Download TrojanHunter Now
Free 30-day trial!
Latest TrojanHunter Version:
TrojanHunter 5.0
Order Now
License file delivered within minutes.
Welcome, Guest. Please Login or Register.
Oct 8th, 2008, 6:23am
   Mischel Internet Security Forum
   Malware
   Trojans (Moderators: Helena, Gavin_Coe, Magnus)
   Resolved..Thanks!False Pos with Vista Start Menu??		 « Previous topic | Next topic »
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print
   Author  Topic: Resolved..Thanks!False Pos with Vista Start Menu??  (Read 408 times)
wilpower
Junior Member
**





   


Posts: 67
Resolved..Thanks!False Pos with Vista Start Menu??
« on: May 1st, 2007, 10:20am »		 Quote Quote  Modify Modify
Hey all>  
I was wondering if anyone else has encounter Trojan Hunter discovering a 'trojan' accompanied with the use of Vista Start Menu?
Thanks for any input. Cool
« Last Edit: May 3rd, 2007, 8:22pm by wilpower » IP Logged
Use of COMODO Internet Security products is not only advised; use is "Highly Recommended"

http://Comodo.com

LIVE LIKE YOU MEAN IT! THINK LIKE YOU CARE!
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5662
Re: False Pos with Vista Start Menu??
« Reply #1 on: May 1st, 2007, 2:10pm »		 Quote Quote  Modify Modify
Quote:
Quote:Hi Siliconman> Could this be why TH 'apparantly' identified a trojan in the Vista Start Menu start up File?  
All other scans came up with nothing.  
 
 
 
Yes, it could very well be a Vista incompatibility problem.  What file did it show as Trojan on your Vista Start Menu?

 
Above as posted in your other post on this.  
 
However, I just completed setting up a new Dell E521 with Vista Premium on which I put TH V4.6.930.  TH did not report any malicous files during 7 days that I ran it; however, there were other problems on TH and THGuard.
 
I recommend that you submit the suspect file to Gavin for analysis.
 
http://www.misec.net/forum/board/FAQ/1139308293
« Last Edit: May 1st, 2007, 2:12pm by siliconman01 » IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
wilpower
Junior Member
**





   


Posts: 67
Re: False Pos with Vista Start Menu??
« Reply #2 on: May 1st, 2007, 3:37pm »		 Quote Quote  Modify Modify
File is submitted as you requested.
I will await further direction.
thanks again siliconman. Cool
IP Logged
Use of COMODO Internet Security products is not only advised; use is "Highly Recommended"

http://Comodo.com

LIVE LIKE YOU MEAN IT! THINK LIKE YOU CARE!
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5662
Re: False Pos with Vista Start Menu??
« Reply #3 on: May 2nd, 2007, 12:42am »		 Quote Quote  Modify Modify
Holler if you do not get a resolution in fairly short order.  Wink
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
wilpower
Junior Member
**





   


Posts: 67
Re: False Pos with Vista Start Menu??
« Reply #4 on: May 2nd, 2007, 9:49am »		 Quote Quote  Modify Modify
on May 2nd, 2007, 12:42am, siliconman01 wrote:
Holler if you do not get a resolution in fairly short order.  Wink

 
Thank you, I will do that.
An interesting note> After I compress zipped the file and submitted it for analysis, I have run subsiquent scans with TH and low and behold " no trojan was found" and Vista Start Menu functions without any problems Huh
Mmmmm.... Cool
« Last Edit: May 2nd, 2007, 9:50am by wilpower » IP Logged
Use of COMODO Internet Security products is not only advised; use is "Highly Recommended"

http://Comodo.com

LIVE LIKE YOU MEAN IT! THINK LIKE YOU CARE!
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5662
Re: False Pos with Vista Start Menu??
« Reply #5 on: May 2nd, 2007, 10:16am »		 Quote Quote  Modify Modify
Maybe Gavin snuck in a fix on you  Cheesy
 
BTW, is this VistaStartMenu.dll on a Vista system or XP or whatever system?
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
wilpower
Junior Member
**





   


Posts: 67
Re: False Pos with Vista Start Menu??
« Reply #6 on: May 2nd, 2007, 10:28am »		 Quote Quote  Modify Modify
on May 2nd, 2007, 10:16am, siliconman01 wrote:
Maybe Gavin snuck in a fix on you  Cheesy
 
BTW, is this VistaStartMenu.dll on a Vista system or XP or whatever system?  

