ClamWin Free Antivirus Forum Index
ClamWin Free Antivirus
Support and Discussion Forums
ClamWin Free Antivirus Forum Index » Virus Scanner
Reply to topic
Fales (?) virus reports on registry files
redsolo


Joined: 14 May 2006
Posts: 0
Post Posted: Sun May 14, 2006 5:40 pm Reply with quote
Im using 0.88.2.3 clamwin and I got a message stating that I have two viruses in two files. But when I look into the files they look very empty.

Here is the clamwin log:
Code:

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegGBP2b-Global.reg: Trojan.WinREG.StartPage-3 FOUND
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegUBP2b-Administrat?śr.reg: Trojan.WinREG.StartPage-3 FOUND
-- summary --
Known viruses: 55049
Engine version: 0.88.2
Scanned directories: 6406
Scanned files: 41617
Infected files: 2


But then when I check the files the look like this:
RegUBP2b-Administrat?śr.reg
Code:
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="about:blank"
// the value ""Start Page_bak"" does not exist
// the value ""Default_Page_URL"" does not exist
// the value ""Default_Search_URL"" does not exist
// the value ""First Home Page"" does not exist
// the value ""SearchAssistant"" does not exist
// the value ""HomeOldSP"" does not exist


RegGBP2b-Global.reg
Code:
REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
// the value ""Start Page_bak"" does not exist
// the value ""First Home Page"" does not exist
// the value ""SearchAssistant"" does not exist
// the value ""HomeOldSP"" does not exist



I guess the "RegGBP2b-Global.reg" file could have some bad things in it, but just by looking at it looks ok. Does anyone have an explaination for this?
View user's profileSend private message
alch
Site Admin

Joined: 27 Nov 2005
Posts: 0
Post Posted: Sun May 14, 2006 11:39 pm Reply with quote
I guess it is a false positive as it should not treat any start page registry as a trojan.
View user's profileSend private message
redsolo


Joined: 14 May 2006
Posts: 0
Post Posted: Mon May 15, 2006 6:42 am Reply with quote
Ok, I will report it then as a bug
View user's profileSend private message
alch
Site Admin

Joined: 27 Nov 2005
Posts: 0
Post Posted: Mon May 15, 2006 8:25 am Reply with quote
I've already submitted a false positive request
View user's profileSend private message
friday3D


Joined: 18 May 2006
Posts: 0
Post Posted: Thu May 18, 2006 1:44 am Reply with quote
I am getting the same message:

C:/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Snapshots/RegGBP2b-Global.reg: Trojan.WinREG.StartPage-3 FOUND
C:/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Snapshots/RegUBP2b-Administrator.reg: Trojan.WinREG.StartPage-3 FOUND


I am using ClamWIN Version 0.88.2.3

As per my settings, these 2 files were move to the Quarantine folder.
To be safe I deleted these 2 files in the Quarantine folder.

Will that cause me any problems? (If these are false positive.)
View user's profileSend private message
alch
Site Admin

Joined: 27 Nov 2005
Posts: 0
Post Posted: Thu May 18, 2006 6:37 am Reply with quote
thses are false postive and should have been resolved by yesterday's database update. I don't think you need to worry about the quarantined files either
View user's profileSend private message
Fales (?) virus reports on registry files
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
 		All times are GMT  
Page 1 of 1  
  
  
ClamWin Free Antivirus Forum Index » Virus Scanner
 Reply to topic