Sign in to follow this  
Armindy

A-squared finding these registry problems

Recommended Posts

Hi,

I am new to the forum, but have been using A-squared awhile. I have gotten some false positives recently, so I just wanted to check out some of these to see if they are bad or not.

There are 5 similar of these I think, but here are a couple of what I am getting.

Thanks for any help.

HKEY_CLASSES_ROOT\CLSID\{18326 1F8-780B-4506-BE91-434C01DD0101A}InProcServer32-->ThreadingModel

HKEY_LOCAL_MACHINE\SOFTWARE \ClassesCLSID{43534152-0000-0010-8000-00AA00389B71}InProcServer32-->ThreadingModel

Share this post


Link to post
Share on other sites

Hi Armindy, welcome to the forum

Please attach the report so developers can see the flaggings (all 5 of them);

Submit the flaggings fom the detection list to EMSI developers for analysis in the 1st place; (ask if you have questions

Provide the info about your System Environment as in Forum Posting Rules #2)

There are no such flaggings here currently

My regards

Share this post


Link to post
Share on other sites

Sorry, I meant to my computer info in my signature and forgot to do it.

Using Vista, 64bit, AVGFree, Superantispywareblaster, Malwarebytes, Spybot.

I am going to try an load the report for you, I have never done this so I cannot promise anything. LOL

Thanks so much. I also submitted the files to A-squared. I didn't know whether I should since I did not know for sure they were false positives. Thanks for the heads up on that.

Here we go:

a-squared Free - Version 4.5

Last update: 3/5/2010 8:04:47 PM

Scan settings:

Scan type: Deep Scan

Objects: Memory, Traces, Cookies, C:\, D:\

Scan archives: On

Heuristics: Off

ADS Scan: On

Scan start: 3/5/2010 8:05:16 PM

Value: HKEY_CLASSES_ROOT\CLSID\{183261F8-780B-4506-BE91-434C01DD010A}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Remotely Anywhere Server Edition!A2

Value: HKEY_CLASSES_ROOT\CLSID\{43534152-0000-0010-8000-00AA00389B71}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Remotely Anywhere Server Edition!A2

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{183261F8-780B-4506-BE91-434C01DD010A}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Remotely Anywhere Server Edition!A2

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43534152-0000-0010-8000-00AA00389B71}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Remotely Anywhere Server Edition!A2

Scanned

Files: 250712

Traces: 605102

Cookies: 0

Processes: 57

Found

Files: 0

Traces: 4

Cookies: 0

Processes: 0

Registry keys: 0

Scan end: 3/5/2010 11:42:50 PM

Scan time: 3:37:34

Share this post


Link to post
Share on other sites

Thanks for reply, Armindy

Now we can see that those are just Traces.

Traces are not necessarily representing danger. Please read about Traces here

Inn addition search this and the old forum and you will find tons of info about Traces; how and why those may be flagged

Since you don't have the associated software linked to the Traces there can be causes:

- The flaggings are FPs (submit as suggested);

- The registry entries could be just a leftovers. The Software was there but uninstalled incorrectly leaving some leftovers;

- The alleged Software was previously present and since that is flagged as “Remotely Anywhere". Keep in mind that even legit Software that has capability to remotely communicate can be flagged by any security since that' is basically a potential risk.

Many vendors are installing such software say for a “Remote Support” purposes, but that doesn't mean that the same code can be used for malicious purposes... therefore flagged just to notify you;

-Even legit Traces can be flagged just because their specific locations because those locations are known as being used by spyware/malware;

==============

Since there are no associated Software – most likely you should not worry a lot . But only developers can tell.

I cannot give you an advice for deleting or even quarantining the entries whether manually or by using a2

1st, I don't know your experience with the registry manipulations. There are methods to find out to whom the entries belong by CLSIDs (e.g. {183261F8-780B-4506-BE91-434C01DD010A}) as in the report but that is out of scope of this thread.

My XP doesn't have those. Probably someone with Vista will join. In addition it may be important what type of the PC do you have, since the brand name may lead (give a clue) to what the company is usually installing for the remote access/support

Finally you posted the report with outdated signatures “Last update: 3/5/2010» There were many a2 signatures updates since

My regards

P.S.

Re: “Superantispywareblaster” - that is a “combined word of the non-existing Software” :)SuperAntiSyware and SywareBluster are completely different Software that have entirely different approaches concerning the security

Please next time attach the report as it was suggested, do not in-line post

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.