False Positive or not?

[Buffalo]

MBAM lists Winnit\System32\Sysrestore.dll from Rogue.Ascentive Performance
as malware. I submitted the file to VirusTotal and the results were
negative. I now have that file in quarantine.
Anyone have any other info on this?
Rogue.AscentivePerformance
Date spotted:
First seen on 2008-10-04.
Last seen on 2009-01-06.

Detection statistics:
This object is 0.08% of all objects detected.
424,252 instances detected worldwide.

[Buffalo]

Buffalo wrote:
> MBAM lists Winnit\System32\Sysrestore.dll from Rogue.Ascentive
> Performance as malware. I submitted the file to VirusTotal and the
> results were negative. I now have that file in quarantine.
> Anyone have any other info on this?
> Rogue.AscentivePerformance
> Date spotted:
> First seen on 2008-10-04.
> Last seen on 2009-01-06.
>
> Detection statistics:
> This object is 0.08% of all objects detected.
> 424,252 instances detected worldwide.

Sorry!
My system is Win2000Pro and I had just updated MBAM to 1.32 Database 1621
dated 1/5/2009

[David H. Lipman]

From: "Buffalo" <Eric@nada.com.invalid>

| MBAM lists Winnit\System32\Sysrestore.dll from Rogue.Ascentive Performance
| as malware. I submitted the file to VirusTotal and the results were
| negative. I now have that file in quarantine.
| Anyone have any other info on this?
| Rogue.AscentivePerformance
| Date spotted:
| First seen on 2008-10-04.
| Last seen on 2009-01-06.

| Detection statistics:
| This object is 0.08% of all objects detected.
| 424,252 instances detected worldwide.



What was the result of submitting Sysrestore.dll to Virus Total ?

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

[Buffalo]

David H. Lipman wrote:
> From: "Buffalo" <Eric@nada.com.invalid>
>
>> MBAM lists Winnit\System32\Sysrestore.dll from Rogue.Ascentive
>> Performance as malware. I submitted the file to VirusTotal and the
>> results were negative. I now have that file in quarantine.
>> Anyone have any other info on this?
>> Rogue.AscentivePerformance
>> Date spotted:
>> First seen on 2008-10-04.
>> Last seen on 2009-01-06.
>
>> Detection statistics:
>> This object is 0.08% of all objects detected.
>> 424,252 instances detected worldwide.
>
>
>
> What was the result of submitting Sysrestore.dll to Virus Total ?
All negative.

[Buffalo]

David H. Lipman wrote:
> From: "Buffalo" <Eric@nada.com.invalid>
>
>> MBAM lists Winnit\System32\Sysrestore.dll from Rogue.Ascentive
>> Performance as malware. I submitted the file to VirusTotal and the
>> results were negative. I now have that file in quarantine.
>> Anyone have any other info on this?
>> Rogue.AscentivePerformance
>> Date spotted:
>> First seen on 2008-10-04.
>> Last seen on 2009-01-06.
>
>> Detection statistics:
>> This object is 0.08% of all objects detected.
>> 424,252 instances detected worldwide.
>
>
>
> What was the result of submitting Sysrestore.dll to Virus Total ?

Nothing found. All negative.

[siljaline]

Buffalo wrote:
> MBAM lists Winnit\System32\Sysrestore.dll from Rogue.Ascentive Performance
> as malware. I submitted the file to VirusTotal and the results were
> negative. I now have that file in quarantine.
> Anyone have any other info on this?
> Rogue.AscentivePerformance
> Date spotted:
> First seen on 2008-10-04.
> Last seen on 2009-01-06.
>
> Detection statistics:
> This object is 0.08% of all objects detected.
> 424,252 instances detected worldwide.

FWIW, it's not a "native" file on my XP Pro Box, MBAM is flagging something that needs investigating.
Dave should be able to assist you through the rest.

Good luck with it.

Silj

--
"Arguing with anonymous strangers on the Internet is a sucker's game
because they almost always turn out to be -- or to be indistinguishable from
-- self-righteous sixteen-year-olds possessing infinite amounts of free time."
- Neil Stephenson, _Cryptonomicon_

[Buffalo]

siljaline wrote:
> Buffalo wrote:
>> MBAM lists Winnit\System32\Sysrestore.dll from Rogue.Ascentive
>> Performance as malware. I submitted the file to VirusTotal and the
>> results were negative. I now have that file in quarantine.
>> Anyone have any other info on this?
>> Rogue.AscentivePerformance
>> Date spotted:
>> First seen on 2008-10-04.
>> Last seen on 2009-01-06.
>>
>> Detection statistics:
>> This object is 0.08% of all objects detected.
>> 424,252 instances detected worldwide.
>
> FWIW, it's not a "native" file on my XP Pro Box, MBAM is flagging
> something that needs investigating.
> Dave should be able to assist you through the rest.
>
> Good luck with it.
>
> Silj
Thanks, I also scanned it with Norton, Avira and SAS with no hits.
I believe it is part of a trial program I dl'd possibly called Active Speed.
I think I installed it using Total Uninstall and perhaps it was a 'shared'
file that did not get deleted when I uninstalled the program.
I'm just guessing.
I will keep it in quarantine until I get more info on it. I use Win2000Pro.
PS: No, I did not give them my CC number.
Buffalo

