Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ESET online scanner False-Postive ?


  • This topic is locked This topic is locked
13 replies to this topic

#1 zkteh

zkteh

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:55 AM

Posted 05 June 2012 - 02:57 AM

After cleaning ESET detected files ... my windows corrupted (windows XP) , fixed by repairing windows using disc
I used MBAM before using ESET online scanner ... and here is the log content ....


Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.03.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Click Me :: USER-PC [administrator]

Protection: Enabled

6/3/2012 8:16:37 PM
mbam-log-2012-06-03 (20-16-37).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 288347
Time elapsed: 40 minute(s), 53 second(s)

Memory Processes Detected: 6
C:\WINDOWS\system32\drivers\svchost.exe (Trojan.Delf) -> 780 -> Delete on reboot.
C:\WINDOWS\Temp\VRT7.tmp (Trojan.FakeMS) -> 3904 -> Delete on reboot.
C:\WINDOWS\Temp\VRTD.tmp (Trojan.Spambot) -> 4084 -> Delete on reboot.
C:\WINDOWS\system32\userini.exe (Trojan.Agent) -> 2408 -> Delete on reboot.
C:\WINDOWS\system32\userini.exe (Trojan.Agent) -> 2488 -> Delete on reboot.
C:\WINDOWS\system32\userini.exe (Trojan.Agent) -> 2604 -> Delete on reboot.

Memory Modules Detected: 2
C:\WINDOWS\system32\antiwpa.dll (PUP.Wpakill) -> No action taken.
C:\Program Files\360\360Safe\safemon\BootLeakFixer.tpi (Trojan.Agent) -> Delete on reboot.

Registry Keys Detected: 20
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Antiwpa (PUP.Wpakill) -> No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\Host Generic Process (Trojan.Delf) -> Quarantined and deleted successfully.
HKCR\CLSID\{669751ED-D558-49AE-B01A-3B374CC7910E} (Trojan.Agent) -> Quarantined and deleted successfully.
HKCR\CLSID\{A57E074F-56D8-4A33-8112-AAC9693AA909} (Trojan.Agent) -> Quarantined and deleted successfully.
HKCR\CLSID\{5BE4D929-4821-73E4-1A46-2E1CF42B3744} (Trojan.Agent) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BE4D929-4821-73E4-1A46-2E1CF42B3744} (Trojan.Agent) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{5BE4D929-4821-73E4-1A46-2E1CF42B3744} (Trojan.Agent) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5BE4D929-4821-73E4-1A46-2E1CF42B3744} (Trojan.Agent) -> Quarantined and deleted successfully.
HKCR\CLSID\{DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} (Trojan.Agent) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} (Trojan.Agent) -> Quarantined and deleted successfully.
HKCR\Typelib\{B1A7C2CF-BF40-4597-8142-7615D74D0CC3} (Trojan.Agent) -> Quarantined and deleted successfully.
HKCR\Interface\{3084BC3D-C0D6-4A28-A8A4-5857165886EE} (Trojan.Agent) -> Quarantined and deleted successfully.
HKCR\CLSID\{29CF293A-1E7D-4069-9E11-E39698D0AF95} (Trojan.Agent) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{29CF293A-1E7D-4069-9E11-E39698D0AF95} (Trojan.Agent) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{29CF293A-1E7D-4069-9E11-E39698D0AF95} (Trojan.Agent) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{29CF293A-1E7D-4069-9E11-E39698D0AF95} (Trojan.Agent) -> Quarantined and deleted successfully.
HKCR\CLSID\{9F44453E-1E46-4D5C-B57C-112FF2EDAE82} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Antiwpa (Trojan.I.Stole.Windows) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Tencent Browser Helper (Trojan.Agent) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\TBH (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Detected: 17
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved|{669751ED-D558-49AE-B01A-3B374CC7910E} (Trojan.Agent) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved|{5BE4D929-4821-73E4-1A46-2E1CF42B3744} (Trojan.Agent) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved|{A57E074F-56D8-4A33-8112-AAC9693AA909} (Trojan.Agent) -> Data: -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} (Trojan.Agent) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved|{DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} (Trojan.Agent) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{29CF293A-1E7D-4069-9E11-E39698D0AF95} (Trojan.Agent) -> Data: SOSO工具栏 -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} (Trojan.Agent) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} (Trojan.Agent) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A57E074F-56D8-4A33-8112-AAC9693AA909} (Trojan.Agent) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{669751ED-D558-49AE-B01A-3B374CC7910E} (Trojan.Agent) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|userini (Trojan.Agent) -> Data: C:\WINDOWS\explorer.exe:userini.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|userini (Trojan.Agent) -> Data: C:\WINDOWS\explorer.exe:userini.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|userini (Trojan.Agent) -> Data: C:\WINDOWS\explorer.exe:userini.exe -> Quarantined and deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|userini (Trojan.Agent) -> Data: C:\WINDOWS\system32\userini.exe -> Quarantined and deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|userini (Trojan.Agent) -> Data: C:\WINDOWS\system32\userini.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|65215 (Trojan.Downloader.Gen) -> Data: C:\DOCUME~1\ALLUSE~1\LOCALS~1\Temp\msamwdxw.scr -> Delete on reboot.
HKLM\SYSTEM\CurrentControlSet\Services\Host Generic Process|ImagePath (Trojan.Agent) -> Data: C:\WINDOWS\system32\drivers\svchost.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Documents and Settings\Click Me\Local Settings\Temp\E_N4 (Worm.Autorun) -> Delete on reboot.

