Author Topic: false positive with aaw new ref file! se1r64  (Read 10010 times)

0 Members and 1 Guest are viewing this topic.

Offline mitch

  • Hero Member
  • *****
  • Posts: 729
    • View Profile
false positive with aaw new ref file! se1r64
« on: September 01, 2005, 03:58:14 AM »
you will see i get two hits for "favoriteman" in this log

look at the company !
they are respected and several big firms use them
NAV had the same false positive !
http://www.indigorose.com/forums/showthread.php?t=8007&page=2&pp=15&highlight=norton

and another forum
http://www.xpforum.co.uk/forum/archive.php/o_t__t_5842__solved-is-iun6002.exe-really-spyware.html

so now i gt to play "put back"

someone might want to tell the "official" aaw people?

spybot S & D  clear no problem

A2  clear and no problem

Microsoft's anti-spyware   clear no problems

EWIDO clear and no problems

AVG clear and no problems

here is my aaw log



Ad-Aware SE Build 1.06r1
Logfile Created on:Wednesday, August 31, 2005 9:22:43 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R64 31.08.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Favoriteman(TAC index:8):2 total references
MRU List(TAC index:0):2 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R64 31.08.2005
Internal build : 74
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 515383 Bytes
Total size : 1551653 Bytes
Signature data size : 1518542 Bytes
Reference data size : 32599 Bytes
Signatures total : 43185
CSI Fingerprints total : 1032
CSI data size : 36709 Bytes
Target categories : 15
Target families : 740


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Non Intel
Memory available:67 %
Total physical memory:1015140 kb
Available physical memory:676076 kb
Total page file size:1436964 kb
Available on page file:1219952 kb
Total virtual memory:2097024 kb
Available virtual memory:2046480 kb
OS:Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Reanalyze results after scanning before displaying results lists
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


8-31-2005 9:22:43 PM - Scan started. (Full System Scan)


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
    FilePath           : \SystemRoot\System32\
    ProcessID          : 364
    ThreadCreationTime : 9-1-2005 3:08:59 AM
    BasePriority       : Normal


#:2 [csrss.exe]
    FilePath           : \??\C:\WINDOWS\system32\
    ProcessID          : 420
    ThreadCreationTime : 9-1-2005 3:09:01 AM
    BasePriority       : Normal


#:3 [winlogon.exe]
    FilePath           : \??\C:\WINDOWS\system32\
    ProcessID          : 444
    ThreadCreationTime : 9-1-2005 3:09:01 AM
    BasePriority       : High


#:4 [services.exe]
    FilePath           : C:\WINDOWS\system32\
    ProcessID          : 488
    ThreadCreationTime : 9-1-2005 3:09:02 AM
    BasePriority       : Normal
    FileVersion        : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion     : 5.1.2600.2180
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Services and Controller app
    InternalName       : services.exe
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : services.exe

#:5 [lsass.exe]
    FilePath           : C:\WINDOWS\system32\
    ProcessID          : 500
    ThreadCreationTime : 9-1-2005 3:09:02 AM
    BasePriority       : Normal
    FileVersion        : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion     : 5.1.2600.2180
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : LSA Shell (Export Version)
    InternalName       : lsass.exe
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : lsass.exe

#:6 [svchost.exe]
    FilePath           : C:\WINDOWS\system32\
    ProcessID          : 660
    ThreadCreationTime : 9-1-2005 3:09:03 AM
    BasePriority       : Normal
    FileVersion        : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion     : 5.1.2600.2180
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Generic Host Process for Win32 Services
    InternalName       : svchost.exe
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : svchost.exe

#:7 [svchost.exe]
    FilePath           : C:\WINDOWS\system32\
    ProcessID          : 724
    ThreadCreationTime : 9-1-2005 3:09:04 AM
    BasePriority       : Normal
    FileVersion        : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion     : 5.1.2600.2180
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Generic Host Process for Win32 Services
    InternalName       : svchost.exe
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : svchost.exe