[David H. Lipman]

From: "Buffalo" <Eric@nada.com.invalid>



| siljaline wrote:
>> Buffalo wrote:
>>> MBAM lists Winnit\System32\Sysrestore.dll from Rogue.Ascentive
>>> Performance as malware. I submitted the file to VirusTotal and the
>>> results were negative. I now have that file in quarantine.
>>> Anyone have any other info on this?
>>> Rogue.AscentivePerformance
>>> Date spotted:
>>> First seen on 2008-10-04.
>>> Last seen on 2009-01-06.

>>> Detection statistics:
>>> This object is 0.08% of all objects detected.
>>> 424,252 instances detected worldwide.

>> FWIW, it's not a "native" file on my XP Pro Box, MBAM is flagging
>> something that needs investigating.
>> Dave should be able to assist you through the rest.

>> Good luck with it.

>> Silj
| Thanks, I also scanned it with Norton, Avira and SAS with no hits.
| I believe it is part of a trial program I dl'd possibly called Active Speed.
| I think I installed it using Total Uninstall and perhaps it was a 'shared'
| file that did not get deleted when I uninstalled the program.
| I'm just guessing.
| I will keep it in quarantine until I get more info on it. I use Win2000Pro.
PS:: No, I did not give them my CC number.
| Buffalo



Yes, please keep it in quarantine for a while.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

[Buffalo]

David H. Lipman wrote:
> From: "Buffalo" <Eric@nada.com.invalid>
>
>
>
>> siljaline wrote:
>>> Buffalo wrote:
>>>> MBAM lists Winnit\System32\Sysrestore.dll from Rogue.Ascentive
>>>> Performance as malware. I submitted the file to VirusTotal and the
>>>> results were negative. I now have that file in quarantine.
>>>> Anyone have any other info on this?
>>>> Rogue.AscentivePerformance
>>>> Date spotted:
>>>> First seen on 2008-10-04.
>>>> Last seen on 2009-01-06.
>
>>>> Detection statistics:
>>>> This object is 0.08% of all objects detected.
>>>> 424,252 instances detected worldwide.
>
>>> FWIW, it's not a "native" file on my XP Pro Box, MBAM is flagging
>>> something that needs investigating.
>>> Dave should be able to assist you through the rest.
>
>>> Good luck with it.
>
>>> Silj
>> Thanks, I also scanned it with Norton, Avira and SAS with no hits.
>> I believe it is part of a trial program I dl'd possibly called
>> Active Speed. I think I installed it using Total Uninstall and
>> perhaps it was a 'shared' file that did not get deleted when I
>> uninstalled the program.
>> I'm just guessing.
>> I will keep it in quarantine until I get more info on it. I use
>> Win2000Pro.
> PS:: No, I did not give them my CC number.
>> Buffalo
>
>
>
> Yes, please keep it in quarantine for a while.

Actually I believe it was another program that I tried recently and
installed with VirusTotal that supposedly scanned my PC and brought up some
Registry Errors, Short-cut errors and un-used and/or invalid extensions. I
closed the program and then used TotalUninstall to uninstall it and it did
say there were some shared dlls. I chose not to delete them.
I thought the program name started with an s .
I didn't let the program correct anything and I'm really not worried about
it.

I am not having a problem or any slowdowns due to it.
PS:
Thanks for the advice and I will keep that file in quarantine.

[jen]

"Buffalo" <Eric@nada.com.invalid> wrote in message
news:gjubvu$u9l$1@news.motzarella.org...
> MBAM lists Winnit\System32\Sysrestore.dll from Rogue.Ascentive
> Performance
> as malware. I submitted the file to VirusTotal and the results were
> negative. I now have that file in quarantine.
> Anyone have any other info on this?
> Rogue.AscentivePerformance
> Date spotted:
> First seen on 2008-10-04.
> Last seen on 2009-01-06.
>
> Detection statistics:
> This object is 0.08% of all objects detected.
> 424,252 instances detected worldwide.

I think yuu mean:
"WINNT\System32\Sysrestore.dll"

SysRestore.dll is an Ascentive file and they own "finallyfast.com" (of
the stupid, misleading, scamming TV commercials). See a review here:
http://answers.yahoo.com/question/in...4125312AAbfMzw of
their business practices. And yes, anti-malware alerts on Ascentive
products. You might want to google this company before you do business
with them...

-jen