PC Review
Home Forums Reviews Articles Register
Member Login:

PC Review > Forums > Newsgroups > Microsoft AntiSpyware > Spyware Announcements > False Positive for NetSlayer trojan

Reply
Thread Tools Rate Thread

False Positive for NetSlayer trojan

 
 
Sean Franklin
Guest
Posts: n/a
 
      14th Feb 2005
Our company has written some SW and helper applications to load things into
that SW and one of them named 'LapLoad" gets flagged as being infected with
NetSlayer. After scanning with 4 other products that claim to detect
NetSlayer, and searching the registry and file-system for the infestation
files, I have concluded its a false positive. I have also filed a report at
http://www.spynet.com/falsepositive.aspx as well as posting same/similar
information here. (to cover as many bases as possible.) I can provide the
download link for someone to test/verify the LapLoad if need be.
========
*LapLoad version 1.0.0
*Spyware Definition Version: 5689 (2/11/2005 10:15:19 PM)
========
Spyware Scan Details
Start Date: 2/14/2005 11:12:27 AM
End Date: 2/14/2005 11:17:37 AM
Total Time: 5 mins 10 secs

Detected Threats

NetSlayer Remote Access Trojan more information...
Details: NetSlayer allows an attacker to control your computer with the
NetSlayer software installed over the Internet.
Status: Ignored
Severe threat - Severe threats typically are remotely exploitable
vulnerabilities, which can lead to system compromise. Successful
exploitation does not normally require any interaction and exploits are in
the wild. There exists a high possibility of potential system damage or
security flaw. Attacker has complete control over your computer or install
new software on your machine.

