« previous next »
Pages: [1]   Go Down

Author Topic: xp-antispy or false positive??  (Read 3119 times)

0 Members and 1 Guest are viewing this topic.

true indian

  • Guest
xp-antispy or false positive??
« on: July 05, 2012, 11:14:31 AM »
see: https://www.virustotal.com/file/ed313ef6053dada4ff737b27f3fe0b4bfe547d993938d1bb05396b21f3615ceb/analysis/

found this at a clients house it wasnt active..MBAM didnt detect yesterday but it did detect this today..

is this a false positive or real malware??
« Last Edit: July 05, 2012, 11:35:39 AM by true indian »
Logged

SafeSurf

  • Guest
Re: xp-antispy or false positive??
« Reply #1 on: July 05, 2012, 11:33:53 AM »
Try another scanner since this was done 7 hours ago and see what results you get.  Otherwise, I'm sure Avast will check with their detections and look into it.
Logged

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33902
  • malware fighter
Re: xp-antispy or false positive??
« Reply #2 on: July 05, 2012, 01:32:12 PM »
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

true indian

  • Guest
Re: xp-antispy or false positive??
« Reply #3 on: July 05, 2012, 01:41:59 PM »
Logged

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89059
  • No support PMs thanks
Re: xp-antispy or false positive??
« Reply #4 on: July 05, 2012, 01:47:49 PM »
The name alone xp-antispy smacks of rogue anti-malware, so I would have been suspicious on the name alone.

I would have investigated first and there are many search hits on xp-antispy, some showing it is a legit program available on many download sites, http://www.softpedia.com/get/Internet/Popup-Ad-Spyware-Blockers/XPAntispy.shtml.

What it does might well be considered suspicious activity, sort of PUP like.

What you have to determine is if this is that legit program.
Logged
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.3.6108 (build 24.3.8975.762) UI 1.0.801/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

true indian

  • Guest
Re: xp-antispy or false positive??
« Reply #5 on: July 05, 2012, 01:52:28 PM »
as i said earlier,this was on client machine always it executed itself on the machine and crash! i guess it is a suspicious program  :)

I traced the location of file using COMODO Killswitch as it was xp machine and task manager in XP doesnt show locations...it was residing in a odd location somewhere in windows/temp
« Last Edit: July 05, 2012, 01:54:47 PM by true indian »
Logged

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33902
  • malware fighter
Re: xp-antispy or false positive??
« Reply #6 on: July 05, 2012, 02:02:17 PM »
Hi DavidR,

That is true. If true indian had googled http://www.google.nl/search?sugexp=chrome,mod=13&sourceid=chrome&ie=UTF-8&q=ed313ef6053dada4ff737b27f3fe0b4bfe547d993938d1bb05396b21f3615ceb  he would have stumbled upon that information right away.
Then again this would have brought him even further: http://www.google.nl/search?sugexp=chrome,mod=13&sourceid=chrome&ie=UTF-8&q=Quarantine.zip
A browser has a search function, then why not use it! e.g. http://f.virscan.org/Quarantine.zip.html (flagged trojan like behaviour)

polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »