Spyware Doctor False positive

Discussion in 'other anti-malware software' started by Holden4th, Sep 23, 2005.

Thread Status:
Not open for further replies.
  1. Holden4th

    Holden4th Registered Member

    Joined:
    Mar 27, 2005
    Posts:
    69
    MY freeware copy of spyware doctor picked this up during a scan and despite running NOD32 as well as Ewido in safe mode with System restore turned off both failed to find it. A quick google confirmed that this is definitely a trojan though exactly what it does I'm not sure.
     
  2. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    Re: NOD32 missed repsamo trojan

    Upload the file here. http://virusscan.jotti.org/ It may be a FP. Or you could try here: http://www.virustotal.com/flash/index_en.html
     
    Last edited: Sep 23, 2005
  3. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Re: NOD32 missed repsamo trojan

    If you can reproduce this find or if you have it available would you mind showing the location SpywareDoctor found this possible malware Please.
     
  4. Holden4th

    Holden4th Registered Member

    Joined:
    Mar 27, 2005
    Posts:
    69
    Re: NOD32 missed repsamo trojan

    I've restored from quarantine and this is what shows up in the log

    Trojan.Repsamo HKCR\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000} High
    Trojan.Repsamo HKCR\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}\InprocServer32 High
    Trojan.Repsamo HKCR\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}\ProgID High
    Trojan.Repsamo HKCR\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}\Programmable High
    Trojan.Repsamo HKCR\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}\TypeLib High
    Trojan.Repsamo HKCR\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}\VersionIndependentProgID High
    Trojan.Repsamo HKLM\Software\Classes\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000} High
    Trojan.Repsamo HKLM\Software\Classes\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}\InprocServer32 High
    Trojan.Repsamo HKLM\Software\Classes\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}\ProgID High
    Trojan.Repsamo HKLM\Software\Classes\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}\Programmable High
    Trojan.Repsamo HKLM\Software\Classes\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}\TypeLib High
    Trojan.Repsamo HKLM\Software\Classes\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}\VersionIndependentProgID High
    Trojan.Repsamo HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved##{5E2121EE-0300-11D4-8D3B-444553540000} High

    These were all in the registry.

    What is this?
     
  5. rumpstah

    rumpstah Registered Member

    Joined:
    Mar 19, 2003
    Posts:
    486
    Re: NOD32 missed repsamo trojan

    Hi Holden4th:

    If you have (had) an ATI video card, then this is most likely a false positive.

    Do not worry, you are not infected, those registry keys are merely used by ATI's menu.

    All they change is when one right clicks on the desktop one no longer sees the option for ATI Catalyst Control Center, that is all.


     
  6. Holden4th

    Holden4th Registered Member

    Joined:
    Mar 27, 2005
    Posts:
    69
    Re: NOD32 missed repsamo trojan

    Yes, I do have an ATI video card. After I deleted the (repsamo) files from my registry my ATI Catalyst Control desktop icon wouldn't work - not surprising considering. This prompted me to go to the ATI website and upgrade to the latest drivers so there is a positive spin off for all this.

    Thanks for your help.
     
  7. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Re: NOD32 missed repsamo trojan

    Glad it all worked out for ya. I have also taken the Liberty to edit the title and move the thread to a more appropriate Forum in hopes that the Spyware Doctor folks will drop by and notice the False positive you have found.

    It seems other Anti-Spyware programs have had ATI False positive issues in the past reported on other Forums but with different names.

    MS Antispyware F/P?

    Mzs.spoolserver32, probable false positive
     
    Last edited: Sep 24, 2005
  8. pctools

    pctools Registered Member

    Joined:
    Nov 24, 2004
    Posts:
    29
    Hi all,

    I am from PC Tools, maker of Spyware Doctor.

    Apologies for any inconviences caused due to the false positive. Thank you all for highlighting this as we take false positives seriously.

    We have fixed this issue with our latest live update: Refdb 3.03130

    If you are a registered customer, simply perform a Live Update within Spyware Doctor to ensure you have the latest update. Then perform a full scan and fix checked.

    However if you are using the free version, the updates are two versions behind. Please be patient as we have regular updates.

    Should you still have further problems with Spyware Doctor, you can also contact us directly at: http://www.pctools.com/contact/support/guide/spyware-doctor/

    Thank you.

    Regards,

    PC Tools
     
Loading...
Thread Status:
Not open for further replies.