Hi all,
I am not sure I can ask Q about CureIt here.
Here is one funny detection by CureIt for you.
None of known scanners could catch that :-)
DrWeb 4.44.0.09170 2008.04.10 Trojan.StartPage.1505
C:Documents and SettingsAll UsersApplication DataSpybot - Search & DestroySnapshots2RegUBP2b-User1.reg
Content:
------------------------------------------
REGEDIT4
[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain]
"Start Page"="http://www.google.com.au/"
// the value ""Start Page_bak"" does not exist
// the value ""Default_Page_URL"" does not exist
// the value ""Default_Search_URL"" does not exist
// the value ""First Home Page"" does not exist
// the value ""SearchAssistant"" does not exist
// the value ""HomeOldSP"" does not exist
--------------------------------------------------------
There are 60 files like this in Snapshot2 dir.
You gotta be kidding :-)
Way too much heuristics! Вы чаво!
Regards
Funny detection by CureIt!
Автор
Caracal
, апр 11 2008 11:21
6 ответов в этой теме
#1
Отправлено 11 Апрель 2008 - 11:21
#2
Отправлено 11 Апрель 2008 - 14:54
Strange, it seem that this had been allready fixed!
http://www.wilderssecurity.com/showthread.php?t=161793
I guess you did a full scan with CureIt.
edit://I now uploaded the file in VirusTotal.com and did a reanalyse of the file since there was an old report and Dr.Web 4.44 found it clean!
Have you updated your CureIt :P ?
http://www.wilderssecurity.com/showthread.php?t=161793
I guess you did a full scan with CureIt.
edit://I now uploaded the file in VirusTotal.com and did a reanalyse of the file since there was an old report and Dr.Web 4.44 found it clean!
Have you updated your CureIt :P ?
#3
Отправлено 11 Апрель 2008 - 15:41
Hi PiCo,
Thanks for reply
My version is 4.44 I Update d the program just before I sent FP - so, couple of hours ago.
After you reply I checked
- there are no updates for the scanner on dr.Web and the new results of new on-line scans results are:
Virustotal
DrWeb 4.44.0.09170 2008.04.11 Trojan.StartPage.1505
jotti
Dr.Web
Found Trojan.StartPage.1505
VirScan.org
Dr.Web 4.44.0.9170 2008.04.11 2008-04-11
Trojan.StartPage.1505
Does not make sense to rescan disk, does it? :-)
How you manage get Clean from VirusTotal? ...
Anyhow... FP is still there
Regards
Thanks for reply
My version is 4.44 I Update d the program just before I sent FP - so, couple of hours ago.
After you reply I checked
- there are no updates for the scanner on dr.Web and the new results of new on-line scans results are:
Virustotal
DrWeb 4.44.0.09170 2008.04.11 Trojan.StartPage.1505
jotti
Dr.Web
Found Trojan.StartPage.1505
VirScan.org
Dr.Web 4.44.0.9170 2008.04.11 2008-04-11
Trojan.StartPage.1505
Does not make sense to rescan disk, does it? :-)
How you manage get Clean from VirusTotal? ...
Anyhow... FP is still there
Regards
#4
Отправлено 11 Апрель 2008 - 16:13
The only difference I am able to see is:
--------------------------------------------
REGEDIT4
[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
// the value ""Start Page_bak"" does not exist
// the value ""Default_Page_URL"" does not exist
// the value ""Default_Search_URL"" does not exist
// the value ""First Home Page"" does not exist
// the value ""SearchAssistant"" does not exist
// the value ""HomeOldSP"" does not exist
---------------------------------------------
You got the Australian Google there and also I am running as Administrator. These are the only differences I can see :D
Anyway probably someone more into Dr.Web will answer :)
--------------------------------------------
REGEDIT4
[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
// the value ""Start Page_bak"" does not exist
// the value ""Default_Page_URL"" does not exist
// the value ""Default_Search_URL"" does not exist
// the value ""First Home Page"" does not exist
// the value ""SearchAssistant"" does not exist
// the value ""HomeOldSP"" does not exist
---------------------------------------------
You got the Australian Google there and also I am running as Administrator. These are the only differences I can see :D
Anyway probably someone more into Dr.Web will answer :)
#5
Отправлено 12 Апрель 2008 - 07:19
Haha!! :-)
Yes! That is the problem - I have Australian Google and you have MS start page...
Sight! Silly me! :-)
Probably Russian Doctor doesn't like Igor because he is ... "google" ? :-)
Ох! некоторые не любят Игоря за то, что он... гугл!
Ооох, не лююююбят шельму!!! :-)
Take care
Yes! That is the problem - I have Australian Google and you have MS start page...
Sight! Silly me! :-)
Probably Russian Doctor doesn't like Igor because he is ... "google" ? :-)
Ох! некоторые не любят Игоря за то, что он... гугл!
Ооох, не лююююбят шельму!!! :-)
Take care
#6
Отправлено 12 Апрель 2008 - 16:38
:D
I think Dr.Web as a true russian product should also give the MS page as trojan, but I guess they have issues with you australian people :P
Since you're Australian, are you by any way connected to Greece? I mean we have a lot of people down there.
I think Dr.Web as a true russian product should also give the MS page as trojan, but I guess they have issues with you australian people :P
Since you're Australian, are you by any way connected to Greece? I mean we have a lot of people down there.
#7
Отправлено 12 Апрель 2008 - 19:01
Hey PiCo!
>"are you by any way connected to Greece"
Well...no matter from what perspective do we look, all people somehow are connected to Greece and Israel (the order of mentioning doesn't matter) :-)
and nobody ever can do anything about it...
... I reread the end of my last post and it is still in Russian.
Probably for those who speaks English only it sounds like ancient Greek though :-)
Anyway.. my connections are rather - that side of the Web, where the Doctor of the same Web lives. Hope that kind of a tip should not puzzle anybody.
Cheers
>"are you by any way connected to Greece"
Well...no matter from what perspective do we look, all people somehow are connected to Greece and Israel (the order of mentioning doesn't matter) :-)
and nobody ever can do anything about it...
... I reread the end of my last post and it is still in Russian.
Probably for those who speaks English only it sounds like ancient Greek though :-)
Anyway.. my connections are rather - that side of the Web, where the Doctor of the same Web lives. Hope that kind of a tip should not puzzle anybody.
Cheers
Читают тему: 0
0 пользователей, 0 гостей, 0 скрытых