#:8 [smc.exe]
    FilePath           : C:\Program Files\Sygate\SPF\
    ProcessID          : 768
    ThreadCreationTime : 9-1-2005 3:09:04 AM
    BasePriority       : Normal
    FileVersion        : 5.5.00.2637
    ProductVersion     : 5.5.00.2637
    ProductName        : Sygate® Security Agent and Personal Firewall
    CompanyName        : Sygate Technologies, Inc.
    FileDescription    : Sygate Agent Firewall
    InternalName       : Smc
    LegalCopyright     : Copyright ©  1999 - 2003 Sygate Technologies, Inc. All rights reserved.
    OriginalFilename   : Smc.EXE

#:9 [svchost.exe]
    FilePath           : C:\WINDOWS\System32\
    ProcessID          : 808
    ThreadCreationTime : 9-1-2005 3:09:05 AM
    BasePriority       : Normal
    FileVersion        : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion     : 5.1.2600.2180
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Generic Host Process for Win32 Services
    InternalName       : svchost.exe
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : svchost.exe

#:10 [svchost.exe]
    FilePath           : C:\WINDOWS\System32\
    ProcessID          : 840
    ThreadCreationTime : 9-1-2005 3:09:06 AM
    BasePriority       : Normal
    FileVersion        : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion     : 5.1.2600.2180
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Generic Host Process for Win32 Services
    InternalName       : svchost.exe
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : svchost.exe

#:11 [svchost.exe]
    FilePath           : C:\WINDOWS\System32\
    ProcessID          : 868
    ThreadCreationTime : 9-1-2005 3:09:06 AM
    BasePriority       : Normal
    FileVersion        : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion     : 5.1.2600.2180
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Generic Host Process for Win32 Services
    InternalName       : svchost.exe
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : svchost.exe

#:12 [spoolsv.exe]
    FilePath           : C:\WINDOWS\system32\
    ProcessID          : 948
    ThreadCreationTime : 9-1-2005 3:09:07 AM
    BasePriority       : Normal
    FileVersion        : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
    ProductVersion     : 5.1.2600.2696
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Spooler SubSystem App
    InternalName       : spoolsv.exe
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : spoolsv.exe

#:13 [avgamsvr.exe]
    FilePath           : C:\PROGRA~1\Grisoft\AVGFRE~1\
    ProcessID          : 1252
    ThreadCreationTime : 9-1-2005 3:09:12 AM
    BasePriority       : Normal
    FileVersion        : 7,1,0,321
    ProductVersion     : 7.1.0.321
    ProductName        : AVG Anti-Virus System
    CompanyName        : GRISOFT, s.r.o.
    FileDescription    : AVG Alert Manager
    InternalName       : avgamsvr
    LegalCopyright     : Copyright © 2005, GRISOFT, s.r.o.
    OriginalFilename   : avgamsvr.EXE

#:14 [avgupsvc.exe]
    FilePath           : C:\PROGRA~1\Grisoft\AVGFRE~1\
    ProcessID          : 1340
    ThreadCreationTime : 9-1-2005 3:09:12 AM
    BasePriority       : Normal
    FileVersion        : 7,1,0,321
    ProductVersion     : 7.1.0.321
    ProductName        : AVG 7.0 Anti-Virus System
    CompanyName        : GRISOFT, s.r.o.
    FileDescription    : AVG Update Service
    InternalName       : avgupsvc
    LegalCopyright     : Copyright © 2005, GRISOFT, s.r.o.
    OriginalFilename   : avgupdsvc.EXE

#:15 [ewidoctrl.exe]
    FilePath           : C:\Program Files\ewido\security suite\
    ProcessID          : 1412
    ThreadCreationTime : 9-1-2005 3:09:12 AM
    BasePriority       : Normal
    FileVersion        : 3, 0, 0, 1
    ProductVersion     : 3, 0, 0, 1
    ProductName        : ewido control
    CompanyName        : ewido networks
    FileDescription    : ewido control
    InternalName       : ewido control
    LegalCopyright     : Copyright © 2004
    OriginalFilename   : ewidoctrl.exe

