| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 53091 | 2005-01-07 06:50:00 | New MS Spyware - False positives? | sarel (2490) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 311594 | 2005-01-07 06:50:00 | Hi guys This thread is at the bottom of one of the previous threads but I thought it warranted a bit more. I also installed it and ran it and it found two problems: - VX2.Transponder Browser Plug-in - Rbot Worm[/COLOR] that my other proggies did not pick up - Spybot, Adaware and Spysweeper. I had no problems on my PC (no hijacks, nothing) and I just wonder whether these two were just false positives? Sarel |
sarel (2490) | ||
| 311595 | 2005-01-07 06:53:00 | False positives? Nah. Be harmless remnants of crap already removed by other programs. Unless thats what you mean by false positives? |
Metla (12) | ||
| 311596 | 2005-01-07 06:56:00 | Info on both transponder (www.google.com) Rbot (www.google.com) hth |
johnboy (217) | ||
| 311597 | 2005-01-07 06:59:00 | Metla - that's what I also thought but I can't remember any of these on my PC previously (and I check them religiously, google them, etc to find out what they do). Must also mention - the "new" proggie only picked up one file/line of code per item mentioned, so it must be remnants Perhaps dementia is catching up with me not remembering :confused: LOL sarel |
sarel (2490) | ||
| 311598 | 2005-01-07 07:03:00 | Yeah Johnboy I did google them as well - as a matter of fact the MSSpybot provides a very in-depth story of every threat too: Spyware Scan Details Start Date: 7/01/2005 6:45:10 p . m . End Date: 7/01/2005 6:47:57 p . m . Total Time: 2 mins 47 secs Detected Threats VX2 . Transponder Browser Plug-in more information . . . Details: VX2 is an Internet Explorer Browser Helper Object that monitors web page requests and data entered into forms, sending this information to its home server, and opens pop-up advertisement windows . VX2 also collects and sends personal information . Status: Removed Severe threat - Severe threats typically are remotely exploitable vulnerabilities, which can lead to system compromise . Successful exploitation does not normally require any interaction and exploits are in the wild . There exists a high possibility of potential system damage or security flaw . Attacker has complete control over your computer or install new software on your machine . Infected files detected c:\windows\system32\o Rbot Worm more information . . . Details: Rbot infects machines using the LSASS vulnerability in unpatched windows machines Status: Removed Severe threat - Severe threats typically are remotely exploitable vulnerabilities, which can lead to system compromise . Successful exploitation does not normally require any interaction and exploits are in the wild . There exists a high possibility of potential system damage or security flaw . Attacker has complete control over your computer or install new software on your machine . Infected registry keys/values detected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run msn msnmsg . exe HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run System Uptime Server sysentry32 . exe Detected Spyware Cookies No spyware cookies were found during this scan . sarel |
sarel (2490) | ||
| 311599 | 2005-01-07 18:52:00 | Updated signatures this morning and got one more sarel |
sarel (2490) | ||
| 1 | |||||