[Fixed:] False Positive I think - Mischel Internet Security Forum

Jobs | About | Blog | Contact

Download TrojanHunter Now
Free 30-day trial!

Latest TrojanHunter Version:
TrojanHunter 5.0

Order Now
License file delivered within minutes.

Welcome, Guest. Please Login or Register.

Aug 8^th, 2008, 2:04pm

   Mischel Internet Security Forum
   TrojanHunter
   TrojanHunter Guard (Moderators: Helena, Gavin_Coe, Magnus)
   [Fixed:] False Positive I think

« Previous topic | Next topic »

Pages: 1

Notify of replies

Send Topic

Author

Topic: [Fixed:] False Positive I think (Read 1064 times)

fjwag3
Newbie

Posts: 27

[Fixed:] False Positive I think
« on: May 3^rd, 2006, 4:30pm »

Quote

Modify

Yesterday I cleaned what I thought was PWSteal.Small.105 trojan, ascode.dll trojan module. Today when I fired up my Security Task Manager I get the error message, no ascode.dll. So I re-installed STM and THG immediately flagged it. My AntiVir generally catches anything before THG as you know, it doesn't flag it.

Ok, more, when I scan the file directly with the scanner, its a negative. Run Task Manager and THG flags it.

regards

« Last Edit: May 4^th, 2006, 12:28am by siliconman01 »

IP Logged

Gavin_Coe
Trojan Analyst

Posts: 1943

Re: False Positive I think
« Reply #1 on: May 3^rd, 2006, 5:57pm »

Quote

Modify

Hi, should be fixed. Update and then restart the guard and let me know what happens ?

IP Logged

fjwag3
Newbie

Posts: 27

Re: False Positive I think
« Reply #2 on: May 3^rd, 2006, 6:07pm »

Quote

Modify

Nope, not yet. I cleared cache and ran ccleaner, still getting flagged.

Memory scan
Found trojan module ascode.dll loaded into process explorer.exe (1736): PWSteal.Small.105
Found trojan module ascode.dll loaded into process TaskMan.exe (3092): PWSteal.Small.105
File scan (autostarted files, running executables)
2 trojan files found

IP Logged

Gavin_Coe
Trojan Analyst

Posts: 1943

Re: False Positive I think
« Reply #3 on: May 3^rd, 2006, 6:16pm »

Quote

Modify

Should be right now 64309 rules

IP Logged

fjwag3
Newbie

Posts: 27

Re: False Positive I think
« Reply #4 on: May 3^rd, 2006, 6:31pm »

Quote

Modify

That's a winner, thanks Grin

IP Logged

siliconman01
Global Moderator

Trojans! Chew 'em Up, Spit 'em Out...

Gender: male

Posts: 5576

Re: False Positive I think
« Reply #5 on: May 4^th, 2006, 12:06am »

Quote

Modify

fjwag3,

Quote:

So I re-installed STM and THG immediately flagged it. My AntiVir generally catches anything before THG as you know

Just for info, you probably did not need to re-install. When TH scanner or THGuard "quarantines" a file, all it does is tack on a .tcf extension to the file to neutralize it. All that is required to get the file back in service is to remove the .tcf extension.

« Last Edit: May 4^th, 2006, 12:07am by siliconman01 »

IP Logged

______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!

fjwag3
Newbie

Posts: 27

Re: [Fixed:] False Positive I think
« Reply #6 on: Aug 20^th, 2006, 10:33pm »

Quote

Modify

Awrite, same deal tonite. TH flagged my Security Task Manager.

Memory scan
Found trojan module ascode.dll loaded into process TaskMan.exe (2092): TrojanSpy.Keylogger.153

regards
#3

IP Logged

siliconman01
Global Moderator

Trojans! Chew 'em Up, Spit 'em Out...

Gender: male

Posts: 5576

Re: [Fixed:] False Positive I think
« Reply #7 on: Aug 21^st, 2006, 1:40am »

Quote

Modify

I've emailed Gavin to check this thread. Sorry you are getting an FP detection again. Sad

IP Logged

______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!

Gavin_Coe
Trojan Analyst

Posts: 1943

Re: [Fixed:] False Positive I think
« Reply #8 on: Aug 21^st, 2006, 2:35am »

Quote

Modify

Looking at the rule, surprised it is triggering Huh

Removed, thanks for the heads up. I'll have to work out a way to prevent memory FP's now.. Grin

IP Logged

Pages: 1

Notify of replies

Send Topic


« Previous topic \| Next topic »

Search

Members

Login

Register