Download TrojanHunter Now
Free 30-day trial!
Latest TrojanHunter Version:
TrojanHunter 5.0
Order Now
License file delivered within minutes.
Welcome, Guest. Please Login or Register.
Jul 5th, 2008, 6:01am
   Mischel Internet Security Forum
   Malware
   Trojans (Moderators: Helena, Gavin_Coe, Magnus)
   False Positive on MSI K9A2  Mother board driv		 « Previous topic | Next topic »
Pages: 1    Notify of replies Notify of replies   Send Topic Send Topic   Print Print
   Author  Topic: False Positive on MSI K9A2  Mother board driv  (Read 552 times)
PAN_IRISH
Senior Member
****





   


Gender: male
 Posts: 487
False Positive on MSI K9A2  Mother board driv
« on: Jan 24th, 2008, 11:55pm »
! Submitting files to Submit@misec.net
 
 
Found trojan file: C:\Documents and Settings\ADMINISTRATOR CLARKE\Desktop\G71-MA31014 (D)\Install\SENDKEY\GCBTHook.dll (Monitor.GoldenEye.100)
 
Found trojan file: C:\Documents and Settings\ADMINISTRATOR CLARKE\Desktop\G71-MA31014 (D)\Install4\GCBTHook.dll (Monitor.GoldenEye.100)
 
SCAN REPORT attached here>
 
Found trojan file: C:\Documents and Settings\ADMINISTRATOR CLARKE\Desktop\G71-MA31014 (D)\Install\SENDKEY\GCBTHook.dll (Monitor.GoldenEye.100)
Found trojan file: C:\Documents and Settings\ADMINISTRATOR CLARKE\Desktop\G71-MA31014 (D)\Install4\GCBTHook.dll (Monitor.GoldenEye.100)
Found NTFS alternate data stream: C:\Documents and Settings\ADMINISTRATOR CLARKE\Favorites\ESET Online Scanner.url:favicon:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\ADMINISTRATOR CLARKE\Favorites\Memory upgrades, flash media, and usb storage at Crucial.com.url:favicon:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\ADMINISTRATOR CLARKE\Favorites\Microsoft Download Center.url:favicon:$DATA
Warning: Executable file with double extensions found: C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.Vsa\7.0.5000.0__b03f5f7f11 d50a3a\Microsoft.VisualBasic.Vsa.dll
Warning: Executable file with double extensions found: C:\WINDOWS\assembly\GAC\Microsoft.Vsa\7.0.5000.0__b03f5f7f11d50a3a\Micro soft.Vsa.dll
Warning: Executable file with double extensions found: C:\WINDOWS\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.W eb.dll
Warning: Executable file with double extensions found: C:\WINDOWS\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\System.X ml.dll
Warning: Executable file with double extensions found: C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.W eb.dll
Warning: Executable file with double extensions found: C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f 11d50a3a\Microsoft.VisualBasic.Vsa.dll
Warning: Executable file with double extensions found: C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Mic rosoft.Vsa.dll
Warning: Executable file with double extensions found: C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System .XML.dll
Warning: Executable file with double extensions found: C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5 c561934e089_4b803f22\System.Xml.dll
Warning: Executable file with double extensions found: C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.Vsa.d ll
Warning: Executable file with double extensions found: C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.Vsa.dll
Warning: Executable file with double extensions found: C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
Warning: Executable file with double extensions found: C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.XML.dll
Warning: Executable file with double extensions found: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa. dll
Warning: Executable file with double extensions found: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
Warning: Executable file with double extensions found: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
Warning: Executable file with double extensions found: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
Warning: Executable file with double extensions found: C:\WINDOWS\ServicePackFiles\i386\mscorrc.chs.dll
Warning: Executable file with double extensions found: C:\WINDOWS\ServicePackFiles\i386\mscorrc.cht.dll
Warning: Executable file with double extensions found: C:\WINDOWS\ServicePackFiles\i386\mscorrc.ger.dll
Warning: Executable file with double extensions found: C:\WINDOWS\ServicePackFiles\i386\mscorrc.kor.dll
Warning: Executable file with double extensions found: C:\WINDOWS\ServicePackFiles\i386\system.web.dll
Warning: Executable file with double extensions found: C:\WINDOWS\ServicePackFiles\i386\system.xml.dll
Warning: Executable file with double extensions found: C:\WINDOWS\ServicePackFiles\i386\vbc7ui.chs.dll
Warning: Executable file with double extensions found: C:\WINDOWS\ServicePackFiles\i386\vbc7ui.cht.dll
Warning: Executable file with double extensions found: C:\WINDOWS\ServicePackFiles\i386\vbc7ui.ger.dll
Warning: Executable file with double extensions found: C:\WINDOWS\ServicePackFiles\i386\vbc7ui.kor.dll
IP Logged
Keeping SECURITY the #1 issue!
Use Trojan Hunter 5.0
Like the American Express Card;don't leave home without it!
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5467
Re: False Positive on MSI K9A2  Mother board driv
« Reply #1 on: Jan 25th, 2008, 12:07am »
Thanks for the submittal.  Sorry about the FP.  Hopefully Gavin/Magnus will promptly issue a fix.  I'll email Gavin about this post.
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
PAN_IRISH
Senior Member
****





   


Gender: male
 Posts: 487
Re: False Positive on MSI K9A2  Mother board
« Reply #2 on: Jan 25th, 2008, 12:22am »
on Jan 25th, 2008, 12:07am, siliconman01 wrote:
Thanks for the submittal.  Sorry about the FP.  Hopefully Gavin/Magnus will promptly issue a fix.  I'll email Gavin about this post.

 
Never a need to apologize.
Just doing my part for TH by making the issue known to the Trojan Analyst Mr.Coe.
 
