ctrlaltdelete

Experts
  • Content count

    162
  • Joined

  • Last visited

About ctrlaltdelete

  • Rank
    Advanced Member

Contact Methods

  • ICQ
    0

Profile Information

  • Location
    Netherlands
  1. FP

    Yes i know. It's created by a Beta software program. I will ask the developers to add extra information in the file to prevent FP's in the future.
  2. FP

    Hi, False Positive C:\WINDOWS\2676218.exe (Rootkit.Agent) -> No action taken. [C89AFD0148179F4A441842FA34CAF540] VT result 0/39 2676218.zip
  3. I noticed the same detection of the key in the registry of my machines, no value set. Asked around and a developer told me the key is installed by default.
  4. I did send you both a PM (Personal Message)
  5. I'm using a firewall with DNS checker, it checks the DNS response i get from my ISP's DNS or whatever DNS is configured (by malware?) on my system with the response from a trusted 3rd party DNS. If they are not the same i get a pop-up which warns me about the different results before a connection is made. Otherwise it will be very difficult to tell if you are visiting the "good" site, guess you need to trace the domains every time and check the results...?
  6. Try F-Secure Rescue CD 3.00 Rescue CD will by default scan: -all hard drives in the computer -all USB drives attached to the computer -Windows FAT and NTFS drives -Virus definition databases are updated automatically if the computer has an internet connection -Virus definition databases can be updated manually by using a USB drive -The Rescue CD Guide (pdf) has step by step instructions how to use the CD I did test it on my machine and it did a good job. http://www.f-secure.com/linux-weblog/2008/06/
  7. I made some nice screenshots while cleaning a machine. MBAM removed all malware!!
  8. dohi312 gave me the name of the site + link, it's just another False Positive on the setup files from regnow.com
  9. What is the exact message from Avast? Checked the download on www.virustotal.com and not a single AV (including Avast) detects some kind of malware. http://www.virustotal.com/analisis/ca0108b...f5da51995c4a2a2
  10. Check the file on www.virustotal.com
  11. Internal update. Full scan (XP SP3) Nothing detected.
  12. Sorry? AVG's False Positives confused you. If you ever have any (security related) doubts about your PC just ask.
  13. Update Java. Uninstall all Java and Java Runtime and install the latest, Java Runtime Environment (JRE) 6 Update 6 from this page; http://java.sun.com/javase/downloads/index.jsp Let us know if the online scan with ESET or Panda did find something.
  14. Cookies are no threat. Trackingcookies are used to give you personalized ads or something like that. Another expert told me that the problem with ESET online scanner (and probably other online scanners) may be solved by running Internet Explorer as admin (rightclick, run as..) You can run the application again which put them there (Spybot S & D or SpywareBlaster) and after that a scan with AVG 8 will show you the same warnings.
  15. I'm pretty sure those warnings from AVG were all False Positivses. AVG 8 detects the registry entries made by Spywareblaster or Spybot S & D but does not look at the value. So, Spywareblaster or Spybot S & D creates killbits to prevent malware and AVG removes the protection again..... AVG said; "The situation, which you have described is caused by incompatibility between AVG and Spyware Blaster security application on your computer and we would like to recommend you to uninstall Spyware Blaster and all the other security applications from your computer (if you are using any) to avoid possible conflict situations between AVG and the other software. An "ActiveX Compatibility" registry key is a result of the "Immunize" function included in some anti-spyware programs (e.g.: "Spybot search & destroy", "Spyware blaster",...) The key contains the same registry entries as the actual threats, thus preventing them from working correctly. Some anti-spyware programs use this method to prevent launching of the malware. Unfortunately, these parts are still detected by AVG signatures and that is why AVG marks them as infected. To assure protection provided by AVG against these threats, it is not possible to remove such signatures from AVG virus bases. Because of this, "Immunize" function included in above mentioned softwares is NOT compatible with AVG products. " Javacool said; "This simply isn't correct. A.) The contents of the registry are not the same as the actual threats. They are very specific, and easily detectable as valid "kill bits" (simply looking for a value of 1024, which is used to set the kill bit). It should be little more than a few lines of code on AVG's end to fix the false positives. B.) Those registry locations/entries, even if not marked as kill bits, are largely just remnants anyway. By themselves, they can do no harm. So while it may be nice to clean them up (if they aren't valid entries) when deleting an actual threat, the severity is largely overstated in AVG's FAQ text. C.) SpywareBlaster's ActiveX protection and Spybot S & D's immunize function are both, by default, compatible with any anti-virus program, including AVG. The issue here is AVG's behavior, which is unfortunately flagging valid entries as malicious. The fix, on AVG's end, would likely be very simple and quick to implement." I don't know why you are not able to run ESET online scanner or Panda's. Don't see any signs of malware in your HijackThis log.