out there that replaces legitimate files...
     
  7. Bugbatter

    Bugbatter Security Expert

    Joined:
    Jun 2, 2004
    Posts:
    14
    Location:
    USA
    I agree. :cool:
     
Thread Status:
Not open for further replies.