Download TrojanHunter Now
Free 30-day trial!
Latest TrojanHunter Version:
TrojanHunter 5.0
Order Now
License file delivered within minutes.
Welcome, Guest. Please Login or Register.
Jul 5th, 2008, 7:18pm
   Mischel Internet Security Forum
   TrojanHunter
   TrojanHunter Guard (Moderators: Helena, Gavin_Coe, Magnus)
   Online Armor FP		 « Previous topic | Next topic »
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print
   Author  Topic: Online Armor FP  (Read 723 times)
GeneBenson
Newbie
*





   


Posts: 4
Online Armor FP
« on: Sep 6th, 2006, 3:56am »		 Quote Quote  Modify Modify
I am a user of Tall Emu's Online Armour. With TH 4.6 and the latest rule set I get the following:
 
Suspicious registry entry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\OnlineArmor GUI
Suspicious registry entry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\OnlineArmor GUI
 
In the following pop-up window these are charaterised as trojan.generic.
 
These may be suspicious to TH but I can assure you they are legitiment entries.
 
This is on Windows XP SP2 with all current updates.
IP Logged
Randy_Bell
Global Moderator
*****




TrojanHunter is the Best!

40416585 40416585   randybell_98   atmrover
WWW   Email

Gender: male
 Posts: 2883
Re: Online Armor FP
« Reply #1 on: Sep 6th, 2006, 8:54am »		 Quote Quote  Modify Modify
If it offers a way for you to put that 'suspicious-entry' on your Ignore List, then that is the solution for now.  I will email Staff to see if this is a f.p. that needs to be fixed.  Since it only says "suspicious" I assume it is not so much an f.p. as an uneccessary warning {if that is a legit entry}.
IP Logged
Jrb
Full Member
***



I love YaBB 1G - SP1!

   


Posts: 207
Re: Online Armor FP
« Reply #2 on: Sep 6th, 2006, 4:56pm »		 Quote Quote  Modify Modify
Just guessing: could it be that this is something similar as what is seen in this thread:
http://forum.misec.net/board/TrojanHunter/1157490264
 
The differences:
In the other thread:
- Win98SE
- other programs
- reg-entries in RunServices and Run
In this thread:
- XP
- reg-entries in RunOnce and Run
IP Logged
GeneBenson
Newbie
*





   


Posts: 4
Re: Online Armor FP
« Reply #3 on: Sep 6th, 2006, 11:43pm »		 Quote Quote  Modify Modify
Thanks guys for the help. Randy, I cannot find a way to exclude these entries. Jrb, that thread did explain why I am getting this.
IP Logged
Gavin_Coe
Trojan Analyst
*****





   
WWW  

Posts: 1899
Re: Online Armor FP
« Reply #4 on: Sep 20th, 2006, 2:27am »		 Quote Quote  Modify Modify
RunONCE should not have an entry in it, unless it keeps getting replaced each reboot. Very strange, I suggest deleting that runonce entry in the registry. Can you use the regedit jump and delete it yourself or do you need assistance ?
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5468
Re: Online Armor FP
« Reply #5 on: Sep 20th, 2006, 3:33am »		 Quote Quote  Modify Modify
TallEmu uses this technique (the RunOnce entry) to assist in a quick startup of OA on system reboot.  It's been their standard technique for quite some time.  
 
http://support.tallemu.com/forums/
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print

« Previous topic | Next topic »
Search
Members
Login
Register