Files Detected: 56
C:\WINDOWS\system32\antiwpa.dll (PUP.Wpakill) -> No action taken.
C:\Documents and Settings\Click Me\My Documents\Downloads\Programs\SoftonicDownloader_for_microsoft-office-2007-service-pack-3.exe (PUP.BundleOffer.Downloader.S) -> No action taken.
C:\Documents and Settings\Click Me\My Documents\Downloads\Programs\SoftonicDownloader_for_microsoft-office-2007-service-pack-3_2.exe (PUP.ToolbarDownloader) -> No action taken.
C:\WINDOWS\system32\drivers\svchost.exe (Trojan.Delf) -> Delete on reboot.
C:\Program Files\360\360Safe\safemon\BootLeakFixer.tpi (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Click Me\Local Settings\Temp\E_N4\krnln.fnr (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Click Me\Local Settings\Temp\E_N4\HtmlView.fne (HackTool.Patcher) -> Delete on reboot.
C:\WINDOWS\Temp\VRT7.tmp (Trojan.FakeMS) -> Delete on reboot.
C:\WINDOWS\Temp\VRTD.tmp (Trojan.Spambot) -> Delete on reboot.
C:\WINDOWS\system32\SSup.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\SSPlus\SAddr.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQToolbar\IEBar.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\360\360Safe\360leakfixer.exe (Trojan.Agent) -> Delete on reboot.
C:\Program Files\360\360Safe\leakrepair.dll (Trojan.Agent) -> Delete on reboot.
C:\Program Files\360\360Safe\ipc\patchcheck.dll (Trojan.Agent) -> Delete on reboot.
C:\Program Files\360\360Safe\modules\360vulsetup.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\QvodPlayer\QvodBand.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\System Volume Information\_restore{7D5E56AB-17FB-4209-85CC-BE7461B74F23}\RP173\A0075356.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7D5E56AB-17FB-4209-85CC-BE7461B74F23}\RP173\A0075357.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7D5E56AB-17FB-4209-85CC-BE7461B74F23}\RP186\A0087039.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7D5E56AB-17FB-4209-85CC-BE7461B74F23}\RP121\A0039569.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7D5E56AB-17FB-4209-85CC-BE7461B74F23}\RP121\A0039570.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7D5E56AB-17FB-4209-85CC-BE7461B74F23}\RP129\A0048753.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7D5E56AB-17FB-4209-85CC-BE7461B74F23}\RP129\A0048754.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\smbinst.exe (Backdoor.Hupigon) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\F72E4A\HtmlView.fne (HackTool.Patcher) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\F72E4A\iext2.fne (Trojan.Flystudio) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\F72E4A\internet.fne (HackTool.Patcher) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\F72E4A\krnln.fnr (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\F72E4A\spec.fne (Trojan.Autorun) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\VRT4.tmp (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\VRT5.tmp (Trojan.Spambot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\VRT6.tmp (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\VRT8.tmp (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\VRT9.tmp (Trojan.Spambot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\VRTB.tmp (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\VRTC.tmp (Trojan.Spambot) -> Quarantined and deleted successfully.
C:\WINDOWS\ie7\iexplore.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\WINDOWS\ServicePackFiles\i386\smbinst.exe (Backdoor.Hupigon) -> Quarantined and deleted successfully.
C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Local Settings\Temp\msiifezmv.pif (Trojan.Agent.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Click Me\Desktop\CSO JUMP.exe (HackTool.GamesCheat.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Click Me\Local Settings\Temp\0074c36b.exe (Trojan.Delf) -> Quarantined and deleted successfully.
C:\Documents and Settings\Click Me\Local Settings\Temp\E_N4\internet.fne (HackTool.Patcher) -> Quarantined and deleted successfully.
C:\Documents and Settings\Click Me\My Documents\Downloads\Compressed\王道OL\internet.fne (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Documents and Settings\Click Me\My Documents\Downloads\Compressed\王道OL\krnln.fnr (Trojan.FlyStudio) -> Quarantined and deleted successfully.
C:\Documents and Settings\Click Me\My Documents\Downloads\Compressed\王道OL\王道OL破解版.exe (Trojan.FlyStudio) -> Quarantined and deleted successfully.
C:\Documents and Settings\Click Me\My Documents\Downloads\Programs\FastDownload.exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\antiwpa.dll (Trojan.I.Stole.Windows) -> Delete on reboot.
C:\WINDOWS\system32\Scrax.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\userini.exe (Trojan.Agent) -> Delete on reboot.
c:\windows\explorer.exe:userini.exe (Rootkit.ADS) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Local Settings\Temp\msamwdxw.scr (Trojan.Downloader.Gen) -> Delete on reboot.
C:\Documents and Settings\All Users\Local Settings\Temp\mspamoaf.scr (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Click Me\Local Settings\Temp\E_N4\dp1.fne (Worm.Autorun) -> Delete on reboot.
C:\Documents and Settings\Click Me\Local Settings\Temp\E_N4\eAPI.fne (Worm.Autorun) -> Delete on reboot.

