Jump to content
CCleaner Community Forums
Sign in to follow this  
steve1368

False positives?

Recommended Posts

Did my regular scanning with online trend micro virus scan, then with avast. Nothing surfaced, all OK.

 

Then scanned with a squared. Got 2 items as malware.

 

Filename:

C:\WINDOWS\system32\AS-Exp2.ocx

C:\WINDOWS\system32\AS-IFce1.ocx

 

Diagnosis:

Backdoor.MSWord.Nutshell

Backdoor.MSWord.Nutshell

 

This time I didn't delete anything [ if you remember,I had a bad experience b4, http://forum.CCleaner.com/index.php?showtopic=1426&hl= ]

 

Wondering if those are false positives.

 

Cheers

Share this post


Link to post
Share on other sites

I believe that those are trojans. Try a scan with ewido to see if it finds them as well. http://www.ewido.net/en/

 

Wait to see what Tarun or DjLizard say but I personally would remove those. If ewido finds them than I would deffinately remove them. Also remember to update ewido before you scan with it.

Share this post


Link to post
Share on other sites
I believe that those are trojans. Try a scan with ewido to see if it finds them as well. http://www.ewido.net/en/

 

Wait to see what Tarun or DjLizard say but I personally would remove those. If ewido finds them than I would deffinately remove them. Also remember to update ewido before you scan with it.

 

Will try that tonite.Thanks

Share this post


Link to post
Share on other sites

Did you see This that trojan is the most popular detection of a2 for the past three days. It's been known for a while that their were vulnerabilities in word. Let us know if ewido finds the infections as well. If not I bet it's a new infection that will be added to the rest of the scanners soon. Though you never know it could be a false positive. I dought that it is I'm sure we will probably here more about that trojan soon. Good luck :) .

Share this post


Link to post
Share on other sites
I believe that those are trojans. Try a scan with ewido to see if it finds them as well. http://www.ewido.net/en/

 

Wait to see what Tarun or DjLizard say but I personally would remove those. If ewido finds them than I would deffinately remove them. Also remember to update ewido before you scan with it.

 

 

 

 

Did that, nothing found

 

Upload them to here:  http://virusscan.jotti.org/

 

 

 

 

Did it again for the 2nd time , nothing found.

 

 

I scanned again with a squared this evening. Guess...this time nothing found. I'm truly puzzled. The only thing I did last nite was to run my regular Tarun's anti-malware package, that's it, nothing else.

 

Now, nothing found with a squared.

 

I'm delighted but also very puzzled, how "backdoor" can just disappear ?

 

Anybody has any clue ?

 

Steve

Share this post


Link to post
Share on other sites

Since you know where the infected files are look for them manually maybe they were deleated by the malware scanners you ran. Do you have an AV with an active scanner maybe that deleated it.

Share this post


Link to post
Share on other sites
I'm delighted but also very puzzled, how "backdoor" can just disappear ?

 

 

 

Suppose if it's at all sophisticated enough to know it's being scanned it may "deactivate or hide" itself. Or your antivirus/antimalware may have already taken care of it since trojans, worms, etc., are usually automatically deleted since they aren't necessary executibles.

Share this post


Link to post
Share on other sites
Since you know where the infected files are look for them manually maybe they were deleated by the malware scanners you ran. Do you have an AV with an active scanner maybe that deleated it.

 

 

 

Suppose if it's at all sophisticated enough to know it's being scanned it may "deactivate or hide" itself. Or your antivirus/antimalware may have already taken care of it since trojans, worms, etc., are usually automatically deleted since they aren't necessary executibles.

 

 

 

Did a manual check , both files still there.

I have avast home resident scanner, msas & outpost pro running all the time.

 

Is there anyway to check further to be really sure, or should I just post here my current HJT log for analysis.

Share this post


Link to post
Share on other sites

It couldnt hurt to post a HJT log. Try this: refind the infected files then right click on them and choose to scan them with Avast see if it detects them as malware.

Share this post


Link to post
Share on other sites
It couldnt hurt to post a HJT log. Try this: refind the infected files then right click on them and choose to scan them with Avast see if it detects them as malware.

 

 

 

 

Did that with avast & ewido.....nothing

 

I'll post my new hijack this log in a new topic.

Hopefully nothing nasty.

 

Thanks

Share this post


Link to post
Share on other sites

Hi all. About AS-IFce1.ocx I have nothing to say, but I know that AS-Exp2.ocx is an ActiveX control I have used in my VB6 projects. Unfortunately I lost it so I've no GUID to compare. If I'll find anything I'll be back. In my opinion u don't have to be worried about them.

Share this post


Link to post
Share on other sites

So... as-exp2.ocx - Ariad Explorer Controls

as-ifce1.ocx - Ariad Interface Components

Ariad components was made by Cyotek which was taken by Innovasys.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...