Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need scanning help.


  • Please log in to reply
6 replies to this topic

#1 34BLEEP00XX

34BLEEP00XX

  • Members
  • 272 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:06:16 AM

Posted 31 March 2013 - 10:24 AM

I have strange scanner results in my computer. Some of them indicate infections but I beleive they are FALSE positives.

 

Here is my Emsisoft A2 LOG with infected items. Text in RED are false positives that I know:

 

Emsisoft Anti-Malware - versio 7.0
Viime päivitys: 30.3.2013 16:10:14

Skannausasetukset:

Skannaustyyppi: Syväskannaus
Kohteet: Rootkitit, Muisti, Jäljet, C:\, P:\

Paljasta riskiohjelma: Pois
Skannausarkistot: Päällä
ADS skannaus: Päällä
Tiedostopäätesuodin: Pois
Edistynyt välimuistitus: Päällä
Suora levylle pääsy: Pois

Skannauksen alku:    30.3.2013 16:10:25

 

Dictionary FIN TO ENG:

paljastettu = revealed.

Päällä = on

Pois = off



C:\Program Files (x86)\Bus Driver     paljastettu: Trace.File.Bus Driver

1.0 (A)
C:\Program Files (x86)\Bus Driver\help     paljastettu: Trace.File.Bus Driver

1.0 (A)
C:\Program Files (x86)\Bus Driver\help\help_files     paljastettu:

Trace.File.Bus Driver 1.0 (A)
C:\Program Files (x86)\Bus Driver\help\help_files\bus     paljastettu:

Trace.File.Bus Driver 1.0 (A)
C:\Program Files (x86)\Bus Driver\lib     paljastettu: Trace.File.Bus Driver

1.0 (A)
C:\Program Files (x86)\Novalogic     paljastettu: Trace.File.Delta Force

(A)
C:\Windows\jpg.ico     paljastettu: Trace.File.WinSpy (A)
C:\Program Files (x86)\Bus Driver\base.scs     paljastettu: Trace.File.Bus

Driver 1.0 (A)
C:\Program Files (x86)\Bus Driver\busdriver.exe     paljastettu:

Trace.File.Bus Driver 1.0 (A)
C:\Program Files (x86)\Bus Driver\gfxshared.dll     paljastettu:

Trace.File.Bus Driver 1.0 (A)
C:\Program Files (x86)\Bus Driver\inpshared.dll     paljastettu:

Trace.File.Bus Driver 1.0 (A)
C:\Program Files (x86)\Bus Driver\language.settings     paljastettu:

Trace.File.Bus Driver 1.0 (A)
C:\Program Files (x86)\Bus Driver\launcher.exe     paljastettu: Trace.File.Bus

Driver 1.0 (A)
C:\Program Files (x86)\Bus Driver\libpng13.dll     paljastettu: Trace.File.Bus

Driver 1.0 (A)
C:\Program Files (x86)\Bus Driver\ogg.dll     paljastettu: Trace.File.Bus

Driver 1.0 (A)
C:\Program Files (x86)\Bus Driver\p3core.dll     paljastettu: Trace.File.Bus

Driver 1.0 (A)
C:\Program Files (x86)\Bus Driver\p3shared.dll     paljastettu: Trace.File.Bus

Driver 1.0 (A)
C:\Program Files (x86)\Bus Driver\quality0.cfg     paljastettu: Trace.File.Bus

Driver 1.0 (A)
C:\Program Files (x86)\Bus Driver\quality1.cfg     paljastettu: Trace.File.Bus

Driver 1.0 (A)
C:\Program Files (x86)\Bus Driver\quality2.cfg     paljastettu: Trace.File.Bus

Driver 1.0 (A)
C:\Program Files (x86)\Bus Driver\sndshared.dll     paljastettu:

Trace.File.Bus Driver 1.0 (A)
C:\Program Files (x86)\Bus Driver\specification.settings     

paljastettu: Trace.File.Bus Driver 1.0 (A)
C:\Program Files (x86)\Bus Driver\vorbis.dll     paljastettu: Trace.File.Bus

Driver 1.0 (A)
C:\Program Files (x86)\Bus Driver\vorbisfile.dll     paljastettu:

Trace.File.Bus Driver 1.0 (A)
C:\Program Files (x86)\Bus Driver\lib\di8.dll     paljastettu: Trace.File.Bus

Driver 1.0 (A)
C:\Program Files (x86)\Bus Driver\lib\ds8.dll     paljastettu: Trace.File.Bus

