false positives: InstSrv and Winlog

C

cpu-tech

Nice appearance, lots of settings, hasn't yet found
anything that SpySubtract or SpybotSD missed.

It has two false positives for me, both of which are in
the directory that gets created when one purchases the
Microsoft Windows 2000 Professional Resource Kit and
installs the accompanying CD from the back of Microsoft'
own 1760+ page book.


InstSrv (Trojan)
-c:\program files\resource pro kit\instsrv.exe

Winlog (Trojan)
-c:\program files\resource pro kit \srvany.exe

True, those filenames are also found in Symantec's list of
viruses, but perhaps this program should look at the
directory name, or give a 'caution' flag instead of
damning Microsoft's own resource kit (vbg).

cpu-tech
 
D

Donald Newcomb

cpu-tech said:
It has two false positives for me, both of which are in
the directory that gets created when one purchases the
Microsoft Windows 2000 Professional Resource Kit and
installs the accompanying CD from the back of Microsoft'
own 1760+ page book.
Click to expand...

I ran auto-update last night and I no longer get these two false-positives.
(Or any others.)
 
D

Donald Newcomb

Donald Newcomb said:
I ran auto-update last night and I no longer get these two false-positives.
(Or any others.)
Click to expand...

My bad. My wife had stuck the two programs into quarantine. I took them out
and AntiSpyware Beta still picks up InstSrv. However, it also has a very
nice explanation of why it's not a false positive. Says it is part of the MS
Resource Kit but that it is also a prime target for hackers and they
recommend getting rid of it. So, it isn't a false positive at all.
 
B

Bill Sanderson

Glad you read the details. I don't know whether those descriptions have
changed since the first post in this thread--but there are some classes of
programs that are perfectly appropriate if installed on your system with
your knowledge, and dangerous if you did not know they were there. Or, they
may be subject to abuse, and thus risky to leave around if you are not
actively using them yourself.

I believe these descriptions are being tuned actively at the moment--and
want to remind us all to take a good look at both the default action
suggested for the "threat" and the descriptions, to get a clearer
understanding of why these apparently legitimate programs are being called
out.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

False positive found in W2K Pro Resource Kit 1
McAfee Virusscan: Generic.dx!sux - false positives? 11
Doen not like Microsoft software 3
instsrv.exe and srvany.exe are *not* spyware 7
Problem with INSTSRV.EXE and Windows 2003 Server? 3
HOWTO: install and get up to speed with Microsoft's Windows Performance Toolkit 0
tools for stickies 5.0a (makes for a much more useful app than anything similiar) 0
Frequently Asked Questions (FAQ) Jan 24 4

Top