i ran a a-squared free scan on my hp laptop and it found this-neither my full version spyware doctor or ad-aware personal found anything…what is the best thing to do-remove it-put it in quaratine-or ignore it : ???
Trace.Registry.MovieCommander
http://www.emsisoft.com/en/malware/?Trace.Registry.MovieCommander
I did the wrong thing trying to send it to Quarantine … It fails but delete something…
Now, some other items of my computer (specially startup items are messed).
I think this is related to WinPatrol false positive. Maybe I’m wrong.
My advise: DO NOT remove this registry keys.
ok-haven’t removed it as of yet as pm-with polonus
will just leave alone >:(
here’s what i got :
a-squared Free - Version 2.1
Scan settings:
Objects: Memory, Traces, Cookies, C:
Scan archives: On
Heuristics: On
ADS Scan: On
Scan start: 4/21/2007 8:58:07 AM
Key: HKEY_LOCAL_MACHINE\Software\Classes\MovieCommander detected: Trace.Registry.MovieCommander
Scanned
Files: 60364
Traces: 110344
Cookies: 1
Processes: 31
Found
Files: 0
Traces: 1
Cookies: 0
Processes: 0
Registry keys: 0
Scan end: 4/21/2007 9:25:00 AM
Scan time: 12:26:53 AM
This is really big false positive as it delete all big USER registry branch. Messed all my systep up… Thanks god I had made a copy of registry recently. DO NOT DELETE anything - or your system will fail to work properly. Actually I uninstalled a-sqared after this, as it is not the first false possitive in traces detection, which ruins all my system. I can’t trust this application anymore as it tends to do more harm sometimes… :-\
If I’m not wrong I had all HKEY_CURRENT_USER branch marked as threat, and I had big problems after what… Moreover, I don’t have Win Patrol on my system, so I don’t think it is somehow related…
Yeah, you’re right… WinPatrol was a ‘side-effect’ that let me know all the registry mess…
thanks YLAP and Tech…installed a-squared free after not using it for a long time-and now uninstalled it and not going to use if for a long time(forever)-did not delete,quaratined or anything-don’t want to mess up anything
Hi drhayden1,
Good you did not delete anything. Really annoying and sometimes destructive these FP’s.
One thing is clear do not trust a ting nowadays. Always take a second or third opinion.
polonus
Polonus, the problem is not only if the user delete the item… I’ve quarantine it… and do you want to know?
I can’t restore it, not with Administrator account, not in the same account (with admin rights) I’ve quarantine it, not in Safe Mode on these two accounts. It’s incredible that a-squared did this… Deeply disappointed, not because the false positive but against the restore feature.
Looks like time to restore one of your True Image back-ups ;D
I’m almost there, because now I’m in Linux…
I’ve asked for help there too http://forum.emsisoft.com/Default.aspx?g=posts&m=10681⦹
I quit recomending a-squared a while back because of FP and low detection rates. I now use spy sweeper and Windows Defender as both have good detection rates and zero FP (so far).
Edit: my mistake
You were right no other way to get them back.
Thanks to full partition backup… a-squared failed miserably on restoring Quarantined items. It gets down on my recommendations on future posts.
A valuable lesson for everyone, have a back-up and recovery strategy. If you don’t want to lose it back it up.
I have been using drive image(ing) software for years now and it has hauled my a** out of the fire many times and for the cost it has been well worth it. It has paid for itself many times over in time and data saved.
Just imagine all the pain of a windows restore and all those security updates you would have to download, programs to install, tweaks to reapply. I break out into a cold sweat at the thought if you haven’t got drive imaging software you should seriously consider it, the cost is a one off and not hugely expensive.
Discussion on a-squared forum continues…
http://forum.emsisoft.com/Default.aspx?g=posts&m=10704
Some users excuse the software because:
- It’s free.
- It was a false positive incident.
I just say: it’s a lack of restore function, not safe for users.
Hi Tech,
What excuse? That is why I scan with Ewido Micro as a second scanner, does almost the same job, and when it does not come up with the specific trojan, I know it is a FP. FP’s are the crux of these free trojan scanners, and other scanners as well. But it is as with all heuristical scanning, first make sure you checked and checked over again ,and then make a confirmed decision as to what you should do.
polonus
Just because it is free doesn’t mean you have to accept a program that doesn’t do as it says.
Just because it was a false positive detection, even more reason why the restore needs to function properly.
That’s what I think… I hope someone from a-squared team post officially about the restore function (and not just about the false positive).
I agree. If not my one-day-old registry backup I had… :-\
I do a daily backup but… for the worst reason in the world, it get corrupted… so, the only way was a full partition restore.