PDA

View Full Version : realsearch false positive?



sd000
2007-03-20, 17:10
sb detects and fixes by deletion this:

Realsearch.Forte: User settings (Registry value, fixed)
HKEY_USERS\S-1-5-21-430653855-1147806647-1590194639-48196\Software\Microsoft\Windows\ShellNoRoam\MUICache\*\x.exe

This entry points to the executable for a Xoftware X-server (v5.0), a NetManage product).
The registry entry appears (is created) each time the X-server is started
(unless it is already present). The value data is:
XoftWare® X Server for Windows® and Win32

There does not appear to be anything harmful going on with or without
the entry. I have checked for any of the many documented "signature"
realsearch registry entries, exe files, and dll files, but do not find any of them
anywhere on my machine.

This leads me to believe that this may be a false positive.

Any thoughts?

Thanks.

sd000

sd000
2007-03-20, 20:18
A littlie bit of further info --

Prior to "fixing" this realsearch "hit" with sb, I have also scanned
my computer with the following:

HijackThis
AdawareSE
Trojan Hunter
Trojan Remover
CA eTrust

None of them found anything.

sd000

Yodama
2007-03-22, 09:20
hi,

this is a false positive, it will be fixed with the next update scheduled for next wednesday.

Fixing the entry won't harm the application since it is only a record within the registry about which app has been run.
You can also exclude the entry from further searches the next time it is found.

sd000
2007-03-22, 17:23
Thanks.

sd000

sd000
2007-03-29, 18:55
I am now using the 3/28/07 update, and this fp still appears.

sd000

Yodama
2007-03-30, 08:36
hm, this is odd the fp should be resolved with the update from 2007-03-28.
Could you scan again and attach the scanlog to your next post if it still occurs?

sd000
2007-03-30, 17:28
seems to be ok now.

here's what happened.

prior to scanning yesterday, i did a check for updates and got an indication that there were none. knowing that i had not updated for a week, i went to the website and did a manual download/update for 3/28/07. i then ran the scan which gave me the fp.

after seeing your response today, i once again checked for updates prior to doing another scan. this time the update check indicated that there were updates (two of them, one of which was a 3/28/07 definitions file). i did the auto update, and then performed another scan. this time the fp did not show up.

so it appears that the fp may indeed be fixed.

thanks.

sd000