False Positive for NetSlayer trojan

S

Sean Franklin

Our company has written some SW and helper applications to load things into
that SW and one of them named 'LapLoad" gets flagged as being infected with
NetSlayer. After scanning with 4 other products that claim to detect
NetSlayer, and searching the registry and file-system for the infestation
files, I have concluded its a false positive. I have also filed a report at
http://www.spynet.com/falsepositive.aspx as well as posting same/similar
information here. (to cover as many bases as possible.) I can provide the
download link for someone to test/verify the LapLoad if need be.
========
*LapLoad version 1.0.0
*Spyware Definition Version: 5689 (2/11/2005 10:15:19 PM)
========
Spyware Scan Details
Start Date: 2/14/2005 11:12:27 AM
End Date: 2/14/2005 11:17:37 AM
Total Time: 5 mins 10 secs

Detected Threats

NetSlayer Remote Access Trojan more information...
Details: NetSlayer allows an attacker to control your computer with the
NetSlayer software installed over the Internet.
Status: Ignored
Severe threat - Severe threats typically are remotely exploitable
vulnerabilities, which can lead to system compromise. Successful
exploitation does not normally require any interaction and exploits are in
the wild. There exists a high possibility of potential system damage or
security flaw. Attacker has complete control over your computer or install
new software on your machine.

