Found on Windows XP SP2 windows trojan agent with Ad-aware three registry keys:
HKEY_CLASSES_ROOT: clsid (48e59293-9880-11cf-9754-00aa00c00908)
HKEY_CLASSES_ROOT: interface (48e59293-9880-11cf-9754-00aa00c00908)
HKEY_CLASSES_ROOT: typelib (48e59293-9880-11cf-9754-00aa00c00908)
Is this real, a FP. Only recent install made Alkali Telescope metasearch program.
Anyone more info?
I do not use IRC so, then when I googled for the registry key and Ad-aware it was denoted as a false positive, so. To adjust the registry I have to go to safe mode I guess, but at the moment I leave it, because the other symptoms of downloaders were not found.
OK, I just downloaded the latest AdAware update and got the same three as you plus an other three and I believe they are all false positive detections as I like you have none of the associated signs or symptoms. I don’t use IRC either.
I too have chosen not to do anything (not even ignore, but I suspect on your next adaware scan they will not be detected. It might be worth a look at the adaware forums.
I only run AdAware after an update so there is no delay that might cause doubt that I had caught something.
Yes, I take every detection with a degree of caution, when you consider the precautions you (and I) take infection is unlikely, however, it could happen. I don’t mind when they indicate files, these can easily be checked (and quarantined with little risk of harm) but when they detect registry entries, deletion or quarantine can have serious effects if false.
Of late the only detections I have had for Spybot S&D and AdAware have been FPs, which basically confirms my proactive precautions goes a long way to protecting you. I’m in the process of downloading the adaware updates now.