PDA

View Full Version : F/P LttLogger



DougD
2006-07-28, 18:11
Hello! My English isn"t very good, so sorry.
In latest beta detection rules is false positive or I think so.

Here is what Spybot log:
--- Report generated: 2006-07-28 18:04 ---

LttLogger: Asetukset (Rekisterin arvo, nothing done)
HKEY_USERS\S-1-5-21-1662927447-3923557645-1727859080-1012\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\WINDOWS\system32\WScript.exe

And I uploaded file to Virustotal and here is report from it:
Complete scanning result of "wscript.exe", received in VirusTotal at 07.28.2006, 17:08:52 (CET).

Antivirus Version Update Result
AntiVir 6.35.1.0 07.28.2006 no virus found
Authentium 4.93.8 07.28.2006 no virus found
Avast 4.7.844.0 07.28.2006 no virus found
AVG 386 07.27.2006 no virus found
BitDefender 7.2 07.28.2006 no virus found
CAT-QuickHeal 8.00 07.28.2006 no virus found
ClamAV devel-20060426 07.27.2006 no virus found
DrWeb 4.33 07.28.2006 no virus found
eTrust-InoculateIT 23.72.80 07.28.2006 no virus found
eTrust-Vet 12.6.2314 07.28.2006 no virus found
Ewido 4.0 07.28.2006 no virus found
Fortinet 2.77.0.0 07.27.2006 no virus found
F-Prot 3.16f 07.27.2006 no virus found
F-Prot4 4.2.1.29 07.27.2006 no virus found
Ikarus 0.2.65.0 07.28.2006 no virus found
Kaspersky 4.0.2.24 07.28.2006 no virus found
McAfee 4816 07.27.2006 no virus found
Microsoft 1.1508 07.27.2006 no virus found
NOD32v2 1.1683 07.28.2006 no virus found
Norman 5.90.23 07.28.2006 no virus found
Panda 9.0.0.4 07.27.2006 no virus found
Sophos 4.07.0 07.28.2006 no virus found
Symantec 8.0 07.28.2006 no virus found
TheHacker 5.9.8.182 07.27.2006 no virus found
UNA 1.83 07.27.2006 no virus found
VBA32 3.11.0 07.27.2006 no virus found
VirusBuster 4.3.7:9 07.28.2006 no virus found

Aditional Information
File size: 114688 bytes
MD5: 98f83265c053aa7576d58fb5165d95f2
SHA1: f5ec5656708e7a25180fde0c307cbbed892fc650

Chuck
2006-07-28, 21:32
I got the same. Ewido did not detect this. Seems to be a probable F/P in System32/Wscript... CHUCK

DougD
2006-07-29, 09:41
I got the same. Ewido did not detect this. Seems to be a probable F/P in System32/Wscript... CHUCK
Ad-Aware SE Personal and CA eTrust PestPatrol did not detect this. So it must be F/P!

MisterW
2006-07-31, 11:47
thanks for reporting,
it is a false positive in the beta detections and will be removed with the next update scheduled for the end of the week. :bigthumb: