I have the same problem; however, SOPHOS ID's this as a trojan....Troj/LowZone-EX.
So it seems that it's not a false positive after all. See "Hi-Lited" area below.
[]][[]][[]][[]][[]][[]][[]][[]][[]][[]][[]][[]][[]][[]][[]][[]][[]][[]][[]
Troj/LowZone-EX is a Trojan for the Windows platform.
When first run Troj/LowZone-EX copies itself to the Desktop and User folders and creates the following files:
<Desktop>\Calciopoli.lnk
<Desktop>\Cerca Amici.lnk
<User>\My Documents\My Music\U2 - Collection.lnk
<User>\PrintHood\Epson Stylus Photo 3BN.lnk
<User>\Start Menu\Conigliette del Mese.lnk
Troj/LowZone-EX changes the Start Page for Microsoft Internet Explorer by setting the registry entry:
HKCU\Software\Microsoft\Internet Explorer\Main\Start Page
The following registry entries are set, affecting internet security:
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\acquadirose.com\
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\acquadirose.com\www\
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\acquadirose.com\www
*
2
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\cywanstorage.biz\
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\cywanstorage.biz\www\
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\cywanstorage.biz\www
*
2
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\defaultbar.com\
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\defaultbar.com\www\
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\defaultbar.com\www*
2
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\forteforte.com\
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\forteforte.com\www\
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\forteforte.com\www
*
2
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gooogle.bz\
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gooogle.bz\www\
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gooogle.bz\www
*
2
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\playmore.biz\
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\playmore.biz\www\
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\playmore.biz\www
*
2
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\scalalap.com\
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\scalalap.com\www\
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\scalalap.com\www
*
2
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\semeterapia.com\
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\semeterapia.com\www\
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\semeterapia.com\www
*
2
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tuttaqualita.com\
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tuttaqualita.com\www\
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tuttaqualita.com\www
*
2
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
1004
0
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
1201
0
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
MinLevel
0
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
RecommendedLevel
0
[]][[]][[]][[]][[]][[]][[]][[]][[]][[]][[]][[]][[]][[]][[]][[]][[]][[]][[]
So, what do we do now? I can't pay over $200 bucks to get rid of one bug. I'll do a fresh install before I do that.
Anyone have any suggestions?
