Gizmos Freeware Reviews  

Go Back   Gizmo's Freeware Forum > Freeware Forum > General Computer Support

Reply
 
Thread Tools Display Modes
Old 02. Mar 2010, 05:45 PM   #1 (permalink)
Senior Member
 
Ritho's Avatar
 
Join Date: Apr 2008
Location: Planet Earth
Posts: 1,379
Default A-Squared Serious False Positive

Anyone running Win XP Home or Pro?

I installed A-Squared on my wife's computer as an on demand scanner, and it identified what it thinks are two high-risk trojans in the files "Taskman.exe" & "Systray.exe"

I tested the same two files on VirusTotal.com and a-squared there returned the same result but it was the only one. I then uploaded taskman.exe and systray.exe from my virtualbox installation of XP Pro and got the same result. I further tried files from a third installation of XP with the same result. The MD5 hashes are the same as other peoples who have scanned the files.

Can someone else upload their copies and confirm this? Taskman.exe is located in C:\Windows, and Systray.exe is located in C:\Windows\System32

These are some pretty important operating system files for A-Squared to be identifying as trojans.
__________________
The smallest good deed is better than the greatest intention.
Ritho is offline   Reply With Quote
Old 02. Mar 2010, 07:27 PM   #2 (permalink)
Super Moderator
 
Anupam's Avatar
 
Join Date: Jul 2008
Location: India
Posts: 15,334
Default

Ritho, I uploaded the Taskman file to VirusTotal, and I get the same result as you. Just A-Squared is flagging it as malware. I think its a case of false positive.
__________________
Anupam
Anupam is offline   Reply With Quote
Old 02. Mar 2010, 08:03 PM   #3 (permalink)
Full Member
 
Join Date: Jul 2008
Location: Sweden
Posts: 70
Default

Ritho, I am running XP Home and uploaded both files to VirusTotal. Nothing found.

I also took a quick A-Squared scan, but none of the two files were identified. Which type of scan did you take?

I have stopped using A-Squared for the following reason.

When starting it (after updating), a rescan of quarantined files is performed. Every time I get the following message:

After rescanning the quarantined objects with the new downloaded signatures, it turned out that some of them were detected in wrong (false positives). Do you want to restore these objects now to their original locations. Yes or No.

What irritates me is that I don´t get a list of which files are considered false positives, and hence I cannot make an informed decision.

Bengt S
Bengt S is offline   Reply With Quote
Old 02. Mar 2010, 08:09 PM   #4 (permalink)
Super Moderator
 
Anupam's Avatar
 
Join Date: Jul 2008
Location: India
Posts: 15,334
Default

Whoa! Bengt, you are scaring me now . I am having WinXP Pro. I had uploaded just the Taskman file to VirusTotal, and had got the same result as Ritho. That would mean, both our PCs are infected?

Mine is fresh install of XP on a new hard disk, don't scare me .
__________________
Anupam
Anupam is offline   Reply With Quote
Old 02. Mar 2010, 08:21 PM   #5 (permalink)
Full Member
 
Join Date: Jul 2008
Location: Sweden
Posts: 70
Default

Well Anupam, I guess you´re not behind a router.
Bengt S is offline   Reply With Quote
Old 02. Mar 2010, 08:24 PM   #6 (permalink)
Super Moderator
 
Anupam's Avatar
 
Join Date: Jul 2008
Location: India
Posts: 15,334
Default

Are you still trying to scare me?

Well yeah, you guessed it right. I am not behind a router, neither am I using a firewall nowadays. Its just Avast, and just today, installed WinPatrol. I hope I am not infected already.
__________________
Anupam
Anupam is offline   Reply With Quote
Old 02. Mar 2010, 08:26 PM   #7 (permalink)
Senior Member
 
Ritho's Avatar
 
Join Date: Apr 2008
Location: Planet Earth
Posts: 1,379
Default

If you want to check the hash codes I listed them below.

All of my files from the three different installations have the same hash codes, even between XP Home and Pro.

MD5 hash codes.

Taskman.exe f4dfd83153e8c9088ae2db704107060d

Systray.exe 46e07fd3a40760fda18cf6b4fc691742

Bengt I would like to see your MD5's they appear on the site when you first upload your files. Could you do that?
__________________
The smallest good deed is better than the greatest intention.
Ritho is offline   Reply With Quote
Old 02. Mar 2010, 08:38 PM   #8 (permalink)
Full Member
 
Join Date: Jul 2008
Location: Sweden
Posts: 70
Default

Ritho, here they are:

Taskman.exe ca7ca45c6156c950a5d4645d51e294f3

Systray.exe 70f18d1965ea8b3aa73264cfe0f9144f
Bengt S is offline   Reply With Quote
Old 02. Mar 2010, 08:46 PM   #9 (permalink)
Senior Member
 
Ritho's Avatar
 
Join Date: Apr 2008
Location: Planet Earth
Posts: 1,379
Default

Thanks, Bengt! Obviously you have a different set of files some how. Maybe a European version of Windows?

I went and extracted the files fresh from my install disk, and they are exactly the same as my others. So I am not worried about a virus.

I think I will make a report to A-Squared. It just would not be good if someone deleted their systray and taskmanager. But I don't think you can do it very easy because windows protects those files. Still I was not willing to click quarantine or delete to test my theory.
__________________
The smallest good deed is better than the greatest intention.
Ritho is offline   Reply With Quote
Old 02. Mar 2010, 09:00 PM   #10 (permalink)
Full Member
 
Join Date: Jul 2008
Location: Sweden
Posts: 70
Default

Quote:
Originally Posted by Ritho View Post
Thanks, Bengt! Obviously you have a different set of files some how. Maybe a European version of Windows?
Yes, it is a rather old Swedish Version 2002

Quote:
Originally Posted by Ritho View Post
Still I was not willing to click quarantine or delete to test my theory.
I thought every editor loved testing software theories, keeping their disk images warm.
Bengt S is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT +1. The time now is 04:29 AM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2021, vBulletin Solutions, Inc.