Infected files detected
C:\WINDOWS\system32\FlshTray.ocx

Infected registry keys/values detected
HKEY_CLASSES_ROOT\clsid\{18d91aca-d0be-11d1-a6b4-00aa002075da}
HKEY_CLASSES_ROOT\clsid\{18d91aca-d0be-11d1-a6b4-00aa002075da}
TrayIconPrj.TrayIcon
HKEY_CLASSES_ROOT\clsid\{18d91acf-d0be-11d1-a6b4-00aa002075da}
HKEY_CLASSES_ROOT\clsid\{18d91acf-d0be-11d1-a6b4-00aa002075da}\InprocServer32
C:\WINDOWS\system32\FlshTray.ocx
HKEY_CLASSES_ROOT\clsid\{18d91acf-d0be-11d1-a6b4-00aa002075da}
TrayIconPrj.Settings
HKEY_CLASSES_ROOT\typelib\{18d91ad0-d0be-11d1-a6b4-00aa002075da}
HKEY_CLASSES_ROOT\typelib\{18d91ad0-d0be-11d1-a6b4-00aa002075da}\1.0\0\win32
C:\WINDOWS\system32\FlshTray.ocx
HKEY_CLASSES_ROOT\typelib\{18d91ad0-d0be-11d1-a6b4-00aa002075da}\1.0\FLAGS 2
HKEY_CLASSES_ROOT\typelib\{18d91ad0-d0be-11d1-a6b4-00aa002075da}\1.0\HELPDIR
C:\WINDOWS\system32
HKEY_CLASSES_ROOT\typelib\{18d91ad0-d0be-11d1-a6b4-00aa002075da}\1.0 System
Tray Icon v.1.0
HKEY_LOCAL_MACHINE\software\classes\clsid\{18d91aca-d0be-11d1-a6b4-00aa002075da}
HKEY_CLASSES_ROOT\clsid\{18d91aca-d0be-11d1-a6b4-00aa002075da}\Control
HKEY_LOCAL_MACHINE\software\classes\clsid\{18d91aca-d0be-11d1-a6b4-00aa002075da}\Control
HKEY_LOCAL_MACHINE\software\classes\clsid\{18d91aca-d0be-11d1-a6b4-00aa002075da}\InprocServer32
C:\WINDOWS\system32\FlshTray.ocx
HKEY_LOCAL_MACHINE\software\classes\clsid\{18d91aca-d0be-11d1-a6b4-00aa002075da}\MiscStatus\1
132497
HKEY_LOCAL_MACHINE\software\classes\clsid\{18d91aca-d0be-11d1-a6b4-00aa002075da}\MiscStatus
0
HKEY_LOCAL_MACHINE\software\classes\clsid\{18d91aca-d0be-11d1-a6b4-00aa002075da}\ProgID
TrayIconPrj.TrayIcon
HKEY_LOCAL_MACHINE\software\classes\clsid\{18d91aca-d0be-11d1-a6b4-00aa002075da}\ToolboxBitmap32
C:\WINDOWS\system32\FlshTray.ocx, 30000
HKEY_LOCAL_MACHINE\software\classes\clsid\{18d91aca-d0be-11d1-a6b4-00aa002075da}\TypeLib
{18D91AD0-D0BE-11D1-A6B4-00AA002075DA}
HKEY_LOCAL_MACHINE\software\classes\clsid\{18d91aca-d0be-11d1-a6b4-00aa002075da}\Version
1.0
HKEY_LOCAL_MACHINE\software\classes\clsid\{18d91aca-d0be-11d1-a6b4-00aa002075da}
TrayIconPrj.TrayIcon
HKEY_LOCAL_MACHINE\software\classes\clsid\{18d91acf-d0be-11d1-a6b4-00aa002075da}
HKEY_CLASSES_ROOT\clsid\{18d91aca-d0be-11d1-a6b4-00aa002075da}\InprocServer32
C:\WINDOWS\system32\FlshTray.ocx
HKEY_LOCAL_MACHINE\software\classes\clsid\{18d91acf-d0be-11d1-a6b4-00aa002075da}\InprocServer32
C:\WINDOWS\system32\FlshTray.ocx
HKEY_LOCAL_MACHINE\software\classes\clsid\{18d91acf-d0be-11d1-a6b4-00aa002075da}
TrayIconPrj.Settings
HKEY_LOCAL_MACHINE\software\classes\typelib\{18d91ad0-d0be-11d1-a6b4-00aa002075da}
HKEY_LOCAL_MACHINE\software\classes\typelib\{18d91ad0-d0be-11d1-a6b4-00aa002075da}\1.0\0\win32
C:\WINDOWS\system32\FlshTray.ocx
HKEY_LOCAL_MACHINE\software\classes\typelib\{18d91ad0-d0be-11d1-a6b4-00aa002075da}\1.0\FLAGS
2
HKEY_LOCAL_MACHINE\software\classes\typelib\{18d91ad0-d0be-11d1-a6b4-00aa002075da}\1.0\HELPDIR
C:\WINDOWS\system32
HKEY_LOCAL_MACHINE\software\classes\typelib\{18d91ad0-d0be-11d1-a6b4-00aa002075da}\1.0
System Tray Icon v.1.0
HKEY_CLASSES_ROOT\clsid\{18d91aca-d0be-11d1-a6b4-00aa002075da}\MiscStatus\1
132497
HKEY_CLASSES_ROOT\clsid\{18d91aca-d0be-11d1-a6b4-00aa002075da}\MiscStatus 0
HKEY_CLASSES_ROOT\clsid\{18d91aca-d0be-11d1-a6b4-00aa002075da}\ProgID
TrayIconPrj.TrayIcon
HKEY_CLASSES_ROOT\clsid\{18d91aca-d0be-11d1-a6b4-00aa002075da}\ToolboxBitmap32
C:\WINDOWS\system32\FlshTray.ocx, 30000
HKEY_CLASSES_ROOT\clsid\{18d91aca-d0be-11d1-a6b4-00aa002075da}\TypeLib
{18D91AD0-D0BE-11D1-A6B4-00AA002075DA}
HKEY_CLASSES_ROOT\clsid\{18d91aca-d0be-11d1-a6b4-00aa002075da}\Version 1.0


Detected Spyware Cookies
No spyware cookies were found during this scan.
 
Reply With Quote
 
 
 
 
Bill Sanderson
Guest
Posts: n/a
 
      14th Feb 2005
Thanks - the report at Spynet.com should be the best route to getting this
corrected, I think.
--
FAQ for Microsoft Antispyware:
http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm

