Jump to content

OA not recognized by Gmer


Giulio
 Share

Recommended Posts

Hello,

I'm running Windows XP Home SP3 original and updated, with OA Free 4.0.0.44 and Avira Antivir 10 updated. After scanning the system Gmer found system modifications by rootkit activity and these were referred to OA.

Here are the strings:

File C:\Programmi\Tall Emu\Online Armor\oasrv.exe 3364856 bytes <-- ROOTKIT !!!

File C:\Programmi\Tall Emu\Online Armor\oasrv_r.ena 314368 bytes

File C:\Programmi\Tall Emu\Online Armor\oasrv_r.ita 355840 bytes

---- Services - GMER 1.0.15 ----

Service C:\Programmi\Tall Emu\Online Armor\OAcat.exe (Online Armor Component/Tall Emu) [AUTO] OAcat <-- ROOTKIT !!!

Service C:\Programmi\Tall Emu\Online Armor\oasrv.exe (Online Armor Component/Tall Emu) [AUTO] SvcOnlineArmor <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----

I've immediately stopped the scan. How come this situation?

Thank you.

Giulio

Link to comment
Share on other sites

Hello,

I'm running Windows XP Home SP3 original and updated, with OA Free 4.0.0.44 and Avira Antivir 10 updated. After scanning the system Gmer found system modifications by rootkit activity and these were referred to OA.

Here are the strings:

File C:\Programmi\Tall Emu\Online Armor\oasrv.exe 3364856 bytes <-- ROOTKIT !!!

File C:\Programmi\Tall Emu\Online Armor\oasrv_r.ena 314368 bytes

File C:\Programmi\Tall Emu\Online Armor\oasrv_r.ita 355840 bytes

---- Services - GMER 1.0.15 ----

Service C:\Programmi\Tall Emu\Online Armor\OAcat.exe (Online Armor Component/Tall Emu) [AUTO] OAcat <-- ROOTKIT !!!

Service C:\Programmi\Tall Emu\Online Armor\oasrv.exe (Online Armor Component/Tall Emu) [AUTO] SvcOnlineArmor <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----

I've immediately stopped the scan. How come this situation?

Thank you.

Giulio

Hi Giulio,

Maybe it's because OA protects its processes, registry keys, etc? ;)

(And that's why while scanning gmer sees them as invisible to standard APIs)

Best regards,

Andrey.

Link to comment
Share on other sites

I sent a link to this thread to GMER.

Had a reply back saying it was a False Positive.

I can remember the same thing happened with some past version of OA. It is pretty normal for a security software like OA. Andrey explained the reasons in his post.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...