PDA

View Full Version : Is this a false positive



rebels181
15-05-2010, 03:56 PM
I've finished a scan with Spyware Terminator. It says it found the following infections

Registry HKLM\ ...\Microsoft\Windows NT\CurrentVersion\Image File Execution Option\egui.exe
Registry HKLM\ ...\Microsoft\Windows NT\CurrentVersion\Image File Execution Option\ekrn.exe

A quick Google search found these results Win32/Agent.PCU (http://www.eset.eu/encyclopaedia/win32_agent_pcu_trojan_antiav_asw_generic_download er_x_trojan_killav#E5_A) and False Positive (http://forums.iobit.com/showthread.php?p=43487)

Is this something I need to worry about?

Speedy Gonzales
15-05-2010, 03:59 PM
Those belong to NOD32 dont they?

rebels181
15-05-2010, 04:17 PM
Those belong to NOD32 dont they?

Yes they do. I've had Nod32 installed for 5 months now and spyware terminator for 7 months it's only now that spyware has found these "infections".

I also scanned with Nod32 that came up clean. Malwarebytes is doing a scan now.

wainuitech
15-05-2010, 04:31 PM
Spyware terminator has it wrong - they are Nod32 files.

You have to tell Spyware Terminator to ignore them in future scans.
I had that happen a couple of months ago.

pctek
16-05-2010, 09:28 AM
False positives are quite common. I get them with various old files on my PC quite regularly with different scanners. NOD itself does it too.

As Wainuitech says, tell it to ignore them. They usually go away after a definition update or two.

rebels181
16-05-2010, 12:18 PM
Thanks everyone. Just needed to check, have added to ignore list.