View Full Version : Is this a false positive

15-05-2010, 03:56 PM
I've finished a scan with Spyware Terminator. It says it found the following infections

Registry HKLM\ ...\Microsoft\Windows NT\CurrentVersion\Image File Execution Option\egui.exe
Registry HKLM\ ...\Microsoft\Windows NT\CurrentVersion\Image File Execution Option\ekrn.exe

A quick Google search found these results Win32/Agent.PCU (http://www.eset.eu/encyclopaedia/win32_agent_pcu_trojan_antiav_asw_generic_download er_x_trojan_killav#E5_A) and False Positive (http://forums.iobit.com/showthread.php?p=43487)

Is this something I need to worry about?

Speedy Gonzales
15-05-2010, 03:59 PM
Those belong to NOD32 dont they?

15-05-2010, 04:17 PM
Those belong to NOD32 dont they?

Yes they do. I've had Nod32 installed for 5 months now and spyware terminator for 7 months it's only now that spyware has found these "infections".

I also scanned with Nod32 that came up clean. Malwarebytes is doing a scan now.

15-05-2010, 04:31 PM
Spyware terminator has it wrong - they are Nod32 files.

You have to tell Spyware Terminator to ignore them in future scans.
I had that happen a couple of months ago.

16-05-2010, 09:28 AM
False positives are quite common. I get them with various old files on my PC quite regularly with different scanners. NOD itself does it too.

As Wainuitech says, tell it to ignore them. They usually go away after a definition update or two.

16-05-2010, 12:18 PM
Thanks everyone. Just needed to check, have added to ignore list.