#:16 [ghosts~2.exe]
    FilePath           : C:\PROGRA~1\Symantec\NORTON~1\
    ProcessID          : 1432
    ThreadCreationTime : 9-1-2005 3:09:13 AM
    BasePriority       : Normal
    FileVersion        : 2003.775
    ProductVersion     : 2003.775
    ProductName        : Norton Ghost Start Service
    CompanyName        : Symantec Corporation
    FileDescription    : Norton Ghost Start
    InternalName       : GhostStartService
    LegalCopyright     : Copyright (C) 1998-2002 Symantec Corp. All rights reserved.
    OriginalFilename   : GhostStartService.exe

#:17 [nvsvc32.exe]
    FilePath           : C:\WINDOWS\System32\
    ProcessID          : 1452
    ThreadCreationTime : 9-1-2005 3:09:13 AM
    BasePriority       : Normal
    FileVersion        : 6.14.10.5216
    ProductVersion     : 6.14.10.5216
    ProductName        : NVIDIA Driver Helper Service, Version 52.16
    CompanyName        : NVIDIA Corporation
    FileDescription    : NVIDIA Driver Helper Service, Version 52.16
    InternalName       : NVSVC
    LegalCopyright     : (C) NVIDIA Corporation. All rights reserved.
    OriginalFilename   : nvsvc32.exe

#:18 [svchost.exe]
    FilePath           : C:\WINDOWS\System32\
    ProcessID          : 1520
    ThreadCreationTime : 9-1-2005 3:09:13 AM
    BasePriority       : Normal
    FileVersion        : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion     : 5.1.2600.2180
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Generic Host Process for Win32 Services
    InternalName       : svchost.exe
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : svchost.exe

#:19 [explorer.exe]
    FilePath           : C:\WINDOWS\
    ProcessID          : 672
    ThreadCreationTime : 9-1-2005 4:20:50 AM
    BasePriority       : Normal
    FileVersion        : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion     : 6.00.2900.2180
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Windows Explorer
    InternalName       : explorer
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : EXPLORER.EXE

#:20 [point32.exe]
    FilePath           : C:\Program Files\Microsoft Hardware\Mouse\
    ProcessID          : 1024
    ThreadCreationTime : 9-1-2005 4:20:53 AM
    BasePriority       : Normal


#:21 [avgcc.exe]
    FilePath           : C:\PROGRA~1\Grisoft\AVGFRE~1\
    ProcessID          : 1784
    ThreadCreationTime : 9-1-2005 4:20:53 AM
    BasePriority       : Normal
    FileVersion        : 7,1,0,338
    ProductVersion     : 7.1.0.338
    ProductName        : AVG Anti-Virus System
    CompanyName        : GRISOFT, s.r.o.
    FileDescription    : AVG Control Center
    InternalName       : AvgCC
    LegalCopyright     : Copyright © 2005, GRISOFT, s.r.o.
    OriginalFilename   : AvgCC.EXE

#:22 [avgemc.exe]
    FilePath           : C:\PROGRA~1\Grisoft\AVGFRE~1\
    ProcessID          : 1208
    ThreadCreationTime : 9-1-2005 4:20:53 AM
    BasePriority       : Normal
    FileVersion        : 7,1,0,338
    ProductVersion     : 7.1.0.338
    ProductName        : AVG Anti-Virus System
    CompanyName        : GRISOFT, s.r.o.
    FileDescription    : AVG E-Mail Scanner
    InternalName       : avgemc
    LegalCopyright     : Copyright © 2005, GRISOFT, s.r.o.
    OriginalFilename   : avgemc.exe

#:23 [jusched.exe]
    FilePath           : C:\Program Files\Java\jre1.5.0_02\bin\
    ProcessID          : 1084
    ThreadCreationTime : 9-1-2005 4:20:53 AM
    BasePriority       : Normal


#:24 [gcasdtserv.exe]
    FilePath           : C:\Program Files\Microsoft AntiSpyware\
    ProcessID          : 1372
    ThreadCreationTime : 9-1-2005 4:20:54 AM
    BasePriority       : Normal
    FileVersion        : 1.00.0615
    ProductVersion     : 1.00.0615
    ProductName        : Microsoft AntiSpyware (Beta 1)
    CompanyName        : Microsoft Corporation
    FileDescription    : Microsoft AntiSpyware Data Service
    InternalName       : gcasDtServ
    LegalCopyright     : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.
    LegalTrademarks    : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet(tm) is a trademark of Microsoft Corporation.
    OriginalFilename   : gcasDtServ.exe

