PDA

View Full Version : Possible false positive for ATI Cat 6.9 drivers install



Gezzer
2006-09-21, 08:47
I've just downloaded the new ATI cat drivers 6.9 from their web site, and tea-timer is closing the compressed downloaded program. When you first run the program it asks for a directory to install the driver install files to. At this point the install files panel closes and tea-timer pops up with the message that a spy-program has been prevented from running. The spy-ware in question is the program Zlob.PornMagPass. :eek:

I have 2 computers, one lean and mean machine used only for gaming which runs a x800 GTO card with cat 6.8 drivers. This computer has a minimum of protective software, just XP sp2's firewall and tea-timer running. As well it is behind my routers NAT, with only ports open for the on-line games I play. I do a very minimum of surfing on this computer, mostly just updating drivers, XP updates, and game patches. I keep this computer extremely clean, at least I hope I do, and do a scan with both Spy-bot and Ad-Aware on a monthly basis. I might see a tracking cookie once in a blue moon on this computer. I don't run a resident virus scanner because I don't use e-mail on this computer, or do any other downloads. I do do a monthly on-line scan at a couple of free sites, to be on the safe side.
This is the computer that I get the error on.

My other computer is used for everything else and is running a 9800 Pro with cat 6.4 drivers. Some of the uses are, P2P, e-mail, web surfing, downloading programs and files, all my day to day computer use. As well I have many resident programs running, Yahoo widgets (with 6-7 widgets running), Rocket dock, Weather network info app, Ultra mon, plus a few others. Since I don't game on the computer, I'm not too worried about resource problems, etc. It is in my routers DMZ, but I'm running both ZA suite and tea-timer. I do scans on a weekly basis, with ZA, Spy-bot, Ad-Aware, and the free version of Remove it pro. As well on a monthly basis, I use Trend-micro's and Panda's free on-line scanners, on the off chance that malware has corrupted my resident programs. I find more tracking cookies and on the rare occasion have had to deal with minor infections, but I'm fairly confident that this system is clean, for the most part, as well. I'm also very aware of safe computing practices, and try to follow them as much as I can.
Strange thing this computer doesn't give me the error.

Am I seeing a false positive here, or is the file indeed a Trojan?
Funny that it only pops up on one machine. If there's a chance it isn't a false positive I may have to wipe the everything system clean and re-install XP, etc, who knows what other infections are being missed. :oops:
As it stands I haven't decompressed the files on either computer, and have sent in a support request to ATI.

Yodama
2006-09-21, 09:39
hello Geezer,

I can confirm that this is a false positive, it has been corrected with the detection update from 2006-08-04.
To have Teatimer accept the new detection rules it needs to be restarted.

Gezzer
2006-09-21, 11:26
hello Geezer,

I can confirm that this is a false positive, it has been corrected with the detection update from 2006-08-04.
To have Teatimer accept the new detection rules it needs to be restarted.

Thanks for the quick response, and yes exiting and restarting tea-timer did the trick. Something I'm glad of, since going with XP it seemed that my wipe/re-install days were behind me. So I wasn't looking forward to doing that if it was needed.

After reading a few other posts, it seems that tea-timer not updating is a common problem. If I could make a suggestion for future releases, having a built in script that would both kill tea-timer and restart it after an update, might reduce the panic situations that seem to ensue. Just a thought.

By the way, love the program. It reaffirms a persons faith in peoples better nature when such a useful program is released and maintained as freeware.