Possible false positive in Pestpatrol?

Discussion in 'malware problems & news' started by happyfeet, Oct 30, 2004.

Thread Status:
Not open for further replies.
  1. happyfeet

    happyfeet Registered Member

    Joined:
    Oct 30, 2004
    Posts:
    1
    Location:
    Canada
    Pestpatrol keeps finding trojan downloader.win32.agent.cp and i deleted this and put in quarantine. I have searched the web sites and they say this is a ccRegVfy.exe and has to do with Nortons. Some sites say to remove this while others say to keep this. Can somone here tell which is the right thing to do please? I have since put it back on but not sure if this was the right thing to do..Please help and thanks in advance.
     
  2. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,772
    Location:
    Texas
    happyfeet

    This is what I found.

    LIUtilities

    ccregvfy - ccregvfy.exe - Process Information

    Process File: ccregvfy or ccregvfy.exe
    Process Name: Common Client Registry Integrity Verifier.

    Description:
    ccregvfy.exe is a part of the Norton Internet Security Suite. This process check the integrity of registry entrees duriing the computer's boot-up for malicious changes, and for corruption. This program is important for the stable and secure running of your computer and should not be terminate
     
  3. bch

    bch Registered Member

    Joined:
    Oct 3, 2004
    Posts:
    122
    Location:
    Rochdale, UK
  4. axeslinger

    axeslinger Guest

    I have Pest Patrol and am getting that exact detection also. I wouldn't doubt it's another false positive. PP is famous for them.

    I always consider anything I find with Pest Patrol to be a FP first, because nearly every time it turns out to be one.

    That's one thing that I really dislike about Pest Patrol and some of the other spyware scanners, all the FP's make them nearly worthless.

    If your a newbie they can really drive you crazy because you may go ahead and delete something the scanner finds, assuming it was really malware, and then you could have all kinds of problems and not even be aware it was the so-called malware you just deleted with the so-called trusted anti-spyware program.

    I realize some FPs should be expected, but with this program they just never seem to end.
     
  5. muf

    muf Registered Member

    Joined:
    Dec 30, 2003
    Posts:
    926
    Location:
    Manchester, England
    If they reduced their database to 100 then i am sure they could maintain it and keep it false positive free. Their database is tens of thousands and as such will inevitabily generate a few false positives. A few out of thousands is not bad really imho. You can always swap to another application. But you'll find that the others generate FP's as well.

    muf
     
  6. bch

    bch Registered Member

    Joined:
    Oct 3, 2004
    Posts:
    122
    Location:
    Rochdale, UK
    muf.

    I can't agree with you. This latest example of a PestPatrol false positive has inevitably meant that thousands of people who have PP and NAV on their computers have gone ahead and blindly deleted the ccregvfy file. In PestPatrol's own words it said the certainty of this threat has been confirmed, (or something to that effect). It didn't say it might be a false positive or that care should be taken before deleting the file.

    Most of the people who frequent this forum are unlikely to delete anything and everything flagged up by any of their anti-spyware programmes, without investigating it first, but thousands of people will do just that. Then they wonder why this or that programme doesn't work anymore.

    You are perfectly correct to say that PP is not on its own when it comes to false positives but it certainly seems to be leading the field. (I still like, Cookie Patrol, however, lol).
     
  7. muf

    muf Registered Member

    Joined:
    Dec 30, 2003
    Posts:
    926
    Location:
    Manchester, England
    Well i have to agree that PP is high up the list of FP generators. But it is also quite a unique application in what it protects against. If you look at the list of malware it searches for then i think you will agree that there isn't another application that covers such a broad spectrum. Yes it has flaws, and one is the FP's. The good thing is that any deletion's are quarantined by default. If your pc plays happy for the next 2 or 3 weeks then delete them permanently. If your pc starts misbehaving then restore what you deleted. It's not perfect but there's no one application out there that covers the range of malware that PP does. I have been using PP for about 3 years now. I have learned to live with the flaws because i know once i start a scan that it will be looking for a lot of different types of malware. But i remain always wary of FP's.

    muf
     
  8. bch

    bch Registered Member

    Joined:
    Oct 3, 2004
    Posts:
    122
    Location:
    Rochdale, UK
    muf.

    Yes, fair comments.
     
  9. kevm

    kevm Registered Member

    Joined:
    May 5, 2004
    Posts:
    19
    not only does PP5 do that, but it detects the entire Norton antivirus Quarantine folder as an unknown pest. I use PP5 for the resident protection Only, and I never delete anything with it unless it is fully verified by another program, or by a support web site other then the CA web site
     
  10. BlueDaemon

    BlueDaemon Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    4
    Location:
    USA
    its becuase anything with "norton" sucks.no questions asked
     
Thread Status:
Not open for further replies.