Jump to content


Photo

HiJackThis


  • Please log in to reply
7 replies to this topic

#1 Dobby

Dobby

    New Member

  • Members
  • Pip
  • 9 posts

Posted 02 August 2010 - 10:54 AM

Hello,

I do believe that the HiJackfree lists lots's of false positives.
Ran the software and I've noticed lot's of worms and trojan's on my PC.
It scares me, but wondered me, because I have lot of other security software running like:

- Avira Free Anti Virus
- MalwareBytes
- The Cleaner
- A-squared Free itself
- mrt: MicroSoft Malware Test

None of these found something.

Also looked at Google as said in the HiJackfree en searched the entire register and PC for malware, trojans and others.

Nothing found.
I do believe that HijJackFree software is not running that well.
It could be that I missed something while reading the logs.

Greets to ya all.

Pete
:unsure:

#2 Lynx

Lynx

    Forum Veteran

  • Members
  • PipPipPipPipPip
  • 2546 posts
  • LocationAustralia

Posted 02 August 2010 - 11:25 AM

Hi Pete,

1st the title is "HiJackThis" , despite you are talking about HiJackFree by Emsisoft.

Be very careful with the said Utility

As it is stated in the documentation - it for advanced users only and certified malware fighters only to review & judge
(no intention to question your experience)

Please search our old forum - there are several topics dedicated to that.
What you referring to and calling FPs - most likely those (yellow & red faces) are not FPs , but rather a "history data" about some previously detected threats, that are most likely are not present in your system

Pleas ask if you cannot find those discussions ... we can post the links

My regards

XP Pro, SP3 (32-bit); EAM v8.1.0.40 (beta) ; Firewall: Comodo 3.14 FW only ("Defense+" HIPS)
Win 7 Home Premium x64, SP1; EAM v8.1.0.40 (beta); Firewall: Comodo as above

Win 7 Ultimate, SP1 (32-bit) testing EIS 9 beta


#3 JeanInMontana

JeanInMontana

    Malware Removal Team

  • Malware Removal Team
  • 239 posts
  • LocationSouth West Montana USA
  • OS:Windows 7
  • AV:EMSI~
  • HIPS:Online Armor, WinPatrol
  • Other:WOT & A bit of common sense.

Posted 02 August 2010 - 07:47 PM

Hello,

I do believe that the HiJackfree lists lots's of false positives.
Ran the software and I've noticed lot's of worms and trojan's on my PC.
It scares me, but wondered me, because I have lot of other security software running like:

- Avira Free Anti Virus
- MalwareBytes
- The Cleaner
- A-squared Free itself
- mrt: MicroSoft Malware Test

None of these found something.

Also looked at Google as said in the HiJackfree en searched the entire register and PC for malware, trojans and others.

Nothing found.
I do believe that HijJackFree software is not running that well.
It could be that I missed something while reading the logs.

Greets to ya all.

Pete
:unsure:


Impossible to have F/P's in HJF or HJT neither are malware scanners. They scan and list running processes, start up processes and services on the machine. If the program says it is there it is there.

The analyzer must know what is 'good' and what is 'bad'. Malware often tries to disguise itself as legitimate items and it takes a lot of research to determine each instance.
Malware Removal Specialist

Please do not PM me for help.
Begin here

#4 Dobby

Dobby

    New Member

  • Members
  • Pip
  • 9 posts

Posted 03 August 2010 - 04:15 PM

Hello,

Now I've scanned my Win7 Home Premium Edition.

Again something shows up that I can't believe it's right, RAVCpl64.exe marked red, it came with the installation of Win7 Home Premium.

Click

RAVCpl64.exe popped up in red it's the RealTek HD Audio Configuration.

Tnx in advance for reading.

Pete

#5 Kevin Zoll

Kevin Zoll

    Malware Removal Support

  • Emsisoft Employee
  • 12698 posts
  • LocationDepauville, NY, USA
  • OS:Windows Vista
  • AV:Emsisoft Anti-Malware
  • HIPS:Online Armor
  • Other:WinPatrol Plus

Posted 03 August 2010 - 05:18 PM

It is not a False Positive. The HJF Analyzer is telling you that RAVCpl64.exe is digitally signed with a stolen/leaked certificate. It is up to RealTek to issue new audio drivers that are digitally signed with a valid certificate.
Kevin Zoll [Malware Removal Support]
Emsisoft Team - www.emsisoft.com

I am online Monday - Friday each week from 1900-2100 Central European Time/1300-1500 Eastern Time (US).
 
If you are seeking Malware Removal support keep it in the forums.  It is not permissible to contact support staff by Private Message (PM), IM (Skype, MSN, AOL, Yahoo, etc.) or Email.

Purchase Emsisoft Anti-Malware and Online Armor Firewall

#6 Dobby

Dobby

    New Member

  • Members
  • Pip
  • 9 posts

Posted 03 August 2010 - 10:56 PM

Hello again,

Wow! that's not good what realtek is doing there I think?

I've also noticed that the software called 'driverrobot' from RealTek is mostly marked as unsafe on the net.

Don't know i'm doing the right thing, I've searched for the download of the drivers myself and found these. I'm not a technician you know.

Click

Tnx for reading my post.

Pete :blink:

#7 Kevin Zoll

Kevin Zoll

    Malware Removal Support

  • Emsisoft Employee
  • 12698 posts
  • LocationDepauville, NY, USA
  • OS:Windows Vista
  • AV:Emsisoft Anti-Malware
  • HIPS:Online Armor
  • Other:WinPatrol Plus

Posted 03 August 2010 - 11:18 PM

Malware Authors managed to get a hold of a valid signing certificate. Any applications that are signed with the stolen certificate are going to be flagged by many security applications. Since anything signed with the stolen certificate can not be fully trusted.

Driver Robot is not published by RealTek. Driver Robot is published by Blitware and is not considered trustworthy. It is recommended to download drivers directly from the hardware manufacturers site.
Kevin Zoll [Malware Removal Support]
Emsisoft Team - www.emsisoft.com

I am online Monday - Friday each week from 1900-2100 Central European Time/1300-1500 Eastern Time (US).
 
If you are seeking Malware Removal support keep it in the forums.  It is not permissible to contact support staff by Private Message (PM), IM (Skype, MSN, AOL, Yahoo, etc.) or Email.

Purchase Emsisoft Anti-Malware and Online Armor Firewall

#8 Dobby

Dobby

    New Member

  • Members
  • Pip
  • 9 posts

Posted 08 August 2010 - 10:59 AM

Hello,

Home again from seaside I've read the messages and took a little time to solve the 'problem'.

It looks like the RealTek HD Audio certificate was idd not right one.

I've searched for the 'better' ones and installed them on my other PC Win7 Premium.

After installing this new RealTek HD Audio pack and a couple of reboots the problem was solved.

HiJackFree by Emsisoft marked it green. (btw, I do sorry for the HiJackFree (hijackthis) mistypo.

Thx for the support.

Greets,

Pete




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users