 
IP Logged
Keeping SECURITY the #1 issue!
Use Trojan Hunter 5.0
Like the American Express Card;don't leave home without it!
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5467
Re: False Positive on MSI K9A2  Mother board driv
« Reply #3 on: Jan 25th, 2008, 1:48am »
Holler back if you do not get this resolved in a reasonable timeframe.   Wink
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
PAN_IRISH
Senior Member
****





   


Gender: male
 Posts: 487
Re: False Positive on MSI K9A2  Mother board
« Reply #4 on: Jan 25th, 2008, 2:01am »
on Jan 25th, 2008, 1:48am, siliconman01 wrote:
Holler back if you do not get this resolved in a reasonable time frame.   Wink

 
Thanks,
I know what it is,
so if I need to run it,
Then I'll just disable the anti malware apps. and run it.
 
IP Logged
Keeping SECURITY the #1 issue!
Use Trojan Hunter 5.0
Like the American Express Card;don't leave home without it!
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5467
Re: False Positive on MSI K9A2  Mother board driv
« Reply #5 on: Jan 25th, 2008, 4:57am »
Please run LiveUpdate and see if the FP is repaired.  Gavin posted FP fixes have been issued.  Smiley
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
PAN_IRISH
Senior Member
****





   


Gender: male
 Posts: 487
Re: False Positive on MSI K9A2  Mother board
« Reply #6 on: Jan 25th, 2008, 6:35am »
on Jan 25th, 2008, 4:57am, siliconman01 wrote:
Please run LiveUpdate and see if the FP is repaired.  Gavin posted FP fixes have been issued.  Smiley

 
Yes,
He emailed me back and said it should be fixed.
I'll scan again now that I'm awake and see how it goes.
thank you,
IP Logged
Keeping SECURITY the #1 issue!
Use Trojan Hunter 5.0
Like the American Express Card;don't leave home without it!
PAN_IRISH
Senior Member
****





   


Gender: male
 Posts: 487
Re: False Positive on MSI K9A2  Mother board
« Reply #7 on: Jan 25th, 2008, 7:13am »
No Trojan file found.
 
You can lock the thread.
 
 Thanks,
 
See log of scan;
>>>>>>
 
 
Found NTFS alternate data stream: C:\Documents and Settings\ADMINISTRATOR CLARKE\Favorites\ESET Online Scanner.url:favicon:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\ADMINISTRATOR CLARKE\Favorites\Memory upgrades, flash media, and usb storage at Crucial.com.url:favicon:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\ADMINISTRATOR CLARKE\Favorites\Microsoft Download Center.url:favicon:$DATA
Warning: Executable file with double extensions found: C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.Vsa\7.0.5000.0__b03f5f7f11 d50a3a\Microsoft.VisualBasic.Vsa.dll
Warning: Executable file with double extensions found: C:\WINDOWS\assembly\GAC\Microsoft.Vsa\7.0.5000.0__b03f5f7f11d50a3a\Micro soft.Vsa.dll
Warning: Executable file with double extensions found: C:\WINDOWS\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.W eb.dll
Warning: Executable file with double extensions found: C:\WINDOWS\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\System.X ml.dll
Warning: Executable file with double extensions found: C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.W eb.dll
Warning: Executable file with double extensions found: C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f 11d50a3a\Microsoft.VisualBasic.Vsa.dll
Warning: Executable file with double extensions found: C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Mic rosoft.Vsa.dll
Warning: Executable file with double extensions found: C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System .XML.dll
Warning: Executable file with double extensions found: C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5 c561934e089_4b803f22\System.Xml.dll
Warning: Executable file with double extensions found: C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.Vsa.d ll
Warning: Executable file with double extensions found: C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.Vsa.dll
Warning: Executable file with double extensions found: C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
Warning: Executable file with double extensions found: C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.XML.dll
Warning: Executable file with double extensions found: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa. dll
Warning: Executable file with double extensions found: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
Warning: Executable file with double extensions found: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
Warning: Executable file with double extensions found: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
Warning: Executable file with double extensions found: C:\WINDOWS\ServicePackFiles\i386\mscorrc.chs.dll
Warning: Executable file with double extensions found: C:\WINDOWS\ServicePackFiles\i386\mscorrc.cht.dll
Warning: Executable file with double extensions found: C:\WINDOWS\ServicePackFiles\i386\mscorrc.ger.dll
Warning: Executable file with double extensions found: C:\WINDOWS\ServicePackFiles\i386\mscorrc.kor.dll
Warning: Executable file with double extensions found: C:\WINDOWS\ServicePackFiles\i386\system.web.dll
Warning: Executable file with double extensions found: C:\WINDOWS\ServicePackFiles\i386\system.xml.dll
Warning: Executable file with double extensions found: C:\WINDOWS\ServicePackFiles\i386\vbc7ui.chs.dll
Warning: Executable file with double extensions found: C:\WINDOWS\ServicePackFiles\i386\vbc7ui.cht.dll
Warning: Executable file with double extensions found: C:\WINDOWS\ServicePackFiles\i386\vbc7ui.ger.dll
Warning: Executable file with double extensions found: C:\WINDOWS\ServicePackFiles\i386\vbc7ui.kor.dll
IP Logged
Keeping SECURITY the #1 issue!
Use Trojan Hunter 5.0
Like the American Express Card;don't leave home without it!
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5467
Re: False Positive on MSI K9A2  Mother board driv
« Reply #8 on: Jan 25th, 2008, 9:16am »
Excellent...and thread locked  Wink
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
Pages: 1    Notify of replies Notify of replies   Send Topic Send Topic   Print Print

« Previous topic | Next topic »
Search
Members
Login
Register