Trojan-Spy.Win32.Agent.beaf

Discussion in 'Virus Information' started by OREALLY, Mar 17, 2010.

  1. OREALLY

    Oreally Guest

    So......does Kapersky just send out false positives to entice users to
    purchase the security sotware? I just downloaded their latest database and
    it's still finding the same 'malware.' It's good of them to provide on-line
    scanning but I've already spent a couple of hours sleuthing into these
    supposed threats and, D. Lipman has spent time on it as well. Is my
    skepticism about Kapersky's modus operandi misplaced?

    Oreally
     
    Oreally, Mar 22, 2010
    #21
    1. Advertisements

  2. From: "Oreally" <>

    | So......does Kapersky just send out false positives to entice users to
    | purchase the security sotware? I just downloaded their latest database and
    | it's still finding the same 'malware.' It's good of them to provide on-line
    | scanning but I've already spent a couple of hours sleuthing into these
    | supposed threats and, D. Lipman has spent time on it as well. Is my
    | skepticism about Kapersky's modus operandi misplaced?

    | Oreally

    Huh ?

    It was a mistake. clear and simple, MISTAKE in a signature. Don't make it seem like
    there is some kind of deliberate agenda here.

    If I have to, I'll escalate this.
     
    David H. Lipman, Mar 22, 2010
    #22
    1. Advertisements

  3. OREALLY

    Oreally Guest

    what do you mean escalate?.......to Kapersky?
     
    Oreally, Mar 23, 2010
    #23
  4. From: "Oreally" <>

    | what do you mean escalate?.......to Kapersky?

    Yes. To Kaspersky.
     
    David H. Lipman, Mar 23, 2010
    #24
  5. OREALLY

    Oreally Guest

    well......they ought to, at least, remove these 'threats' from their
    database -so perhaps an escalation would be helpful to others who spend time
    on these mistakes.

    Thanks,

    Oreally
     
    Oreally, Mar 23, 2010
    #25
  6. From: "Oreally" <>

    | well......they ought to, at least, remove these 'threats' from their
    | database -so perhaps an escalation would be helpful to others who spend time
    | on these mistakes.

    | Thanks,

    | Oreally




    I didn't provide to Kaspersky per se. Rather a POC at Kaspersky referencing my original
    submission as a False Positive.
     
    David H. Lipman, Mar 23, 2010
    #26
  7. From: "Oreally" <>

    | well......they ought to, at least, remove these 'threats' from their
    | database -so perhaps an escalation would be helpful to others who spend time
    | on these mistakes.

    | Thanks,

    | Oreally

    In-Process :)
     
    David H. Lipman, Mar 23, 2010
    #27
  8. OREALLY

    Oreally Guest

    Looks like Kapersky has removed Trojan-Spy.Win32.Agent.beaf from the threats
    for the HP folder. However they still identify

    C:\WINDOWS\Web\Wallpaper\welcome\AWhelper.dll........ "Infected:
    not-a-virus:AdWare.Win32.WebHancer.x"

    I'll assume this is a false positive, or just a low threat adware... unless
    I hear differently from you.

    Thanks very much for your expertise and help,

    Oreally
     
    Oreally, Mar 25, 2010
    #28
  9. From: "Oreally" <>

    | Looks like Kapersky has removed Trojan-Spy.Win32.Agent.beaf from the threats
    | for the HP folder. However they still identify

    | C:\WINDOWS\Web\Wallpaper\welcome\AWhelper.dll........ "Infected:
    | not-a-virus:AdWare.Win32.WebHancer.x"

    | I'll assume this is a false positive, or just a low threat adware... unless
    | I hear differently from you.

    | Thanks very much for your expertise and help,

    | Oreally


    I don't think that is a False Positve.
     
    David H. Lipman, Mar 25, 2010
    #29
  10. Took 'em long enough. Early on I was going to suggest that you scan
    again just to check if it had been remedied (fully expecting it to be
    so).
    As trivial as it may seem to some people, I think this is another case
    of terminology misuse.

    AV programs routinely state things like "Virus found -
    trojan.W32.badthing.bdy" they don't bother to inform that it is a
    "trojan", not a virus. Then, to add to the confusion, they state (as you
    showed) - "Infected: not-a-virus:AdWare.Win32.WebHancer.x". Here, I
    believe what they are trying to say by "not-a-virus" is that this is not
    a big threat but is likely a potentially unwanted program.

    I could be wrong, but I feel that this is a good detection of what might
    not only be a "not-a-virus" but also a "not-a-problem".

    Don't proceed on my say-so. It is better to investigate it further so
    that an informed decision can be made.
     
    FromTheRafters, Mar 26, 2010
    #30
  11. OREALLY

    Oreally Guest

    RE:

    ( C:\WINDOWS\Web\Wallpaper\welcome\AWhelper.dll........ "Infected:
    I've run Spydoctor, SuperSpyware, Symantec file checker Trend House Call,
    Bit Defender........none of them find anything. Virus Total found 2 out of
    42 (VBA32 and ViRobot)...besides Kapersky. So, I'm not sure how to get rid
    of it w/o deleting the DLL.

    Oreally
     
    Oreally, Mar 26, 2010
    #31
  12. From: "Oreally" <>



    | ( C:\WINDOWS\Web\Wallpaper\welcome\AWhelper.dll........ "Infected:
    | I've run Spydoctor, SuperSpyware, Symantec file checker Trend House Call,
    | Bit Defender........none of them find anything. Virus Total found 2 out of
    | 42 (VBA32 and ViRobot)...besides Kapersky. So, I'm not sure how to get rid
    | of it w/o deleting the DLL.

    | Oreally

    Quarantine it !
     
    David H. Lipman, Mar 26, 2010
    #32
  13. OREALLY

    Oreally Guest

    Kapersky on-line scanner.......no quarantine option.
     
    Oreally, Mar 26, 2010
    #33
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.