 
Thanks Siloconman:
The file is from a 'program' called Vista Start Menu which "mimics" the Vista Start Menu on an XP operating system...... check it out   www.vistastartmenu.com/updates.html
Hope this helps Cool
« Last Edit: May 2nd, 2007, 10:29am by wilpower » IP Logged
Use of COMODO Internet Security products is not only advised; use is "Highly Recommended"

http://Comodo.com

LIVE LIKE YOU MEAN IT! THINK LIKE YOU CARE!
wilpower
Junior Member
**





   


Posts: 67
Re: False Pos with Vista Start Menu??
« Reply #7 on: May 3rd, 2007, 11:12am »		 Quote Quote  Modify Modify
on May 2nd, 2007, 12:42am, siliconman01 wrote:
Holler if you do not get a resolution in fairly short order.  Wink

 
Hello siliconman> I thought I would have resolution and a definitive answer but nothing from Gavin.
Just updated Vista Start Menu and TH  had these hits:
 
 
Registry scan
No suspicious entries found
Inifile scan
No suspicious entries found
Port scan
No suspicious open ports found
Memory scan
Found trojan module VistaStartMenu.dll loaded into process explorer.exe (1604): PWSteal.Maran.143
Found trojan module VistaStartMenu.dll loaded into process pgaccount.exe (3044): PWSteal.Maran.143
Found trojan module VistaStartMenu.dll loaded into process WinPatrol.exe (328Cool: PWSteal.Maran.143
Found trojan module VistaStartMenu.dll loaded into process hpgs2wnd.exe (3336): PWSteal.Maran.143
Found trojan module VistaStartMenu.dll loaded into process LVComS.exe (3344): PWSteal.Maran.143
Found trojan module VistaStartMenu.dll loaded into process hpgs2wnf.exe (3372): PWSteal.Maran.143
Found trojan module VistaStartMenu.dll loaded into process igfxpers.exe (340Cool: PWSteal.Maran.143
Found trojan module VistaStartMenu.dll loaded into process hkcmd.exe (3472): PWSteal.Maran.143
Found trojan module VistaStartMenu.dll loaded into process igfxsrvc.exe (3504): PWSteal.Maran.143
File scan (autostarted files, running executables)
9 trojan files found
 
 
I'm pretty sure these are "false positives"
Could someone please advise
Thank you Cool
 
 
« Last Edit: May 3rd, 2007, 11:18am by wilpower » IP Logged
Use of COMODO Internet Security products is not only advised; use is "Highly Recommended"

http://Comodo.com

LIVE LIKE YOU MEAN IT! THINK LIKE YOU CARE!
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5662
Re: False Pos with Vista Start Menu??
« Reply #8 on: May 3rd, 2007, 11:35am »		 Quote Quote  Modify Modify
I'm 98% certain these are false positives.  I've emailed Gavin to check this forum post and the possible/probable false positive.  
 
Sorry for the inconvenience. Embarassed
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
Gavin_Coe
Trojan Analyst
*****





   
WWW  

Posts: 2038
Re: False Pos with Vista Start Menu??
« Reply #9 on: May 3rd, 2007, 8:17pm »		 Quote Quote  Modify Modify
Thanks, fixed now for LiveUpdate users and will be in the next zip Smiley
IP Logged
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print

« Previous topic | Next topic »
Search
Members
Login
Register