Driver 1.0 (A)
C:\Program Files (x86)\Bus Driver\lib\gl.dll     paljastettu: Trace.File.Bus

Driver 1.0 (A)
C:\Program Files (x86)\Bus Driver\lib\loaders.dll     paljastettu:


Trace.File.Bus Driver 1.0 (A)


C:\Ants\ANTS.EXE     paljastettu: Trojan-GameThief.Win32.Staem.hl (A)
C:\Program Files (x86)\EA GAMES\Battlefield Vietnam\Mods\BfBalkan
\BfBalkan.exe     paljastettu: Backdoor.Generic.425645 ( B )

 

C:\SoldnerSecretWars\game\Bin\SoeldnerSecretWars.exe     paljastettu:
Gen:Trojan.Heur.jzW@@FR6uSwal ( B )

This is game executable that can connect to net. That is why it is positive.

 

C:\Users\Corsair\AppData\Local\Temp\Uninstall.exe     paljastettu:
Trojan.Generic.1720064 ( B )

 

C:\Users\Corsair\Desktop\GameKeyRevealer\GameKeyRevealer.exe     
paljastettu: Trojan.Win32.GameKey (A)

This is program for revealing game keys. Legal tool if I lose my key paper.

 

C:\Users\Corsair\Desktop\Installed Ä zip Files\Basic 4GL File\Setup
Basic4GL v2.5.8.exe     paljastettu: Trojan.Win32.Spy.Agent.AMN (A)

 

C:\Users\Corsair\Desktop\Installed Ä zip Files\Media Info Program
\MediaInfo_GUI_0.7.22_Windows_i386.exe     paljastettu:
Adware.Win32.OpenCandy.AMN (A)

This i can't understand. It is just a media codec diagnostic program

 

C:\Users\Corsair\Desktop\Security 2\GameKeyRevealer\GameKeyRevealer.exe     
paljastettu: Trojan.Win32.GameKey (A)

This is program for revealing game keys. Legal tool if I lose my key paper.

Skannattu    1332062
Löytynyt    36

Skannauksen loppu:    30.3.2013 19:07:53
Skannausaika:    2:57:28
 


Edited by 34BLEEP00XX, 31 March 2013 - 10:42 AM.


BC AdBot (Login to Remove)

 


#2 34BLEEP00XX

34BLEEP00XX
  • Topic Starter

  • Members
  • 272 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:06:16 AM

Posted 15 April 2013 - 01:25 PM

Raising up to top because no one have answered to me.



#3 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,929 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:16 AM

Posted 15 April 2013 - 02:06 PM

Hello, and sorry for the delay.
None of these infections look serious. As for the false-positives, if you can tell me where you downloaded the program, or what it belongs to I can have a look at it.

Do you have any particular problems that point to malware or do you just want to make sure everything is okay?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#4 34BLEEP00XX

34BLEEP00XX
  • Topic Starter

  • Members
  • 272 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:06:16 AM

Posted 15 April 2013 - 02:16 PM

That Bus driver positive is game. It is bus simulator game.

I don't think if I have any infections, Maybe that Emsisoft scanning engine is sensitive.

 

C:\SoldnerSecretWars\game\Bin\SoeldnerSecretWars.exe     paljastettu:
Gen:Trojan.Heur.jzW@@FR6uSwal ( B )

This is game executable that can connect to net. That is why it is positive.

This is game executable so I know sure that it is false positive here.



#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,929 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:16 AM

Posted 15 April 2013 - 04:12 PM

I'll take care of the Bus Driver issue. :)

 

In the mean time, what about this?

Do you have any particular problems that point to malware or do you just want to make sure everything is okay?


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#6 34BLEEP00XX

34BLEEP00XX
  • Topic Starter

  • Members
  • 272 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:06:16 AM

Posted 16 April 2013 - 10:13 AM

I don't think I have any serious infections here right now.

I can also contact that Emsisoft support myself and show log there also, I need to re-scan first because that log is over 14 days OLD by now.

 

This thing here:

C:\Program Files (x86)\EA GAMES\Battlefield Vietnam\Mods\BfBalkan
\BfBalkan.exe     paljastettu: Backdoor.Generic.425645 ( B )

Just an other case of sensitive scan engine detection.



#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,929 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:16 AM

Posted 16 April 2013 - 10:25 AM

No need to contact them, the Bus Driver FPs should be taken care of. :)
 
Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users