(end)

BC AdBot (Login to Remove)

 


#2 zkteh

zkteh
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:55 AM

Posted 05 June 2012 - 03:06 AM

wow eset log is too large(can't upload)(665KB)(so i zipped it) and too long for posting ...

#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:55 PM

Posted 09 June 2012 - 07:18 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

All files identified by ESET are in your System Restore. There is nothing to worry about.
You should not do a System Restore as these will possibly reactivated.

Let see what we can find on your system. When all is well we will clean the Restore point.

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.

===

Third party programs if not up to date can be an open door for an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall
===


Please post the logs and let me know what problem persists.

#4 zkteh

zkteh
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:55 AM

Posted 10 June 2012 - 02:10 AM

Hi, nasdaq

PLS clarify this .... :mellow:

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

All files identified by ESET are in your System Restore. There is nothing to worry about.
You should not do a System Restore as these will possibly reactivated.

Let see what we can find on your system. When all is well we will clean the Restore point.


Thanks ... And Pls be informed that u currently can't get any useful information ... because i already repair them using install CD (as said) :P
BTW, i want to know why False-Positive could be occur ? (in this case , the eset is so terrible ....) ( very very very haiz....)
May i know the recovery steps ? if the similiar case appear in front of my eye ?

#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:55 PM

Posted 10 June 2012 - 09:17 AM

BTW, i want to know why False-Positive could be occur ? (in this case , the eset is so terrible ....)

As you can see ESET it not cleaning the System Restore.

To manually do it on a XP operating system.
===

Reset your computer restore point, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has
administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

1. Turn OFF System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
=*=

Restart the computer normally.

#6 zkteh

zkteh
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:55 AM

Posted 11 June 2012 - 01:52 AM

As you can see ESET it not cleaning the System Restore.

you mean i can use system restore to restore my system to normal state ? i already do a system repair using XP disk

you haven't answer my questions .... there are lots of them :P

#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:55 PM

Posted 11 June 2012 - 09:37 AM

BTW, i want to know why False-Positive could be occur ?

There are many situation where we will say that the error is a false positive.

In your case ESET has reported infections in your System Restore.
Unless you restore the data they are quarantined.

What I suggest your do not is run the ComboFix tool as previously suggested.

After I have had a chance to look at the log I will give you instructions on how to remove it.
At that point ComboFix will create a fresh Restore point that you can use in the future to restore your system on that date.
===

#8 zkteh

zkteh
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:55 AM

Posted 12 June 2012 - 05:27 AM

After I have had a chance to look at the log I will give you instructions on how to remove it.

" it " <-- ESET ?

In your case ESET has reported infections in your System Restore.
Unless you restore the data they are quarantined.


I am very confused .... o.0
i already do a system repair using XP disk

#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:55 PM

Posted 12 June 2012 - 10:50 AM

i already do a system repair using XP disk


I'm confused also. After this repair were do we stand.

What issues remains?

#10 zkteh

zkteh
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:55 AM

Posted 13 June 2012 - 05:51 AM

i just want to know why Fasle Positive may occur ?

in this case , many OS file been detected as malware / viruses ...

if any issue encounter in my PC , i will reply to u soon ( i am helping my friend )

#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:55 PM

Posted 13 June 2012 - 12:12 PM

i just want to know why Fasle Positive may occur ?

in this case , many OS file been detected as malware / viruses ...


I told you that the files identified by E-set were in the System restore. I know they are false positive reported by e-set.

As for the other files I do not know where there are.

#12 zkteh

zkteh
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:55 AM

Posted 15 June 2012 - 07:05 AM

argh .. i said once more why Fasle Positive may occur ? in this case , there are many ... (i haven't meet before )

I just want to why Fasle Positive may occur ?

#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:55 PM

Posted 15 June 2012 - 10:05 AM

I do not know. See if you can get an answer from the e-set forum. They are reporting it.

#14 zkteh

zkteh
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:55 AM

Posted 15 June 2012 - 08:23 PM

ok...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users