Sign in to follow this  
Alan D

(FP?) Trace.Registry.PCScout!A2

Recommended Posts

I suppose this is yet another false positive, reported by a quick scan after updating this morning. Scans with AVG, Superantispyware, MBAM, and Defender, all find nothing.

False positives are now coming so frequently with a2's scans, that my faith in the program is becoming seriously undermined, and my first response to an alert, now, is not to believe it. This rate of FP generation can't be acceptable - looking back over the logs over recent months, I find myself chasing false positives at an average rate of about one every two weeks. Each detection (if you believe it might be real) requires Googling, checking with other scanners, and reporting here. The whole thing takes maybe an hour - and as we saw from the last false positive I reported, it may take over a week for the FP to be fixed, and that involves further checking (because the doubt continues), and so on. This is made worse by the fact that the submission process doesn't seem to be working effectively - I submitted the last one three times, but it was only after Lynx's intervention that it was finally fixed.

Well, I've submitted this one through the GUI, and it would be nice if this were checked quickly, and fixed. But the truth is (and I say this as a supporter and grateful user of a2 over several years now), I'm losing my trust in both the scanner, and in the effectiveness of the submission process.

Here's the scan log:

a-squared Free - Version 4.5

Last update: 17/10/2009 10:18:02

Scan settings:

Scan type: quick

Objects: Memory, Traces, Cookies

Scan archives: On

Heuristics: Off

ADS Scan: On

Scan start: 17/10/2009 10:22:25

Key: HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000} detected: Trace.Registry.PCScout!A2

Key: HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}\InprocServer32 detected: Trace.Registry.PCScout!A2

Scanned

Files: 279

Traces: 676705

Cookies: 326

Processes: 30

Found

Files: 0

Traces: 2

Cookies: 0

Processes: 0

Registry keys: 0

Scan end: 17/10/2009 10:23:00

Scan time: 0:00:35

Share this post


Link to post
Share on other sites

Hi Alan,

It could be reoccurrence of the detection.

As I remember there was similar case and The CLSID belongs to your ATI Catalist video card

Sure I can find the case in old forum but the detection name was different.

I hope nothing worry about.

That one is flagged by many from time to time.

My regards

P.S. {added} well, that was one quick search: http://forum.emsisoft.com/Default.aspx?g=posts&t=5341

Problem here and the difficulties that many are experiencing in detecting such & entries - that you may find the "Bad Ones" created by nasties and the locations and some characteristics are similar:

http://www.threatexpert.com/report.aspx?md5=5343a14cc086d11ea8001a17e808bea4

Share this post


Link to post
Share on other sites

Hi Alan,

It could be reoccurrence of the detection.

As I remember there was similar case and The CLSID belongs to your ATI Catalist video card

Sure I can find the case in old forum but the detection name was different.

Lynx, what in incredible memory you have! Certainly I hadn't spotted the link with that previous detection, back in May. Thanks for pointing that out.

Share this post


Link to post
Share on other sites

The good news is that the FP is already fixed, with the latest update. Thanks to the emsi team for such a fast response.

My main point remains, though: I'm still disturbed by the sheer frequency of FPs that have been turning up in these recent months. No other malware scanner I use comes even close to this frequency of false alerts. This is important not just because of the inconvenience for the user, but also for a2's reputation. When friends and family ask me what I recommend (I know little enough in this area myself, but they know even less), I tell them that although I use a2 myself, I can't recommend that they use it, simply because I know they would find it hard to cope with the persistent FP problem. In truth, it's got to the stage where I'm finding it hard to cope with, myself, and I'm wondering at what point the frequency of FPs outweighs the advantage of a2's high detection rate. It's getting too close to call. And I say this not for the sake of grumbling, nor because I'm ungrateful for what, after all, is a free program, but because I think it's important feedback from a long-term user who is very favourably inclined towards the product.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.