Question

Discussion in 'other anti-malware software' started by Rico, May 21, 2007.

Thread Status:
Not open for further replies.
  1. Rico

    Rico Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    1,693
    Location:
    Texas
    Hi Guys,

    Yesterday none of my, security protections rang any bells. Ok today I visited several forums, read some, downloaded MVPS Hosts file, from Dozleng link, downloaded, installed update for AnyDVD from source, I've done this many times in the past. Next AnyDVD wants to reboot, so I delete some stuff, run CCleaner, schedule PD to do an offline defrag on next reboot:

    BoClean found a trojan (see pic)

    <comodo,comodo boclean, NOD32, Prevx1> resident crime fighters.

    The trojan was not allowed to start, so says Comodo Boclean, is this why NOD & Prevx were silent, because the trojan had yet to start?

    Next question - NOD is supposed to scan email, could the trojan be hiding in the email & be missed by NOD's check?

    Next question - If a file is in the spam folder highlighting it there, you read its for Cialis or Viagra, do not click anywhere, then delete, is this enough to liberate/set free the trojan? If yes, then shouldn't NOD picked up on this?

    Comodo Boclean - seems quite wonderful, no scans, small footprint, & a bad-ass pitt bull.

    Thanks & Take Care
    Rico
     

    Attached Files:

    • bo.png
      bo.png
      File size:
      6.1 KB
      Views:
      198
  2. Rico

    Rico Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    1,693
    Location:
    Texas
    Hi Guys,

    This trojan seems to be found at each reboot, smells like an FP.

    Does anyone remember the registry location, where the (4) are that denote restricted sites?

    Thanks
    Rico
     
  3. Londonbeat

    Londonbeat Registered Member

    Joined:
    Sep 21, 2006
    Posts:
    350
    If the size of Aec.sys is approx 140 bytes then it's probably a false positive, see here.
    You could email support[at]nsclean.com and see what they say.
     
  4. Rico

    Rico Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    1,693
    Location:
    Texas
    Hi LondonBeat,

    Thank You:thumb:

    I think Comodo is barking at nothing. Next I'll update activate AVG/AS, send Bo <temp> on demand re-boot & see what happens.
     

    Attached Files:

  5. Rico

    Rico Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    1,693
    Location:
    Texas
    Hi Guys,

    AVG/AS with Bo on demand, found nothing. Seems like or 99.99% sure, Bo has an FP. I'll do an SAS scan to add another 9.

    Thanks Take Care
    Rico
     
  6. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Virus total.
     
  7. Rico

    Rico Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    1,693
    Location:
    Texas
    Hi Aigle,

    Not following your drift

    Take Care
    Rico
     
  8. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    Hi Rico, I think Aigle means you can upload your file to virustotal for a second opinion. If Virustotal is busy you can use Jotti.

    Cheers, innerpeace
     
  9. Rico

    Rico Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    1,693
    Location:
    Texas
    Hi Innerpeace,

    I thought he meant total viruses found by scan. NOD32 found nothing.

    Thanks & Take Care
    Rico
     
  10. screamer

    screamer Registered Member

    Joined:
    Apr 14, 2006
    Posts:
    921
    Location:
    Big Apple USA
  11. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
  12. Rico

    Rico Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    1,693
    Location:
    Texas
    Hi Guys,

    Screamer - Thanks for the link:thumb: :thumb:

    Innerpeace - Thanks very much for the link. I posted at Comodo forum, but was not necessary.

    Nothing like wasting a few hours on a FP, but an FP is better than the real thing.

    Thanks & Take Care
    Rico
     
  13. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Ya I meant this indeed. Was not so clear, sorrry.
    So it,s a false positive indeed.
     
Thread Status:
Not open for further replies.