Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Hope this saves time for staff Rivarts.A


  • This topic is locked This topic is locked

#1
TakeBK

TakeBK

    Member

  • Member
  • PipPip
  • 76 posts
I posted this in Malware but doesn't seem (now anyway) like it was a good idea as no-one can respond.I am posting here to let anyone know Not every instance of revarts.a backdoor found by MSASW is true.I see lots of HJT logs with people thinking they have something wrong and it is not so.

Basically to save people time I am just letting it be known if found by MSASW to do some research on it file it finds before you panic to much.

http://www.microsoft...exp=&sloc=en-us

Currently signatures on registry keys and values that are known to be
created by malicious software are reported as a detection for that threat,
even if no other files or other traces of the threat are found.

There are plans to change this behavior in the future, which should resolve
the issue.

Thanks

-Mike




I POSTED EARLIER>>>>>>>>>>>>>>>>>>>>>>>>>>>>



Hi GTG and everyone else.I know I can't reply to someone elses HJT log here but wanted to leave some info just the same.Hope you dont mind me putting it here where it would be seen faster than falling by the wayside in a General part of forum.

In reference to a post here in Geeks to that Leena was working on.

Hi,
Your log isn't really showing anything so lets run a scan.


http://www.geekstogo...opic=104707&hl=


I was getting some False Positive with the Microsoft ASW with SpywareDoctor as others I have found to be getting the same.So this is only a possibility.......

Seems you delete it and it comes right back.

Once Spydoctor was uninstalled the MSASW did not pick it back up.It has happened also with Trojan Hunter Guard and A Squared being picked up as rogue.

I too ran MS ASW and got the result that I had rivarts A.Backdoor. I had the same 6 mchInjDrv entries in the registry. I let MS ASW remove them, but they returned after reboot. I then tried to remove them manually from the registry, but again they returned after reboot. I suspected Spyware Doctor, and uninstalled it. I ran MS ASW and this time there were no problems reported. I also checked the registry, and all the mchInjDrv registry entries were gone. Hope this helps


Just wanted to share my finding with you if they apply.I know some people wasted hours and hours scanning for something that was not truley there ,it might save time on some logs........

Try having the Original poster uninstall SPYDOC then redo the scan and see what comes of it.They can always re-install it

Just some info for all if it helps any.......


Great job I see you are doing over here .Keep up the good work.Alot of good info.

Regards,

TakeBK

http://castlecops.co...A_Backdoor.html

Edited by TakeBK, 29 March 2006 - 01:33 PM.

  • 0

Advertisements


#2
TakeBK

TakeBK

    Member

  • Topic Starter
  • Member
  • PipPip
  • 76 posts
Just an EDIT to above

EDIT;;;; Just to clairify Spy Doctor is not a rogue program it is just MSASW does pick it up as one .If you uninstall it and find you DONT get the alert from MSASW for RIVARTS then just go ahead and re-install SpyDoctor or any legitimate conflicting program it does find and ingnore the warning from MSASW untill Micro comes out with an update to not detect it as such.

If you do think your machine is acting funny then do as you fell to post a HJT log to be reviewed, this was for the GTG personel to save them time in chasing something for hours worth of scans just to find it was nothing.

Regards,

TakeBK
  • 0

#3
fleamailman

fleamailman

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,383 posts
Thks and this is clear now, ignore the false positive given by MSASW (Microsoftantispyware) when it comes across entries made by Spydoctor as Spydoctor isn't malware, only MSASW just thinks it is hence its warnings. One question, any suggestion of a product to replace spydoctor until Microsoft turns off the warnings?
  • 0

#4
Flrman1

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
I don't know why you have posted this again here. you original post is still in the malware forum and open to anyone who wants to reply. This is not the appropriate forum for this and it is a duplicate of the other.

We appreciate you sharing the info you found, but please abide by the forum rules and do not post duplicate topics. This topic is closed.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP