Results 1 to 10 of 20

Thread: False Positive or not?

Hybrid View

  1. 01-05-2009, 10:26 PM #1
    Buffalo Guest

    Re: False Positive or not?



    siljaline wrote:
    > Buffalo wrote:
    >> MBAM lists Winnit\System32\Sysrestore.dll from Rogue.Ascentive
    >> Performance as malware. I submitted the file to VirusTotal and the
    >> results were negative. I now have that file in quarantine.
    >> Anyone have any other info on this?
    >> Rogue.AscentivePerformance
    >> Date spotted:
    >> First seen on 2008-10-04.
    >> Last seen on 2009-01-06.
    >>
    >> Detection statistics:
    >> This object is 0.08% of all objects detected.
    >> 424,252 instances detected worldwide.
    >
    > FWIW, it's not a "native" file on my XP Pro Box, MBAM is flagging
    > something that needs investigating.
    > Dave should be able to assist you through the rest.
    >
    > Good luck with it.
    >
    > Silj
    Thanks, I also scanned it with Norton, Avira and SAS with no hits.
    I believe it is part of a trial program I dl'd possibly called Active Speed.
    I think I installed it using Total Uninstall and perhaps it was a 'shared'
    file that did not get deleted when I uninstalled the program.
    I'm just guessing.
    I will keep it in quarantine until I get more info on it. I use Win2000Pro.
    PS: No, I did not give them my CC number.
    Buffalo


    Reply With Quote Reply With Quote
  2. 01-05-2009, 10:53 PM #2
    David H. Lipman Guest

    Re: False Positive or not?

    From: "Buffalo" <Eric@nada.com.invalid>



    | siljaline wrote:
    >> Buffalo wrote:
    >>> MBAM lists Winnit\System32\Sysrestore.dll from Rogue.Ascentive
    >>> Performance as malware. I submitted the file to VirusTotal and the
    >>> results were negative. I now have that file in quarantine.
    >>> Anyone have any other info on this?
    >>> Rogue.AscentivePerformance
    >>> Date spotted:
    >>> First seen on 2008-10-04.
    >>> Last seen on 2009-01-06.

    >>> Detection statistics:
    >>> This object is 0.08% of all objects detected.
    >>> 424,252 instances detected worldwide.

    >> FWIW, it's not a "native" file on my XP Pro Box, MBAM is flagging
    >> something that needs investigating.
    >> Dave should be able to assist you through the rest.

    >> Good luck with it.

    >> Silj
    | Thanks, I also scanned it with Norton, Avira and SAS with no hits.
    | I believe it is part of a trial program I dl'd possibly called Active Speed.
    | I think I installed it using Total Uninstall and perhaps it was a 'shared'
    | file that did not get deleted when I uninstalled the program.
    | I'm just guessing.
    | I will keep it in quarantine until I get more info on it. I use Win2000Pro.
    PS:: No, I did not give them my CC number.
    | Buffalo



    Yes, please keep it in quarantine for a while.

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp


    Reply With Quote Reply With Quote
  3. 01-05-2009, 11:06 PM #3
    Buffalo Guest

    Re: False Positive or not?



    David H. Lipman wrote:
    > From: "Buffalo" <Eric@nada.com.invalid>
    >
    >
    >
    >> siljaline wrote:
    >>> Buffalo wrote:
    >>>> MBAM lists Winnit\System32\Sysrestore.dll from Rogue.Ascentive
    >>>> Performance as malware. I submitted the file to VirusTotal and the
    >>>> results were negative. I now have that file in quarantine.
    >>>> Anyone have any other info on this?
    >>>> Rogue.AscentivePerformance
    >>>> Date spotted:
    >>>> First seen on 2008-10-04.
    >>>> Last seen on 2009-01-06.
    >
    >>>> Detection statistics:
    >>>> This object is 0.08% of all objects detected.
    >>>> 424,252 instances detected worldwide.
    >
    >>> FWIW, it's not a "native" file on my XP Pro Box, MBAM is flagging
    >>> something that needs investigating.
    >>> Dave should be able to assist you through the rest.
    >
    >>> Good luck with it.
    >
    >>> Silj
    >> Thanks, I also scanned it with Norton, Avira and SAS with no hits.
    >> I believe it is part of a trial program I dl'd possibly called
    >> Active Speed. I think I installed it using Total Uninstall and
    >> perhaps it was a 'shared' file that did not get deleted when I
    >> uninstalled the program.
    >> I'm just guessing.
    >> I will keep it in quarantine until I get more info on it. I use
    >> Win2000Pro.
    > PS:: No, I did not give them my CC number.
    >> Buffalo
    >
    >
    >
    > Yes, please keep it in quarantine for a while.

    Actually I believe it was another program that I tried recently and
    installed with VirusTotal that supposedly scanned my PC and brought up some
    Registry Errors, Short-cut errors and un-used and/or invalid extensions. I
    closed the program and then used TotalUninstall to uninstall it and it did
    say there were some shared dlls. I chose not to delete them.
    I thought the program name started with an s .
    I didn't let the program correct anything and I'm really not worried about
    it.

    I am not having a problem or any slowdowns due to it.
    PS:
    Thanks for the advice and I will keep that file in quarantine.


    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules