PDA

View Full Version : New MS Spyware - False positives?



sarel
07-01-2005, 06:50 PM
Hi guys

This thread is at the bottom of one of the previous threads but I thought it warranted a bit more.

I also installed it and ran it and it found two problems:
- VX2.Transponder Browser Plug-in
- Rbot Worm[/COLOR]
that my other proggies did not pick up - Spybot, Adaware and Spysweeper. I had no problems on my PC (no hijacks, nothing) and I just wonder whether these two were just false positives?

Sarel

Metla
07-01-2005, 06:53 PM
False positives?

Nah.

Be harmless remnants of crap already removed by other programs.

Unless thats what you mean by false positives?

johnboy
07-01-2005, 06:56 PM
Info on both
transponder (http://www.google.com/search?hl=en&ie=UTF8&oe=UTF8&safe=active&q=VX2.Transponder%20Browser%20Plug-in)

Rbot (http://www.google.com/search?hl=en&ie=UTF8&oe=UTF8&safe=active&q=Rbot%20Worm[/COLOR)
hth

sarel
07-01-2005, 06:59 PM
Metla - that's what I also thought but I can't remember any of these on my PC previously (and I check them religiously, google them, etc to find out what they do).

Must also mention - the "new" proggie only picked up one file/line of code per item mentioned, so it must be remnants

Perhaps dementia is catching up with me not remembering :confused:

LOL

sarel

sarel
07-01-2005, 07:03 PM
Yeah Johnboy I did google them as well - as a matter of fact the MSSpybot provides a very in-depth story of every threat too:

Spyware Scan Details
Start Date: 7/01/2005 6:45:10 p.m.
End Date: 7/01/2005 6:47:57 p.m.
Total Time: 2 mins 47 secs

Detected Threats

VX2.Transponder Browser Plug-in more information...
Details: VX2 is an Internet Explorer Browser Helper Object that monitors web page requests and data entered into forms, sending this information to its home server, and opens pop-up advertisement windows. VX2 also collects and sends personal information.
Status: Removed
Severe threat - Severe threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction and exploits are in the wild. There exists a high possibility of potential system damage or security flaw. Attacker has complete control over your computer or install new software on your machine.

Infected files detected
c:\windows\system32\o


Rbot Worm more information...
Details: Rbot infects machines using the LSASS vulnerability in unpatched windows machines
Status: Removed
Severe threat - Severe threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction and exploits are in the wild. There exists a high possibility of potential system damage or security flaw. Attacker has complete control over your computer or install new software on your machine.

Infected registry keys/values detected
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run msn msnmsg.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run System Uptime Server sysentry32.exe


Detected Spyware Cookies
No spyware cookies were found during this scan.


sarel

sarel
08-01-2005, 06:52 AM
Updated signatures this morning and got one more

sarel