Sysinternals Homepage
Forum Home Forum Home > Windows Discussions > Malware
  New Posts New Posts RSS Feed - Removeit pro detections
  FAQ FAQ  Forum Search   Events   Register Register  Login Login

Removeit pro detections

 Post Reply Post Reply
Author
Message
Bomb123 View Drop Down
Senior Member
Senior Member


Joined: 13 October 2009
Status: Offline
Points: 136
Post Options Post Options   Thanks (0) Thanks(0)   Quote Bomb123 Quote  Post ReplyReply Direct Link To This Post Topic: Removeit pro detections
    Posted: 20 December 2009 at 9:46am
10:58:54: Scanning, please wait...
11:00:18: Infected file (Sys32.fileobjinfo) C:\documents and settings\all users\application data\spyware

terminator\fileobjinfo.sys
11:01:31: Infected file (Sys32.ssupdate) C:\DOCUME~1\KYTTJ~1\LOCALS~1\Temp\ssupdate.exe
11:02:35: Infected file (Sys32.amdcalcl) C:\WINDOWS\system32\amdcalcl.dll
11:02:35: Infected file (Sys32.amdcaldd) C:\WINDOWS\system32\amdcaldd.dll
11:02:35: Infected file (Sys32.amdcalrt) C:\WINDOWS\system32\amdcalrt.dll
11:02:49: Infected file (Sys32.cnmvsye) C:\WINDOWS\system32\cnmvsye.dll
11:02:50: Infected file (Sys32.datestamp) C:\WINDOWS\system32\datestamp.dll
11:03:03: Infected file (Sys32.flvdx) C:\WINDOWS\system32\flvdx.dll
11:03:24: Infected file (Sys32.msrtedit) C:\WINDOWS\system32\msrtedit.dll
11:03:45: Infected file (Sys32.ucs32p) C:\WINDOWS\system32\ucs32p.dll
11:03:50: Infected file (Sys32.vuins32) C:\WINDOWS\system32\vuins32.dll
11:04:09: Infected file (Sys32.as2stubie) C:\WINDOWS\downloaded program files\as2stubie.dll
11:04:10: Infected file (Sys32.bdcore) C:\WINDOWS\downloaded program files\bdcore.dll
11:04:14: Infected file (Sys32.libfn) C:\WINDOWS\downloaded program files\libfn.dll
11:04:16: Infected file (Sys32.pev) C:\WINDOWS\pev.exe
11:04:22: Infected file (Sys32.wininet) C:\WINDOWS\ie8updates\kb969897-ie8\wininet.dll
11:04:44: Infected file (Sys32.iraabout) C:\Program Files\common files\iraabout.dll
11:04:44: Infected file (Sys32.iralpttr) C:\Program Files\common files\iralpttr.dll
11:04:44: Infected file (Sys32.iramdmtr) C:\Program Files\common files\iramdmtr.dll
11:04:44: Infected file (Sys32.irareg) C:\Program Files\common files\irareg.dll
11:04:44: Infected file (Sys32.irasrial) C:\Program Files\common files\irasrial.dll
11:04:44: Infected file (Sys32.irawebtr) C:\Program Files\common files\irawebtr.dll
11:04:45: 23 Dangerous files have been found on your computer.
Click on "Fix" button to fix selected tasks.

No other program detects these files.
Back to Top
Bomb123 View Drop Down
Senior Member
Senior Member


Joined: 13 October 2009
Status: Offline
Points: 136
Post Options Post Options   Thanks (0) Thanks(0)   Quote Bomb123 Quote  Post ReplyReply Direct Link To This Post Posted: 20 December 2009 at 10:41am
Back to Top
nullptr View Drop Down
Senior Member
Senior Member
Avatar

Joined: 06 April 2008
Location: Australia
Status: Offline
Points: 763
Post Options Post Options   Thanks (0) Thanks(0)   Quote nullptr Quote  Post ReplyReply Direct Link To This Post Posted: 20 December 2009 at 11:30am
After a brief look at this application in a VM, the only conclusion I can come to is that you do as it's name suggests and RemoveIt from your pc. Poor detection methods and ridiculous number of false positives. Their website even confirms some of what was detected in your scan as safe Wacko 
Back to Top
PROROOTECT View Drop Down
Senior Member
Senior Member
Avatar

Joined: 06 April 2008
Location: Fort Lee, NJ ..
Status: Offline
Points: 559
Post Options Post Options   Thanks (0) Thanks(0)   Quote PROROOTECT Quote  Post ReplyReply Direct Link To This Post Posted: 20 December 2009 at 12:01pm
Hello Bomb 123,
 
Removeit Pro is the ROGUE.
 
Look here on user reviews(and read Assiste.com post): http://www.softpedia.com/progViewOpinions/RemoveIT-Pro-25600,.html 
 
Also here on wilderssecurity thread: http://www.wilderssecurity.com/showthread.php?t=109883
 
Look on sysinternals thread: 'FAKE / ROGUE / SCAREWARE Antivirus & Antispyware': http://forum.sysinternals.com/forum_posts.asp?TID=20605
 
 
P.
Back to Top
nullptr View Drop Down
Senior Member
Senior Member
Avatar

Joined: 06 April 2008
Location: Australia
Status: Offline
Points: 763
Post Options Post Options   Thanks (0) Thanks(0)   Quote nullptr Quote  Post ReplyReply Direct Link To This Post Posted: 20 December 2009 at 12:40pm
Just create a new text file in your system32 directory and name it scvhost.exe. LOL Proof of fantastic detection method - a zero byte malicious file. 
Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down