Possible false alarm

Discussion in 'ewido anti-spyware forum' started by dvk01, May 29, 2006.

Thread Status:
Not open for further replies.
  1. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    I am helping someone clear up here
    http://forums.techguy.org/security/470768-help-major-spyware-issues.html#post3649876

    Ewido has discovered maslan.b & quarantined what appears to be legit files

    any comments please

    here are a ist of the files

    C:\ACTIVDOC\SETUP\01\search\SWISH-E.exe -> Worm.Maslan.b : Cleaned with backup
    C:\ACTIVDOC\SETUP\ACTVINST.EXE -> Worm.Maslan.b : Cleaned with backup
    C:\ACTIVDOC\SETUP\ARJ.EXE -> Worm.Maslan.b : Cleaned with backup
    C:\ACTIVDOC\SETUP\SETUP.EXE -> Worm.Maslan.b : Cleaned with backup
    C:\ACTIVDOC\SETUP\TOOLS\CHECKHS.EXE -> Worm.Maslan.b : Cleaned with backup
    C:\ACTIVDOC\SETUP\TOOLS\SOFTLIST.EXE -> Worm.Maslan.b : Cleaned with backup
    C:\ACTIVDOC\SETUP\TOOLS\TATTHARD.EXE -> Worm.Maslan.b : Cleaned with backup
    C:\ACTIVDOC\SETUP\TOOLS\XP\CHECKHS.EXE -> Worm.Maslan.b : Cleaned with backup
    C:\ACTIVDOC\SETUP\TOOLS\XP\TATTHARD.EXE -> Worm.Maslan.b : Cleaned with backup
    C:\Documents and Settings\All Users\Documents\AOL Downloads\AOL9\comps\acs\acssetup.exe -> Worm.Maslan.b : Cleaned with backup
    C:\Documents and Settings\All Users\Documents\AOL Downloads\AOL9\comps\asp\aspsetup.exe -> Worm.Maslan.b : Cleaned with backup
    C:\Documents and Settings\All Users\Documents\AOL Downloads\AOL9\comps\coach\aolcinst.exe -> Worm.Maslan.b : Cleaned with backup
    C:\Documents and Settings\All Users\Documents\AOL Downloads\AOL9\comps\flash\FlashAX.exe -> Worm.Maslan.b : Cleaned with backup
    C:\Documents and Settings\All Users\Documents\AOL Downloads\AOL9\comps\fw\nisale.exe -> Worm.Maslan.b : Cleaned with backup
    C:\Documents and Settings\All Users\Documents\AOL Downloads\AOL9\comps\qt\qt.exe -> Worm.Maslan.b : Cleaned with backup
    C:\Documents and Settings\All Users\Documents\AOL Downloads\AOL9\comps\rp\RealPl8.exe -> Worm.Maslan.b : Cleaned with backup
    C:\Documents and Settings\All Users\Documents\AOL Downloads\AOL9\comps\rp\rp9codec.exe -> Worm.Maslan.b : Cleaned with backup
    C:\Documents and Settings\All Users\Documents\AOL Downloads\AOL9\comps\toolbar\toolbr.exe -> Worm.Maslan.b : Cleaned with backup
    C:\Documents and Settings\All Users\Documents\AOL Downloads\AOL9\comps\vwpt\VPPrePop.exe -> Worm.Maslan.b : Cleaned with backup
    C:\Documents and Settings\All Users\Documents\AOL Downloads\AOL9\comps\vwpt\Vwpt.exe -> Worm.Maslan.b : Cleaned with backup
    C:\Documents and Settings\All Users\Documents\AOL Downloads\AOL9\Setup90.exe -> Worm.Maslan.b : Cleaned with backup
    C:\DRIVERS\SETUP\ARJ.EXE -> Worm.Maslan.b : Cleaned with backup
    C:\DRIVERS\SETUP\ARJ.PIF -> Worm.Maslan.b : Cleaned with backup
    C:\DRIVERS\SETUP\BIOSLOCK.EXE -> Worm.Maslan.b : Cleaned with backup
    C:\DRIVERS\SETUP\BIOSLOCK.PIF -> Worm.Maslan.b : Cleaned with backup
    C:\DRIVERS\SETUP\DELTREEW.EXE -> Worm.Maslan.b : Cleaned with backup
    C:\DRIVERS\SETUP\INFO.EXE -> Worm.Maslan.b : Cleaned with backup
    C:\DRIVERS\SETUP\INFO.PIF -> Worm.Maslan.b : Cleaned with backup
    C:\DRIVERS\SETUP\INSTDRV.EXE -> Worm.Maslan.b : Cleaned with backup
    C:\DRIVERS\SETUP\MAKELST.EXE -> Worm.Maslan.b : Cleaned with backup
    C:\DRIVERS\SETUP\MAKELST.PIF -> Worm.Maslan.b : Cleaned with backup