Infected files detected
C:\WINDOWS\system32\FlshTray.ocx

Infected registry keys/values detected
HKEY_CLASSES_ROOT\clsid\{18d91aca-d0be-11d1-a6b4-00aa002075da}
HKEY_CLASSES_ROOT\clsid\{18d91aca-d0be-11d1-a6b4-00aa002075da}
TrayIconPrj.TrayIcon
HKEY_CLASSES_ROOT\clsid\{18d91acf-d0be-11d1-a6b4-00aa002075da}
HKEY_CLASSES_ROOT\clsid\{18d91acf-d0be-11d1-a6b4-00aa002075da}\InprocServer32
C:\WINDOWS\system32\FlshTray.ocx
HKEY_CLASSES_ROOT\clsid\{18d91acf-d0be-11d1-a6b4-00aa002075da}
TrayIconPrj.Settings
HKEY_CLASSES_ROOT\typelib\{18d91ad0-d0be-11d1-a6b4-00aa002075da}
HKEY_CLASSES_ROOT\typelib\{18d91ad0-d0be-11d1-a6b4-00aa002075da}\1.0\0\win32
C:\WINDOWS\system32\FlshTray.ocx
HKEY_CLASSES_ROOT\typelib\{18d91ad0-d0be-11d1-a6b4-00aa002075da}\1.0\FLAGS 2
HKEY_CLASSES_ROOT\typelib\{18d91ad0-d0be-11d1-a6b4-00aa002075da}\1.0\HELPDIR
C:\WINDOWS\system32
HKEY_CLASSES_ROOT\typelib\{18d91ad0-d0be-11d1-a6b4-00aa002075da}\1.0 System
Tray Icon v.1.0
HKEY_LOCAL_MACHINE\software\classes\clsid\{18d91aca-d0be-11d1-a6b4-00aa002075da}
HKEY_CLASSES_ROOT\clsid\{18d91aca-d0be-11d1-a6b4-00aa002075da}\Control
HKEY_LOCAL_MACHINE\software\classes\clsid\{18d91aca-d0be-11d1-a6b4-00aa002075da}\Control
HKEY_LOCAL_MACHINE\software\classes\clsid\{18d91aca-d0be-11d1-a6b4-00aa002075da}\InprocServer32
C:\WINDOWS\system32\FlshTray.ocx
HKEY_LOCAL_MACHINE\software\classes\clsid\{18d91aca-d0be-11d1-a6b4-00aa002075da}\MiscStatus\1
132497
HKEY_LOCAL_MACHINE\software\classes\clsid\{18d91aca-d0be-11d1-a6b4-00aa002075da}\MiscStatus
0
HKEY_LOCAL_MACHINE\software\classes\clsid\{18d91aca-d0be-11d1-a6b4-00aa002075da}\ProgID
TrayIconPrj.TrayIcon
HKEY_LOCAL_MACHINE\software\classes\clsid\{18d91aca-d0be-11d1-a6b4-00aa002075da}\ToolboxBitmap32
C:\WINDOWS\system32\FlshTray.ocx, 30000
HKEY_LOCAL_MACHINE\software\classes\clsid\{18d91aca-d0be-11d1-a6b4-00aa002075da}\TypeLib
{18D91AD0-D0BE-11D1-A6B4-00AA002075DA}
HKEY_LOCAL_MACHINE\software\classes\clsid\{18d91aca-d0be-11d1-a6b4-00aa002075da}\Version
1.0
HKEY_LOCAL_MACHINE\software\classes\clsid\{18d91aca-d0be-11d1-a6b4-00aa002075da}
TrayIconPrj.TrayIcon
HKEY_LOCAL_MACHINE\software\classes\clsid\{18d91acf-d0be-11d1-a6b4-00aa002075da}
HKEY_CLASSES_ROOT\clsid\{18d91aca-d0be-11d1-a6b4-00aa002075da}\InprocServer32
C:\WINDOWS\system32\FlshTray.ocx
HKEY_LOCAL_MACHINE\software\classes\clsid\{18d91acf-d0be-11d1-a6b4-00aa002075da}\InprocServer32
C:\WINDOWS\system32\FlshTray.ocx
HKEY_LOCAL_MACHINE\software\classes\clsid\{18d91acf-d0be-11d1-a6b4-00aa002075da}
TrayIconPrj.Settings
HKEY_LOCAL_MACHINE\software\classes\typelib\{18d91ad0-d0be-11d1-a6b4-00aa002075da}
HKEY_LOCAL_MACHINE\software\classes\typelib\{18d91ad0-d0be-11d1-a6b4-00aa002075da}\1.0\0\win32
C:\WINDOWS\system32\FlshTray.ocx
HKEY_LOCAL_MACHINE\software\classes\typelib\{18d91ad0-d0be-11d1-a6b4-00aa002075da}\1.0\FLAGS
2
HKEY_LOCAL_MACHINE\software\classes\typelib\{18d91ad0-d0be-11d1-a6b4-00aa002075da}\1.0\HELPDIR
C:\WINDOWS\system32
HKEY_LOCAL_MACHINE\software\classes\typelib\{18d91ad0-d0be-11d1-a6b4-00aa002075da}\1.0
System Tray Icon v.1.0
HKEY_CLASSES_ROOT\clsid\{18d91aca-d0be-11d1-a6b4-00aa002075da}\MiscStatus\1
132497
HKEY_CLASSES_ROOT\clsid\{18d91aca-d0be-11d1-a6b4-00aa002075da}\MiscStatus 0
HKEY_CLASSES_ROOT\clsid\{18d91aca-d0be-11d1-a6b4-00aa002075da}\ProgID
TrayIconPrj.TrayIcon
HKEY_CLASSES_ROOT\clsid\{18d91aca-d0be-11d1-a6b4-00aa002075da}\ToolboxBitmap32
C:\WINDOWS\system32\FlshTray.ocx, 30000
HKEY_CLASSES_ROOT\clsid\{18d91aca-d0be-11d1-a6b4-00aa002075da}\TypeLib
{18D91AD0-D0BE-11D1-A6B4-00AA002075DA}
HKEY_CLASSES_ROOT\clsid\{18d91aca-d0be-11d1-a6b4-00aa002075da}\Version 1.0


Detected Spyware Cookies
No spyware cookies were found during this scan.
 
B

Bill Sanderson

Thanks - the report at Spynet.com should be the best route to getting this
corrected, I think.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Major problems!!! 3
virtumondo adware - does this info help? 11
Can delete a registry key 22
Please help me 1
False positive: MS Application Compatibility Toolkit 0
Bug in Registry on all Windows(XP?) ?!? - SysmonLogManager...(smlogcfg.dll) {7478EF65-8C46-11d1-8D99 3
Spywarte Found even after Microsoft AntiSpyware Said it was Clean 1
local group policy : snap-in failed 1

Top