#:25 [ad-aware.exe]
    FilePath           : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
    ProcessID          : 2248
    ThreadCreationTime : 9-1-2005 4:22:34 AM
    BasePriority       : Normal
    FileVersion        : 6.2.0.236
    ProductVersion     : SE 106
    ProductName        : Lavasoft Ad-Aware SE
    CompanyName        : Lavasoft Sweden
    FileDescription    : Ad-Aware SE Core application
    InternalName       : Ad-Aware.exe
    LegalCopyright     : Copyright © Lavasoft AB Sweden
    OriginalFilename   : Ad-Aware.exe
    Comments           : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 Favoriteman Object Recognized!
    Type               : File
    Data               : A0031573.exe
    TAC Rating         : 8
    Category           : Malware
    Comment            :
    Object             : C:\System Volume Information\_restore{F75A251E-D057-4F0D-A53A-01F7356F21B3}\RP127\
    FileVersion        : 6.0.1.4
    ProductVersion     : 6.0.1.4
    ProductName        : Setup Factory 6.0 Runtime Module
    CompanyName        : Indigo Rose Corporation
    FileDescription    : SUF60Runtime
    InternalName       : SUF60Runtime
    LegalCopyright     : Copyright © 2001 - 2002 Indigo Rose Corporation. All Rights Reserved
    LegalTrademarks    : Setup Factory is a trademark of Indigo Rose Corporation
    OriginalFilename   : SUF60Runtime.exe
    Comments           : http://www.indigorose.com


 Favoriteman Object Recognized!
    Type               : File
    Data               : iun6002.exe
    TAC Rating         : 8
    Category           : Malware
    Comment            :
    Object             : C:\WINDOWS\
    FileVersion        : 6.0.1.4
    ProductVersion     : 6.0.1.4
    ProductName        : Setup Factory 6.0 Runtime Module
    CompanyName        : Indigo Rose Corporation
    FileDescription    : SUF60Runtime
    InternalName       : SUF60Runtime
    LegalCopyright     : Copyright © 2001 - 2002 Indigo Rose Corporation. All Rights Reserved
    LegalTrademarks    : Setup Factory is a trademark of Indigo Rose Corporation
    OriginalFilename   : SUF60Runtime.exe
    Comments           : http://www.indigorose.com


Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4


Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 4




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4

9:26:59 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:04:16.250
Objects scanned:101013
Objects identified:2
Objects ignored:0
New critical objects:2

Offline Die Hard

  • LzD Fallen Heroes
  • Hero Member
  • *****
  • Posts: 971
  • The Northern Berserk
    • View Profile
Re: false positive with aaw new ref file! se1r64
« Reply #1 on: September 01, 2005, 06:26:59 AM »
Has AAW taken the simple route..........detect objects by filename??  :moreevil:

Die Hard :)
I create and edit my posts in GS-NOTES

Offline winchester73

  • Half a bubble off plumb
  • Administrator
  • Hero Member
  • *****
  • Posts: 7203
  • Liverpool FC - YNWA
    • View Profile
Re: false positive with aaw new ref file! se1r64
« Reply #2 on: September 01, 2005, 11:13:03 AM »
Put here for LS Steve to see: http://www.dslreports.com/forum/remark,14268670

Perhaps the issue is the file iun6002.exe?  It is usually related to Desktop Surveillance Personal "program".

It is also the uninstaller created by Setup Factory 6.0 ... http://indigorose.com/forums/showthread.php?t=4718
Speak softly, but carry a big Winchester ... Winchester Arms Collectors Association member

Offline Jason

  • Sr. Member
  • ****
  • Posts: 321
  • The Onomatopoetic
    • View Profile
Re: false positive with aaw new ref file! se1r64
« Reply #3 on: September 01, 2005, 12:09:25 PM »
Has AAW taken the simple route..........detect objects by filename??  :moreevil:

Die Hard :)
:uhm: Hhrrm! :lol: :mrgreen:
In a perfect world, spammers would get caught, go to jail, and share a cell with many men who have enlarged something, taken Viagra and are looking for a new relationship.