"Sean Franklin" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Our company has written some SW and helper applications to load things
> into that SW and one of them named 'LapLoad" gets flagged as being
> infected with NetSlayer. After scanning with 4 other products that claim
> to detect NetSlayer, and searching the registry and file-system for the
> infestation files, I have concluded its a false positive. I have also
> filed a report at http://www.spynet.com/falsepositive.aspx as well as
> posting same/similar information here. (to cover as many bases as
> possible.) I can provide the download link for someone to test/verify the
> LapLoad if need be.
> ========
> *LapLoad version 1.0.0
> *Spyware Definition Version: 5689 (2/11/2005 10:15:19 PM)
> ========
> Spyware Scan Details
> Start Date: 2/14/2005 11:12:27 AM
> End Date: 2/14/2005 11:17:37 AM
> Total Time: 5 mins 10 secs
>
> Detected Threats
>
> NetSlayer Remote Access Trojan more information...
> Details: NetSlayer allows an attacker to control your computer with the
> NetSlayer software installed over the Internet.
> Status: Ignored
> Severe threat - Severe threats typically are remotely exploitable
> vulnerabilities, which can lead to system compromise. Successful
> exploitation does not normally require any interaction and exploits are in
> the wild. There exists a high possibility of potential system damage or
> security flaw. Attacker has complete control over your computer or install
> new software on your machine.
>
> Infected files detected
> C:\WINDOWS\system32\FlshTray.ocx
>
> Infected registry keys/values detected
> HKEY_CLASSES_ROOT\clsid\{18d91aca-d0be-11d1-a6b4-00aa002075da}
> HKEY_CLASSES_ROOT\clsid\{18d91aca-d0be-11d1-a6b4-00aa002075da}
> TrayIconPrj.TrayIcon
> HKEY_CLASSES_ROOT\clsid\{18d91acf-d0be-11d1-a6b4-00aa002075da}
> HKEY_CLASSES_ROOT\clsid\{18d91acf-d0be-11d1-a6b4-00aa002075da}\InprocServer32
> C:\WINDOWS\system32\FlshTray.ocx
> HKEY_CLASSES_ROOT\clsid\{18d91acf-d0be-11d1-a6b4-00aa002075da}
> TrayIconPrj.Settings
> HKEY_CLASSES_ROOT\typelib\{18d91ad0-d0be-11d1-a6b4-00aa002075da}
> HKEY_CLASSES_ROOT\typelib\{18d91ad0-d0be-11d1-a6b4-00aa002075da}\1.0\0\win32
> C:\WINDOWS\system32\FlshTray.ocx
> HKEY_CLASSES_ROOT\typelib\{18d91ad0-d0be-11d1-a6b4-00aa002075da}\1.0\FLAGS
> 2
> HKEY_CLASSES_ROOT\typelib\{18d91ad0-d0be-11d1-a6b4-00aa002075da}\1.0\HELPDIR
> C:\WINDOWS\system32
> HKEY_CLASSES_ROOT\typelib\{18d91ad0-d0be-11d1-a6b4-00aa002075da}\1.0
> System Tray Icon v.1.0
> HKEY_LOCAL_MACHINE\software\classes\clsid\{18d91aca-d0be-11d1-a6b4-00aa002075da}
> HKEY_CLASSES_ROOT\clsid\{18d91aca-d0be-11d1-a6b4-00aa002075da}\Control
> HKEY_LOCAL_MACHINE\software\classes\clsid\{18d91aca-d0be-11d1-a6b4-00aa002075da}\Control
> HKEY_LOCAL_MACHINE\software\classes\clsid\{18d91aca-d0be-11d1-a6b4-00aa002075da}\InprocServer32
> C:\WINDOWS\system32\FlshTray.ocx
> HKEY_LOCAL_MACHINE\software\classes\clsid\{18d91aca-d0be-11d1-a6b4-00aa002075da}\MiscStatus\1
> 132497
> HKEY_LOCAL_MACHINE\software\classes\clsid\{18d91aca-d0be-11d1-a6b4-00aa002075da}\MiscStatus
> 0
> HKEY_LOCAL_MACHINE\software\classes\clsid\{18d91aca-d0be-11d1-a6b4-00aa002075da}\ProgID
> TrayIconPrj.TrayIcon
