FP's??

Discussion in 'ewido anti-spyware forum' started by Bugbatter, May 7, 2007.

Thread Status:
Not open for further replies.
  1. Bugbatter

    Bugbatter Security Expert

    Joined:
    Jun 2, 2004
    Posts:
    14
    Location:
    USA
    Anybody run into this? :eek:


    ewido anti-spyware online scanner
    http://www.ewido.net
    __________________________________________________

    Name: Trojan.Obfuscated.dr
    Path: [1388] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
    Risk: High

    Name: Trojan.Obfuscated.dr
    Path: C:\Program Files\Common Files\AOL\1136908079\EE\AOLSoftware.exe
    Risk: High

    Name: Trojan.Obfuscated.dr
    Path: C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    Risk: High

    Name: Trojan.Obfuscated.dr
    Path: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    Risk: High

    Name: Trojan.Obfuscated.dr
    Path: C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    Risk: High

    Name: Trojan.Obfuscated.dr
    Path: C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
    Risk: High

    Name: Trojan.Obfuscated.dr
    Path: C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
    Risk: High

    Name: Trojan.Obfuscated.dr
    Path: C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
    Risk: High

    Name: Trojan.Obfuscated.dr
    Path: C:\Program Files\Iomega\DriveIcons\deskup.exe
    Risk: High

    Name: Trojan.Obfuscated.dr
    Path: C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
    Risk: High

    Name: Trojan.Obfuscated.dr
    Path: C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
    Risk: High

    Name: Trojan.Obfuscated.dr
    Path: C:\Program Files\Pure Networks\Port Magic\PortAOL.exe
    Risk: High

    Name: Trojan.Obfuscated.dr
    Path: C:\Program Files\QuickTime\qttask.exe
    Risk: High

    Name: Trojan.Obfuscated.dr
    Path: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    Risk: High
     
  2. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,506
    Just did a scan with this and came up clean. No FP's here. You should get a second opinion.SAS is a very good one.There's a link in my sig.
     
  3. ASpace

    ASpace Guest

    This is definitely FP . Update your signatures to see if this happens again .

    About this
    Your JAVA is very old and exposes you to risk.
    Open Add/Remove programs in Control Panel , find this old Java RE old version 1.4 and uninstall it . Reboot after that . Goto C:\Program files and manually delete folder with name Java.

    If you are going to use Java RE , visit their site http://java.sun.com and download the latest version
     
  4. karl.ewido

    karl.ewido former ewido team

    Joined:
    Dec 9, 2005
    Posts:
    236
    Location:
    Germany
  5. Bugbatter

    Bugbatter Security Expert

    Joined:
    Jun 2, 2004
    Posts:
    14
    Location:
    USA
  6. peter.ewido

    peter.ewido former ewido team

    Joined:
    Nov 10, 2003
    Posts:
    737
    Location:
    Brno, Czech Republic
    I highly doubt that this is a fp. In general, when a single detection affects so many normally different files, it's very unlikely that it's a fp. There is a lot malware out there that replaces legitimate files...
     
  7. Bugbatter

    Bugbatter Security Expert

    Joined:
    Jun 2, 2004
    Posts:
    14
    Location:
    USA
    I agree. :cool:
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.