Offline winchester73

  • Half a bubble off plumb
  • Administrator
  • Hero Member
  • *****
  • Posts: 7203
  • Liverpool FC - YNWA
    • View Profile
Re: false positive with aaw new ref file! se1r64
« Reply #4 on: September 02, 2005, 11:10:19 AM »
Well well ...

I just ran the updater, and it seems as though an update has been released quietly (it is still marked SE1R64 31.08.2005) ...

Internal build is now 75 instead of 74

File size is 515324 bytes (was 515383)

Total size is 1551493 bytes (was 1551653)

Signature total is 43181 (was 43185)
Speak softly, but carry a big Winchester ... Winchester Arms Collectors Association member

Offline mitch

  • Hero Member
  • *****
  • Posts: 729
    • View Profile
Re: false positive with aaw new ref file! se1r64
« Reply #5 on: September 02, 2005, 02:25:58 PM »
a few thoughts from the phantom ;-)
1. a unannounced update doesn't help all!
2. it looks like if you did remove the FALSE POSITIVES that you will have trouble uninstalling that program
3. well aaw is up to 50% now
i took the two and removed them from the ignore list and now just this shows

so you are 1/2 way there aaw and when you do fix this one you might make a announcement

kinda like being pregnant....you are or your aren't.........  no 1/2 way

Favoriteman Object Recognized!
    Type               : File
    Data               : A0031585.exe
    TAC Rating         : 8
    Category           : Malware
    Comment            :
    Object             : C:\System Volume Information\_restore{F75A251E-D057-4F0D-A53A-01F7356F21B3}\RP127\
    FileVersion        : 6.0.1.4
    ProductVersion     : 6.0.1.4
    ProductName        : Setup Factory 6.0 Runtime Module
    CompanyName        : Indigo Rose Corporation
    FileDescription    : SUF60Runtime
    InternalName       : SUF60Runtime
    LegalCopyright     : Copyright © 2001 - 2002 Indigo Rose Corporation. All Rights Reserved
    LegalTrademarks    : Setup Factory is a trademark of Indigo Rose Corporation
    OriginalFilename   : SUF60Runtime.exe
    Comments           : http://www.indigorose.com



Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19421
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: false positive with aaw new ref file! se1r64
« Reply #6 on: September 02, 2005, 02:35:33 PM »
There was also a f/p reported at CCSP.  Here's the info from the Research Blog:

SE1R64 31.08.2005 Build 75 available
September 2nd, 2005

This replaces SE1R64 build 74, correcting reported false positives discovered in the definition file update dated 31.08.2005

The files in question were an ActiveX registry manipulation object and an installation runtime file.

The ActiveX object was detected as family “Adlogix”, and the runtime file as family “Favoriteman”.

We have released a fix for this problem, which can be installed by performing a webupdate.

MD5 checksum is: 186000c65363112db6161c3d7c153a7d

http://www.lavasoftresearch.com/bloglogin.php


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19421
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: false positive with aaw new ref file! se1r64
« Reply #7 on: September 02, 2005, 10:20:58 PM »
There are reports at BBR,CCSP & GSF that users are unable to get Build 75 via WebUpdate.  I suspect not all the servers were updated.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline hayc59

  • Voodoo Child
  • Hero Member
  • *****
  • Posts: 1211
  • Gentleman
    • View Profile
Re: false positive with aaw new ref file! se1r64
« Reply #8 on: September 03, 2005, 12:58:19 AM »
There are reports at BBR,CCSP & GSF that users are unable to get Build 75 via WebUpdate.  I suspect not all the servers were updated.
Just was able to get mine after several attemps :)

9.11.01
"The most beautiful flower loses her beauty one day, but a hard faithful friend an eternity"
"Beauty that is not hidden to deepest of my soul can be seen that with eyes of the heart"

'Never Forget'