Superantispyware found unknown trojan

[vix]

my superantisyware found trojan.unknown origin

the only programme iv recently installed is spyware terminator a few
days ago


can someone plz tell me where this has come from, just so i know, btw
it was found in the registry, here is the results

SUPERAntiSpyware Scan Log
Generated 08/16/2006 at 10:31 PM

Core Rules Database Version : 3055
Trace Rules Database Version: 1101

Memory threats detected : 0
Registry threats detected : 43
File threats detected : 0

Trojan.Unknown Origin
HKCR\InetCtls.Inet
HKCR\InetCtls.Inet\CLSID
HKCR\InetCtls.Inet\CurVer
HKCR\InetCtls.Inet.1
HKCR\InetCtls.Inet.1\CLSID
HKCR\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}
HKCR\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\Control
HKCR\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\Implemented
Categories
HKCR\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\Implemented
Categories\{0DE86A52-2BAA-11CF-A229-00AA003D7352}
HKCR\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\Implemented
Categories\{0DE86A53-2BAA-11CF-A229-00AA003D7352}
HKCR\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\Implemented
Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352}
HKCR\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\Implemented
Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502}
HKCR\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\Implemented
Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}
HKCR\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\InprocServer32
HKCR\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\InprocServer32#ThreadingModel
HKCR\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\MiscStatus
HKCR\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\MiscStatus\1
HKCR\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\ProgID
HKCR\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\Programmable
HKCR\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\ToolboxBitmap32
HKCR\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\TypeLib
HKCR\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\Version
HKCR\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\VersionIndependentProgID
HKCR\CLSID\{48E59294-9880-11CF-9754-00AA00C00908}
HKCR\CLSID\{48E59294-9880-11CF-9754-00AA00C00908}\InprocServer32
HKCR\CLSID\{48E59295-9880-11CF-9754-00AA00C00908}
HKCR\CLSID\{48E59295-9880-11CF-9754-00AA00C00908}\InprocServer32
HKCR\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}
HKCR\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0
HKCR\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0\0
HKCR\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0\0\win32
HKCR\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0\FLAGS
HKCR\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0\HELPDIR
HKCR\Interface\{48E59291-9880-11CF-9754-00AA00C00908}
HKCR\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\ProxyStubClsid
HKCR\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\ProxyStubClsid32
HKCR\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\TypeLib
HKCR\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\TypeLib#Version
HKCR\Interface\{48E59292-9880-11CF-9754-00AA00C00908}
HKCR\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\ProxyStubClsid
HKCR\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\ProxyStubClsid32
HKCR\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\TypeLib
HKCR\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\TypeLib#Version

 

[David H. Lipman]

From: "vix" <[email protected]>

| my superantisyware found trojan.unknown origin
|
| the only programme iv recently installed is spyware terminator a few
| days ago
|
| can someone plz tell me where this has come from, just so i know, btw
| it was found in the registry, here is the results
|
| SUPERAntiSpyware Scan Log
| Generated 08/16/2006 at 10:31 PM
|
| Core Rules Database Version : 3055
| Trace Rules Database Version: 1101
|
| Memory threats detected : 0
| Registry threats detected : 43
| File threats detected : 0
|
| Trojan.Unknown Origin
| HKCR\InetCtls.Inet
| HKCR\InetCtls.Inet\CLSID
| HKCR\InetCtls.Inet\CurVer
| HKCR\InetCtls.Inet.1
| HKCR\InetCtls.Inet.1\CLSID
| HKCR\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}

< snip >

Troj/Angelfre-D -- http://www.sophos.com/virusinfo/analyses/trojangelfred.html
SpywareStormer --
http://www.symantec.com/security_response/writeup.jsp?docid=2006-012014-1039-99&tabid=2
Spyware.PCPolice --
http://www.symantec.com/security_response/writeup.jsp?docid=2005-062014-5447-99&tabid=2

http://searchg.symantec.com/search?...US&proxystylesheet=symc_en_US&site=symc_en_US

 

[Nick Skrepetos]

my superantisyware found trojan.unknown origin

the only programme iv recently installed is spyware terminator a few
days ago


can someone plz tell me where this has come from, just so i know, btw
it was found in the registry, here is the results

SUPERAntiSpyware Scan Log
Generated 08/16/2006 at 10:31 PM

Core Rules Database Version : 3055
Trace Rules Database Version: 1101

Memory threats detected : 0
Registry threats detected : 43
File threats detected : 0

Trojan.Unknown Origin
HKCR\InetCtls.Inet
HKCR\InetCtls.Inet\CLSID
HKCR\InetCtls.Inet\CurVer
HKCR\InetCtls.Inet.1
HKCR\InetCtls.Inet.1\CLSID
HKCR\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}
HKCR\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\Control
HKCR\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\Implemented
Categories
HKCR\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\Implemented
Categories\{0DE86A52-2BAA-11CF-A229-00AA003D7352}
HKCR\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\Implemented
Categories\{0DE86A53-2BAA-11CF-A229-00AA003D7352}
HKCR\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\Implemented
Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352}
HKCR\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\Implemented
Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502}
HKCR\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\Implemented
Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}
HKCR\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\InprocServer32
HKCR\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\InprocServer32#ThreadingModel
HKCR\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\MiscStatus
HKCR\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\MiscStatus\1
HKCR\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\ProgID
HKCR\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\Programmable
HKCR\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\ToolboxBitmap32
HKCR\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\TypeLib
HKCR\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\Version
HKCR\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\VersionIndependentProgID
HKCR\CLSID\{48E59294-9880-11CF-9754-00AA00C00908}
HKCR\CLSID\{48E59294-9880-11CF-9754-00AA00C00908}\InprocServer32
HKCR\CLSID\{48E59295-9880-11CF-9754-00AA00C00908}
HKCR\CLSID\{48E59295-9880-11CF-9754-00AA00C00908}\InprocServer32
HKCR\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}
HKCR\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0
HKCR\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0\0
HKCR\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0\0\win32
HKCR\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0\FLAGS
HKCR\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0\HELPDIR
HKCR\Interface\{48E59291-9880-11CF-9754-00AA00C00908}
HKCR\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\ProxyStubClsid
HKCR\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\ProxyStubClsid32
HKCR\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\TypeLib
HKCR\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\TypeLib#Version
HKCR\Interface\{48E59292-9880-11CF-9754-00AA00C00908}
HKCR\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\ProxyStubClsid
HKCR\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\ProxyStubClsid32
HKCR\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\TypeLib
HKCR\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\TypeLib#Version

Vix - that may have been a false positive, did you update your
defintions prior to scanning? Make sure you have Core : 3055 and Trace
: 1102 and re-scan.

Nick Skrepetos
SUPERAntiSpyware.com
http://www.superantispyware.com

 

[optikl]

Vix - that may have been a false positive, did you update your
defintions prior to scanning? Make sure you have Core : 3055 and Trace
: 1102 and re-scan.

Nick Skrepetos
SUPERAntiSpyware.com
http://www.superantispyware.com

Nick, not many developers, I believe, would even admit to the
possibility of an FP. Your candor is refreshing.

 

[Nick Skrepetos]

Nick, not many developers, I believe, would even admit to the
possibility of an FP. Your candor is refreshing.

Thank you for the compliment. False Positives are a reality in our
business, so I don't feel there is a need to hide that fact - the real
issue is how fast they are dealt with - in our case we have real-time
false positive reporting built into the product, so it was reported and
removed within one hour of initial release.

Nick Skrepetos
SUPERAntiSpyware.com
http://www.superantispyware.com