Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

spybot s&d, and now FRST...


  • Please log in to reply
10 replies to this topic

#1 circe801

circe801

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 24 June 2015 - 11:48 AM

hello.  i noticed some items in my spybot results which reappear each time i scan again after their supposed removal.  i was advised to dl the FRST tool, which my av said was 'malicious'.  i instructed to dl anyway, to run anyway, and while the scan was running it started not responding, i found out, because the av (trend micro titanium 2016 for 64-bit) was stopping and then removing it.  then, the av showed two 'threats':

 

both are

HEU_AEGISCS986

 

one in

C:\Users\circe801\Downloads\FRST64.exe    (orig dl folder)

 

and again in

c:\windows\mod_frst.exe

 

are these REALLY 'threats'??  if so, what's the story, and if not, why is av telling me so?

will wait for reply here, then post spybot problem afterward. 

 

thank you for any assistance

circe801



BC AdBot (Login to Remove)

 


m

#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:12:23 AM

Posted 24 June 2015 - 11:57 AM

Hi circe801 :)

This is what we call a "false positive". A false positive is when a security software, like an Antivirus or Antimalware detects a legitimate file or process as malicious, when it's in fact not. It often happens when a file or a process have "malware-like" characteristics or behavior (hence why they would trigger heuristic detections, associated with generic form of malware). A lot of tools hosted on BleepingComputer (FRST, MiniToolBox, JRT, AdwCleaner, etc.) are targetted by Antivirus and Antimalware software as malicious, but these are false detections. It's because these tools works in a way of gathering information and making changes on a system that ressemble malware ways of doing. However, these are totally safe to download and execute. If you need to use a tool from BleepingComputer that is blocked by your Antivirus, I suggest you to either disable your Antivirus for the time of the execution of that tool, or add it to your Antivirus "whitelist".

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 circe801

circe801
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 24 June 2015 - 11:59 AM

okay, before deleting it, it did generate a log, but there's nowhere to attach it in reply.  what should i do??  thank you.



#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:12:23 AM

Posted 24 June 2015 - 12:00 PM

Follow the instructions in the thread below and you'll be just fine :)

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,560 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:23 AM

Posted 24 June 2015 - 01:28 PM

Attachments are not permitted in this forum and neither are logs created by FRST.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 circe801

circe801
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 24 June 2015 - 03:14 PM

okay, thanks.  understood.  however, i ran JRT by malwarebytes and it got rid of the returning files so consider the matter closed. 

thank you all.



#7 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:12:23 AM

Posted 24 June 2015 - 03:16 PM

No problem circe, you're welcome :)

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,560 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:23 AM

Posted 24 June 2015 - 06:15 PM

You're welcome on behalf of the Bleeping Computer community.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 circe801

circe801
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 25 June 2015 - 08:37 AM

okay--not so fast.  these entries are back and were again detected by spybot, removed, and are back.  however, this is not malware (as far as i know)--do i still follow the same directions as spybot reports this as a 'registry change' and after the key info it says (is not) just like that--in parentheses.  thanks for all your help.



#10 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:12:23 AM

Posted 25 June 2015 - 08:39 AM

circe801, you've been advised many times to follow the directions of the guide I posted above to open a thread in the malware removal area. Once again, I suggest you to follow these instructions and open a thread there to receive assistance. Once it's done, post the link to that thread here so a Moderator can close it :)

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,560 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:23 AM

Posted 25 June 2015 - 01:12 PM

Since the detections are related to Spybot, you can report them in their False Positives forum.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users