    C:\DRIVERS\SETUP\NTEXTHS.EXE -> Worm.Maslan.b : Cleaned with backup
    C:\DRIVERS\SETUP\NTMKLST.EXE -> Worm.Maslan.b : Cleaned with backup
    C:\DRIVERS\SETUP\RESTORE.EXE -> Worm.Maslan.b : Cleaned with backup
    C:\DRIVERS\SETUP\SHUTGUI.EXE -> Worm.Maslan.b : Cleaned with backup
    C:\DRIVERS\SETUP\TREECRC.EXE -> Worm.Maslan.b : Cleaned with backup
    C:\DRIVERS\SETUP\WSWITCH.EXE -> Worm.Maslan.b : Cleaned with backup
    C:\PNP\VIDEO\setupDLL\IsUninst.exe -> Worm.Maslan.b : Cleaned with backup
    C:\PNP\VIDEO\setupDLL\WAITWND.EXE -> Worm.Maslan.b : Cleaned with backup
    C:\Program Files\AOL 9.0a\download\stub.exe -> Worm.Maslan.b : Cleaned with backup
    C:\Program Files\AOL 9.0a\download\trial_setup.exe -> Worm.Maslan.b : Cleaned with backup
    C:\Program Files\Common Files\aolshare\Coach\acpredir.exe -> Worm.Maslan.b : Cleaned with backup
    C:\Program Files\Common Files\aolshare\Coach\AolCInUn.exe -> Worm.Maslan.b : Cleaned with backup
    C:\Program Files\Common Files\aolshare\Coach\Player\aolnysev.exe -> Worm.Maslan.b : Cleaned with backup
    C:\Program Files\Common Files\aolshare\Coach\uk_uk\ab3.exe -> Worm.Maslan.b : Cleaned with backup
    C:\Program Files\Common Files\aolshare\Coach\uk_uk\player\AolCabLauncher.exe -> Worm.Maslan.b : Cleaned with backup
    C:\Program Files\Common Files\aolshare\Coach\uk_uk\player\AOLNySEV.exe -> Worm.Maslan.b : Cleaned with backup
    C:\Program Files\Common Files\aolshare\Coach\uk_uk\player\tranplug.exe -> Worm.Maslan.b : Cleaned with backup
    C:\Program Files\Common Files\aolshare\Coach\unsupp.exe -> Worm.Maslan.b : Cleaned with backup
    C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe -> Worm.Maslan.b : Cleaned with backup
    C:\Program Files\Common Files\Microsoft Shared\MSInfo\OFFPRV10.EXE -> Worm.Maslan.b : Cleaned with backup
    C:\Program Files\Common Files\Microsoft Shared\MSSearch\Bin\SrchAdmStp.exe -> Worm.Maslan.b : Cleaned with backup
    C:\Program Files\Common Files\Microsoft Shared\Office10\DW.EXE -> Worm.Maslan.b : Cleaned with backup
    C:\Program Files\Common Files\Microsoft Shared\Office10\MSO7FTP.EXE -> Worm.Maslan.b : Cleaned with backup
    C:\Program Files\Common Files\Microsoft Shared\Office10\MSO7FTPA.EXE -> Worm.Maslan.b : Cleaned with backup
    C:\Program Files\Common Files\Microsoft Shared\Office10\MSO7FTPS.EXE -> Worm.Maslan.b : Cleaned with backup
    C:\Program Files\Common Files\Microsoft Shared\Office10\MSOICONS.EXE -> Worm.Maslan.b : Cleaned with backup
    C:\Program Files\Common Files\Microsoft Shared\Speech\sapisvr.exe -> Worm.Maslan.b : Cleaned with backup
    C:\Program Files\MSN\MSNCoreFiles\Setup\msnunin.exe -> Worm.Maslan.b : Cleaned with backup
    C:\Program Files\Voyager100Test\Setup\w2k\ins_pppoe.exe -> Worm.Maslan.b : Cleaned with backup
    C:\Program Files\Voyager100Test\Setup\xp\ins_pppoe.exe -> Worm.Maslan.b : Cleaned with backup
    C:\Program Files\VoyagerTest\Setup\w2k\ins_pppoe.exe -> Worm.Maslan.b : Cleaned with backup
    C:\Program Files\VoyagerTest\Setup\xp\ins_pppoe.exe -> Worm.Maslan.b : Cleaned with backup
     
    Last edited: May 29, 2006
  2. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    After doing some further investigations it does appear that the detections are almost certainly correct and the original files have been overwritten by this worm
     
Thread Status:
Not open for further replies.