Jump to content

False positive

Recommended Posts

@Porthos It's a retail shop named Harvey Norman. Those retail shops that are located inside shopping malls. So far I had 2 laptops all of them are bought from there and non of them had this problem. pirated copies of Windows can be bought from small (not popular shops/asian shops (no disrespect to Asians), but it's true they sell pirated copies of windows and sell it for a well discounted price.

@Porthos also I found more info about this malware  SppExtComObjPatcher.exe and one of the links that i had researched is here http://www.eightforums.com/system-security/28460-what-sppextcomobj-exe.html and one of the user wrote this " I can only tell you that I have it on my Win 8 machine, it appears to be a legitimate part of the OS, and I think it might have something to do with KMS Licensing for Microsoft Products (like MS office) but I'm not sure because I do not have any MS Office products on my machine. Good luck. "

I myself I don't have any MS Office installed...

Anyways, I will take this up to the store and will talk with one of the technician inside the store and see what he says.

Link to post
Share on other sites

Today I went to the store, but I didn't take my laptop with me. I had my usb with the log.txt file and I showed them. They said it shouldn't be a pirate/illegal Windows OS. My laptop had HDD and that store was offering to upgrade from HDD to SSD. She said to me that, something had got wrong during the upgrade from HDD to SSD and she said to bring my laptop for further analysis. At some day next week, I will bring my laptop to that store so they can do analysis about this.

Link to post
Share on other sites

On 8/25/2016 at 8:11 AM, Porthos said:

After you have money in hand go somewhere else  and report them to MS.

IMHO you are wasting your time with a dishonest shop (especially if it's the same one from which you purchased a computer with a cracked OS in the past here).
They are exploiting unsuspecting customers like you, some of whom might be attracted by "good deals" and a low price.

M$ has a vigorous anti-piracy policy.  While we cannot predict their response to your specific report, there have been many cases where the customer reporting the fraud/piracy has been provided by M$ with a complimentary, legal Windows license.

Just a friendly suggestion,

Link to post
Share on other sites

@daledoc1 : The link that you gave and my statement  "I had a similar experience. Many years ago I bought a computer back then it was Windows 98 SE and I then bought Windows XP cd. The computer was properly licensed but the Windows XP cd was cracked/pirated. I then, went on to install it and it caused a major havoc out of my windows 98 SE computer (which was properly licensed) and used to get tons of pop ups and malware".

That Windows 98 SE and the Windows XP cd that I bought was from Bangkok, Thailand and me and my family moved from Bangkok to New Zealand. I have been living in New Zealand since 2003-present.


Link to post
Share on other sites

OK, thanks for the clarification.
I merely mentioned it because you seem to have had bad luck with your computer purchases.  That's all.:)

The information from @thisisu and the recommendations regarding your current situation would still stand, however.

Eventually, the illegal Windows OS will most likely run afoul of MS activation servers and you will be out of luck.

So we suggest returning the computer for a refund ASAP and purchasing elsewhere one with a legit version of Windows.
Another option, as suggested by @Porthos, would be to report the problem to MS; they may reward your piracy report with a valid license.
Doing so would help to prevent this unscrupulous seller from victimizing other customers.


Of course, it's up to you.

Thank you again,

Link to post
Share on other sites

@daledoc1: Since coming to New Zealand I had only 1 bad luck in buying a laptop. I bought a laptop from here which was on display, because they didn't have a brand new one (packed). Since then I bought a new one (windows 7) still running good so I then decided to get another laptop (windows 10).

Thanks for all the help and advice guys. Really do appreciate it :)

Link to post
Share on other sites

Hello guys! Just came back home from the technician from the shop. They said it's got nothing to do about the Windows OS, it is a geniune copy of windows that those detections that you see are safe to delete and it's part of MS Office and since you didn't have any MS Office software pre-installed you have nothing to worry about. My reply#11 states that from the link that I provided and here's a quote from that link 

" " I can only tell you that I have it on my Win 8 machine, it appears to be a legitimate part of the OS, and I think it might have something to do with KMS Licensing for Microsoft Products (like MS office) but I'm not sure because I do not have any MS Office products on my machine. Good luck. "

Link to post
Share on other sites

  • Root Admin

Hello @StatticGuy

Delete the files and reboot the workstation a few times. Then run MBAM again and check for updates and run a new Threat Scan and post the scan log.

Next, let's get a bit more information from the computer to see how it's doing.



Please read the following and post back the 3 requested logs as an attachment.
Diagnostic Logs

Link to post
Share on other sites

@AdvancedSetup I didn't delete the files from MBAM I did a full system scan with Trend Micro Maximum Security 10 (latest version) and it detected only one file.

Detection name is: TROJ_GEN.R0C1COEEP16

Affected file is: C:\Windows\System32\SppExtComObjPatcher.exe

Trend Micro didn't detect the other 2 files that MBAM did according to the first log that I posted. After that, I opened up MBAM, checked for updates, I did a another threat scan, and it didn't find anything.

Uh... one problem. I tried to run Farbar Recovery Scan Tool first Microsoft SmartScreen filter blocked it and i then said run it anyway and after that Trend Micro blocked this tool from running it. What should I do. This is my first time running this tool.

Link to post
Share on other sites

  • Root Admin

Restart the computer, then rescan and remove what MBAM finds. It is not a false positive regardless of what your friends at the computer shop are telling you.

You need to either disable the the smart filter or use another browser to download the tool. It is safe and only scans to post logs of what is running on your system


Link to post
Share on other sites

  • Root Admin

Overall it looks good. No immediate signs of an infection, however there are other issues on the system that you may with to see if your IT Support can assist with as this appears to be a business computer.



Application errors:
Error: (08/30/2016 01:14:44 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.

Error: (08/27/2016 05:03:37 PM) (Source: Windows Search Service) (EventID: 3104) (User: )
Description: Enumerating user sessions to generate filter pools failed.

System errors:
Error: (08/30/2016 04:47:04 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
 and APPID
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/30/2016 04:47:02 PM) (Source: TPM) (EventID: 15) (User: )
Description: The device driver for the Trusted Platform Module (TPM) encountered a non-recoverable error in the TPM hardware, which prevents TPM services (such as data encryption) from being used. For further help, please contact the computer manufacturer.

Error: (08/30/2016 02:47:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The tmumh service failed to start due to the following error:
The revision level is unknown.





Link to post
Share on other sites

@Porthos I should have mentioned this before. My laptop package says "Windows 10 Home" but when I turn on my laptop and type about Windows it says "Windows 10 Enterprise". Few hours ago, I went to harvey norman website and had a online chat with a tech representative and told me to go to the shop and tell them what you told me. so I went to the shop and I told them what I told to the tech representative. The tech was confused and couldn't come up with an answer why the package name is different to the name on the laptop. So they checked the S/N number to the package and the S/N number on the laptop and it's a match. While I was with the tech in the shop, she phoned to the manufacturer "ACER" and they told them what i told the tech at the shop. The Acer support tech told the tech from the shop that we don't sell Pro/home versions anymore. The name on the package can say home/Pro but once you turn on the computer it says Enterprise.

This came straight from the horses's mouth :) aka ACER support tech. The tech and the customer (me) shouldn't be worried or concerned about anything. It's just how we (manufacturer) work and etc etc. We put the same name "Enterprise" for all laptops even though the package says different home/Pro

I can't remember the exact word and such it's too tech for me :)


I guess HP, ASUS, Acer works differently from each other.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.