PDA

View Full Version : False positive? regserv.exe = trojan, detected by McAfee, dat update 4763



GeminiAlpha
2006-05-17, 12:01
Hi,
Today during a Spybot scan (after a fresh update), McAfee 7.1.0 pop'd up with a trojan detection in "regperf.exe" and told me it was part of "Spybot R&D". File was moved from \windows\system32 to \quarantine map.

Anyone knows if this is a false positive?

Rudolf.

[Edit1] You should read REGPERF.EXE (and NOT regserv.exe)

[edit2] Trojan has nothing to do with Spybot! It is installed by "some media codec" called: media codec 4.0 This codec is uninstallable but does NOT uninstall the Trojan!
Please visit: http://www.sophos.com/virusinfo/analyses/trojzlobjg.html for more info.