False Positive (30 march) ?

[Denny_M]

hi, next yesterday to do a scan but none....yesterday

a new scan and Antimlawarebyte say have a TROYAN:

Infect keys:

HKEY_CLASSES_ROOT\CLSID\{248dd897-bb45-11cf-9abc-0080c7e7b78d} (Trojan.BHO) -> No action taken.

HKEY_CLASSES_ROOT\TypeLib\{248dd890-bb45-11cf-9abc-0080c7e7b78d} (Trojan.BHO) -> No action taken.

HKEY_CLASSES_ROOT\Interface\{248dd892-bb45-11cf-9abc-0080c7e7b78d} (Trojan.BHO) -> No action taken.

HKEY_CLASSES_ROOT\Interface\{248dd893-bb45-11cf-9abc-0080c7e7b78d} (Trojan.BHO) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{248dd896-bb45-11cf-9abc-0080c7e7b78d} (Trojan.BHO) -> No action taken.

and program infect is:

C:\WINDOWS\system32\mswinsck.ocx (Trojan.BHO) -> No action taken.

i have scan this MSWINSCK.OCX with Virus Scan and say no virus o trojan !!!

is a false/positive ?????

yestarday i have installed ONLY the update of Java RE6 version 13.

help me ? what i to do ?

[miekiemoes]

Hi,

Please update your malwarebytes.

Update tab > check for updates.

Rescan again and let me know if it's still detected.

[Denny_M]

later day i scan and result INFECT in system32 the MSWINSCK.OCX file ....

yestarday i download the new database at 6 P.M. and re-scan ....NO VIRUS or

TROJAN result ! !!! an false/positive !

yesterday, at 9 P.M. download the new database: 1926 31 march 2009

re-scan and it say:

REGISTER KEY INFECT:

HKEY_CLASSES_ROOT\ierunner.dochostuihandler (Trojan.FakeAlert) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{3f2bbc05-40df-11d2-9455-00104bc936ff} (Trojan.FakeAlert) -> No action take

what to do? kill this key or ANOTHER false/positive of Antimalwarebyte's ? help me....

please

[miekiemoes]

Please read the instructions here:

http://www.malwarebytes.org/forums/index.p...amp;#entry11731

Then post the developers log.

[Denny_M]

Malwarebytes' Anti-Malware 1.35

Versione del database: 1926

Windows 5.1.2600 Service Pack 2

01/04/2009 5.13.14

mbam-log-2009-04-01 (05-13-03).txt

Tipo di scansione: Scansione completa (C:\|)

Elementi scansionati: 160823

Tempo trascorso: 46 minute(s), 2 second(s)

Processi delle memoria infetti: 0

Moduli della memoria infetti: 0

Chiavi di registro infette: 2

Valori di registro infetti: 0

Elementi dato del registro infetti: 0

Cartelle infette: 0

File infetti: 0

Processi delle memoria infetti:

(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:

(Nessun elemento malevolo rilevato)

Chiavi di registro infette:

HKEY_CLASSES_ROOT\ierunner.dochostuihandler (Trojan.FakeAlert) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{3f2bbc05-40df-11d2-9455-00104bc936ff} (Trojan.FakeAlert) -> No action taken.

Valori di registro infetti:

(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:

(Nessun elemento malevolo rilevato)

Cartelle infette:

(Nessun elemento malevolo rilevato)

File infetti:

(Nessun elemento malevolo rilevato)

[Denny_M]

ok for post the log.... in italian language

what is the commnad ???

mbam.exe /developer, in italian ???? help

[miekiemoes]

Hi, above is not the developers log.

what is the commnad ???

mbam.exe /developer, in italian ???? help

Italian, Chinese, Spanish, Russian..., it all stays the same.

Just enter mbam.exe /developer in start>run.

This will start mbam again, so scan and post the log here.

[nosirrah]

Looking this up online I am seeing a lot of references to a password recovery tool , this could be used to steal passwords in the wrong hands .

http://74.125.93.104/search?q=cache:d7fDlF...=clnk&gl=us

The highlighted component is the same that we are hitting in your system . Do you know what software

[Denny_M]

ok.... but this infect in KEY REGISTER:

ierunner.dochostuihandler

is real or a false/positive ?

help me ...

[miekiemoes]

This has been fixed.

Please use the update option in mbam, download latest updates and rescan again.