Could this be a False positive?

L

Luis I. Gomez

Holar.G Trojan more information...
Status: Ignored
High threat - High risk threats typically are remotely
exploitable vulnerabilities, which can lead to system
compromise. Successful exploitation does not normally
require any interaction. May open up communication ports,
use polymorphic tactics, stealth installations, and/or
anti-spy counter measures. May us a security flaw in the
operating system to gain access to your computer.

Infected registry keys/values detected
HKEY_CLASSES_ROOT\clsid\{3df2ae35-26a8-11d4-bdd2-
00104bfec09f}
HKEY_CLASSES_ROOT\clsid\{3df2ae35-26a8-11d4-bdd2-
00104bfec09f}\VERSION 7.0
HKEY_CLASSES_ROOT\clsid\{3df2ae35-26a8-11d4-bdd2-
00104bfec09f} SMTPControl.SMTP
HKEY_CLASSES_ROOT\smtpcontrol.smtp
HKEY_CLASSES_ROOT\smtpcontrol.smtp\Clsid {3DF2AE35-26A8-
11D4-BDD2-00104BFEC09F}
HKEY_CLASSES_ROOT\smtpcontrol.smtp SMTPControl.SMTP
HKEY_CLASSES_ROOT\typelib\{3df2ae33-26a8-11d4-bdd2-
00104bfec09f}
HKEY_CLASSES_ROOT\typelib\{3df2ae33-26a8-11d4-bdd2-
00104bfec09f}\7.0\0\win32 C:\WINDOWS\system32\SMTP.ocx
HKEY_CLASSES_ROOT\typelib\{3df2ae33-26a8-11d4-bdd2-
00104bfec09f}\7.0\FLAGS 2
HKEY_CLASSES_ROOT\typelib\{3df2ae33-26a8-11d4-bdd2-
00104bfec09f}\7.0\HELPDIR C:\WINDOWS\system32
HKEY_CLASSES_ROOT\typelib\{3df2ae33-26a8-11d4-bdd2-
00104bfec09f}\7.0 SMTPControl
HKEY_CLASSES_ROOT\clsid\{3df2ae35-26a8-11d4-bdd2-
00104bfec09f}\Control
HKEY_CLASSES_ROOT\clsid\{3df2ae35-26a8-11d4-bdd2-
00104bfec09f}\InprocServer32 C:\WINDOWS\system32\SMTP.ocx
HKEY_CLASSES_ROOT\clsid\{3df2ae35-26a8-11d4-bdd2-
00104bfec09f}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\clsid\{3df2ae35-26a8-11d4-bdd2-
00104bfec09f}\MiscStatus\1 148881
HKEY_CLASSES_ROOT\clsid\{3df2ae35-26a8-11d4-bdd2-
00104bfec09f}\MiscStatus 0
HKEY_CLASSES_ROOT\clsid\{3df2ae35-26a8-11d4-bdd2-
00104bfec09f}\ProgID SMTPControl.SMTP
HKEY_CLASSES_ROOT\clsid\{3df2ae35-26a8-11d4-bdd2-
00104bfec09f}\ToolboxBitmap32 C:\WINDOWS\system32
\SMTP.ocx, 30000
HKEY_CLASSES_ROOT\clsid\{3df2ae35-26a8-11d4-bdd2-
00104bfec09f}\TypeLib {3DF2AE33-26A8-11D4-BDD2-
00104BFEC09F}



The component came from:
http://www.ostrosoft.com/smtp_component/smtp_vb.asp


It is a component created for sending E-Mail via an SMTP
server, and I imagine it could be abused by other
programs, but alone, it is not a trojan
 
B

Bill Sanderson

You might let the folks at Ostrosoft know about the issue, and see what you
can do to verify that what you have in place is the code as they distribute
it.

There's a vendor dispute form at the end of this KB article:

http://support.microsoft.com/kb/892340 Microsoft Windows AntiSpyware (Beta)
identifies a program as a spyware threat (Listing criteria and Dispute
process)

which they can use to get in touch with Microsoft about the false positive
on their product.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

False positive on Avencis product (SSOX) 1
Spywarte Found even after Microsoft AntiSpyware Said it was Clean 1
False Positive for NetSlayer trojan 1
XP SP2 "Some files can harm your computer." pop-up for third partyregister file types. 0
False Positive 1
Major problems!!! 3
URGENT -- Microsoft Agent Compatability (BonziBUDDY and WhenU.SaveNow false positives) 3
virtumondo adware - does this info help? 11

Top