Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

A2 possible False Positive.

Notifications for Security Updates, as well as News and Information from across the web - mostly security minded.

Update Contributors: Members of the Malware Removal University.

Regular Members: Our Regular Members are invited to start and/or participate in all other topics. Join in and share the news that's important to you.

A2 possible False Positive.

Unread postby cycoze » January 15th, 2007, 11:22 am

I ran a scan with A2 first thing this morning and it flagged up a Trojan twice, the trojan in question is winlogon.exe , i believe this may be a False Positive.

C:\WINDOWS\system32\winlogon.exe and C:\WINDOWS\ServicePackFiles\i386\winlogon.exe is where mine show up and just read someone else has it in... C:\WINDOWS\system32\dllcache\winlogon.exe .

When i saw the results of the scan rather than check up on it (i`m very busy today) i decided to pop an earlier image back on, unfortunately after updating A2 the results are the same (feel stupid popping an earlier image on now).

Anyhoo i have scanned C drive with online scanners now as well as all my normal security, all show up as clean other than A2.

I have now checked the A2 forums and see a couple of people have posted the same thing happening to them, as yet no-one from emsisoft has answered the questions.( someone has now zipped the offending file and sent it to emissoft).

I thought it best to alert the forums to save people scanning and performing unnecessary HJT scans and analysis.

EMSI A-squared support forum .

I have informed ChrisRLG and Nell of this posting, sorry if it`s in the wrong part of the Forum, leave it up to the site Admin/Mods to move or delete it as they see fit, just thought it best to let you know in case you had a flood of panic stricken folks arrive on the forums doorstep later in the day.
User avatar
cycoze
Regular Member
 
Posts: 16
Joined: July 11th, 2005, 7:26 pm
Location: about 18 inches away from my monitor
Advertisement
Register to Remove

Unread postby ChrisRLG » January 15th, 2007, 1:13 pm

Thanks Cy.

thats good to know - and thank you for thinking of us.
ChrisRLG
Administrator Emeritus
 
Posts: 17759
Joined: December 16th, 2004, 10:04 am
Location: Southend, Essex, UK

Unread postby cycoze » January 15th, 2007, 2:47 pm

Christian Peters of emsisoft has just announced "Yes, it is a false positive. Will be fixed with one of the next updates."

EMSI Forum Thread .
User avatar
cycoze
Regular Member
 
Posts: 16
Joined: July 11th, 2005, 7:26 pm
Location: about 18 inches away from my monitor

Unread postby ChrisRLG » January 15th, 2007, 4:28 pm

moved to the newsdesk :)
ChrisRLG
Administrator Emeritus
 
Posts: 17759
Joined: December 16th, 2004, 10:04 am
Location: Southend, Essex, UK

Unread postby cycoze » January 15th, 2007, 7:28 pm

The problem with the detection of the winlogon.exe as Trojan.Win32.Patched.i does appear to have been corrected with the following update of the 20070115.sig file:

# 1/15/2007 20:43
# Signature update (revised)
# 1200 Signatures: 968 Trojans, 38 Dialers, 57 Worms and 137 Spywares.
User avatar
cycoze
Regular Member
 
Posts: 16
Joined: July 11th, 2005, 7:26 pm
Location: about 18 inches away from my monitor
Advertisement
Register to Remove


Return to News Desk



Who is online

Users browsing this forum: No registered users and 27 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware