Sign in to follow this  
Giulio

OA not recognized by Gmer

Recommended Posts

Hello,

I'm running Windows XP Home SP3 original and updated, with OA Free 4.0.0.44 and Avira Antivir 10 updated. After scanning the system Gmer found system modifications by rootkit activity and these were referred to OA.

Here are the strings:

File C:\Programmi\Tall Emu\Online Armor\oasrv.exe 3364856 bytes <-- ROOTKIT !!!

File C:\Programmi\Tall Emu\Online Armor\oasrv_r.ena 314368 bytes

File C:\Programmi\Tall Emu\Online Armor\oasrv_r.ita 355840 bytes

---- Services - GMER 1.0.15 ----

Service C:\Programmi\Tall Emu\Online Armor\OAcat.exe (Online Armor Component/Tall Emu) [AUTO] OAcat <-- ROOTKIT !!!

Service C:\Programmi\Tall Emu\Online Armor\oasrv.exe (Online Armor Component/Tall Emu) [AUTO] SvcOnlineArmor <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----

I've immediately stopped the scan. How come this situation?

Thank you.

Giulio

Share this post


Link to post
Share on other sites

Hello,

I'm running Windows XP Home SP3 original and updated, with OA Free 4.0.0.44 and Avira Antivir 10 updated. After scanning the system Gmer found system modifications by rootkit activity and these were referred to OA.

Here are the strings:

File C:\Programmi\Tall Emu\Online Armor\oasrv.exe 3364856 bytes <-- ROOTKIT !!!

File C:\Programmi\Tall Emu\Online Armor\oasrv_r.ena 314368 bytes

File C:\Programmi\Tall Emu\Online Armor\oasrv_r.ita 355840 bytes

---- Services - GMER 1.0.15 ----

Service C:\Programmi\Tall Emu\Online Armor\OAcat.exe (Online Armor Component/Tall Emu) [AUTO] OAcat <-- ROOTKIT !!!

Service C:\Programmi\Tall Emu\Online Armor\oasrv.exe (Online Armor Component/Tall Emu) [AUTO] SvcOnlineArmor <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----

I've immediately stopped the scan. How come this situation?

Thank you.

Giulio

Hi Giulio,

Maybe it's because OA protects its processes, registry keys, etc? ;)

(And that's why while scanning gmer sees them as invisible to standard APIs)

Best regards,

Andrey.

Share this post


Link to post
Share on other sites

I sent a link to this thread to GMER.

Had a reply back saying it was a False Positive.

I can remember the same thing happened with some past version of OA. It is pretty normal for a security software like OA. Andrey explained the reasons in his post.

Share this post


Link to post
Share on other sites

Still, I always think it's a good idea to make the vendor aware that his product is flagging a legitimate program.

Share this post


Link to post
Share on other sites

Still, I always think it's a good idea to make the vendor aware that his product is flagging a legitimate program.

yeah, I agree with you

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.