> HKEY_LOCAL_MACHINE\software\classes\clsid\{18d91aca-d0be-11d1-a6b4-00aa002075da}\ToolboxBitmap32
> C:\WINDOWS\system32\FlshTray.ocx, 30000
> HKEY_LOCAL_MACHINE\software\classes\clsid\{18d91aca-d0be-11d1-a6b4-00aa002075da}\TypeLib
> {18D91AD0-D0BE-11D1-A6B4-00AA002075DA}
> HKEY_LOCAL_MACHINE\software\classes\clsid\{18d91aca-d0be-11d1-a6b4-00aa002075da}\Version
> 1.0
> HKEY_LOCAL_MACHINE\software\classes\clsid\{18d91aca-d0be-11d1-a6b4-00aa002075da}
> TrayIconPrj.TrayIcon
> HKEY_LOCAL_MACHINE\software\classes\clsid\{18d91acf-d0be-11d1-a6b4-00aa002075da}
> HKEY_CLASSES_ROOT\clsid\{18d91aca-d0be-11d1-a6b4-00aa002075da}\InprocServer32
> C:\WINDOWS\system32\FlshTray.ocx
> HKEY_LOCAL_MACHINE\software\classes\clsid\{18d91acf-d0be-11d1-a6b4-00aa002075da}\InprocServer32
> C:\WINDOWS\system32\FlshTray.ocx
> HKEY_LOCAL_MACHINE\software\classes\clsid\{18d91acf-d0be-11d1-a6b4-00aa002075da}
> TrayIconPrj.Settings
> HKEY_LOCAL_MACHINE\software\classes\typelib\{18d91ad0-d0be-11d1-a6b4-00aa002075da}
> HKEY_LOCAL_MACHINE\software\classes\typelib\{18d91ad0-d0be-11d1-a6b4-00aa002075da}\1.0\0\win32
> C:\WINDOWS\system32\FlshTray.ocx
> HKEY_LOCAL_MACHINE\software\classes\typelib\{18d91ad0-d0be-11d1-a6b4-00aa002075da}\1.0\FLAGS
> 2
> HKEY_LOCAL_MACHINE\software\classes\typelib\{18d91ad0-d0be-11d1-a6b4-00aa002075da}\1.0\HELPDIR
> C:\WINDOWS\system32
> HKEY_LOCAL_MACHINE\software\classes\typelib\{18d91ad0-d0be-11d1-a6b4-00aa002075da}\1.0
> System Tray Icon v.1.0
> HKEY_CLASSES_ROOT\clsid\{18d91aca-d0be-11d1-a6b4-00aa002075da}\MiscStatus\1
> 132497
> HKEY_CLASSES_ROOT\clsid\{18d91aca-d0be-11d1-a6b4-00aa002075da}\MiscStatus
> 0
> HKEY_CLASSES_ROOT\clsid\{18d91aca-d0be-11d1-a6b4-00aa002075da}\ProgID
> TrayIconPrj.TrayIcon
> HKEY_CLASSES_ROOT\clsid\{18d91aca-d0be-11d1-a6b4-00aa002075da}\ToolboxBitmap32
> C:\WINDOWS\system32\FlshTray.ocx, 30000
> HKEY_CLASSES_ROOT\clsid\{18d91aca-d0be-11d1-a6b4-00aa002075da}\TypeLib
> {18D91AD0-D0BE-11D1-A6B4-00AA002075DA}
> HKEY_CLASSES_ROOT\clsid\{18d91aca-d0be-11d1-a6b4-00aa002075da}\Version 1.0
>
>
> Detected Spyware Cookies
> No spyware cookies were found during this scan.
>
 
Reply With Quote
 
 
 
Reply

« BankAsh-A Trojan DLL | Does not detect CERES browser Hijacker »
Thread Tools
Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Subtracting positive amts from negative and positive from positive bwbmom Microsoft Excel Worksheet Functions 3 12th Feb 2010 04:15 PM
false positive trojan.downloader.cr64loader? Douglas S Stiles Spyware Discussion 2 2nd May 2005 08:28 PM
xferPro trojan or false positive? g. oliver Security Signatures 1 28th Feb 2005 07:52 PM
NetSlayer RAT (flshtray.ocx) Chris R. Speaker Security Signatures 1 27th Jan 2005 05:45 PM
NetSlayer Markofkane Security and Anti-Spyware Community 1 8th Jan 2005 06:31 AM


Features
Forums Startup Database Reviews Articles FAQ / Guidelines About Us
 

Advertising
 

Newsgroups
Windows Vista Windows XP Microsoft Word Microsoft DotNet Windows 2000 AntiSpyware Microsoft Access Microsoft Excel Microsoft Outlook Hardware
 


All times are GMT +1. The time now is 08:39 AM.
Powered by vBulletin®. Copyright ©2000 - 2013, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.
Contact Us - Archive - Privacy Statement - Top