False Positive?

March 7th, 2022

Image
My Nod32 Smart Security keeps finding the same thing, but it is a different driver each time. Oddly enough, a similar thing happened before I rebooted this computer 2 days ago. I don’t know where this is coming from, because the software on this computer are programs such as iTunes.
P.S. I’m running Windows Vista SP1

Answer #1
Weird, that file is a chipset driver for communication between the CPU and AGP bus? It looks like you have something infecting files in your system, so each time Nod cleans one it reinfects another, have you done a full scan?
Answer #2
I have. That’s how it found the infected files. I mean, the supposed rootkit/trojan isn’t effecting the computer performance. What should I do?
Answer #3
try a boot time scan
Answer #4
How do I do that in Nod32?
Answer #5
tbh i don’t think if it’s possible with Nod32 I personally use Avast but browse around the av options
Answer #6
Also, my website seems to have been exploited as well. In firefox where it says transferring data from and things like that, it says
argos-co-uk.jrj.com.cn.playstation-com.simplehomelink.ru
Answer #7
try use malwarebytes antimaleware…
Answer #8
Use a live cd to scan computer. Once you clean your PC ditch that ESET AV its ~love~ get Avira + Comodo Firewall + Malwarebytes Avira live cd
  http://www.free-av.com/en/tools/12/avira_antivir_rescue_system.html

Kaspersky live CD
 devbuilds.kaspersky-labs.com/devbuilds/RescueDisk/
Bitdefender live CD
   download.bitdefender.com/rescue_cd/
Drweblive CD
    www.freedrweb.com/livecd/
Answer #9
Malwarebytes’ Anti-Malware 1.42
Database version: 3442
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000
12/27/2009 10:10:43 PM
mbam-log-2009-12-27 (22-10-43).txt
Scan type: Full Scan (C:\|)
Objects scanned: 254247
Time elapsed: 1 hour(s), 8 minute(s), 8 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5
Memory Processes Infected:
C:\Windows\sr882388.exe (Spyware.Passwords) -> Unloaded process successfully.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ttool (Spyware.Passwords) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysgif32 (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Windows\sr882388.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Timmy\Downloads\Adobe Photoshop CS4 Extended\Adobe Photoshop CS4 Extended\Adobe CS4 Activation Patch\Adobe CS4 Keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Timmy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\siszyd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Timmy\AppData\Roaming\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Timmy\AppData\Roaming\fvgqad.dat (Malware.Trace) -> Quarantined and deleted successfully.
I just made a payment on Paypal. What should I do?
Answer #10
Go to all your important sites (bank, here, paypal, ebay, et al) and change your passwords AFTER you no longer have the “Spyware.Passwords” running.

 

| Sitemap |