realsearch false positive?

**sd000** · 2007-03-20, 16:10

sb detects and fixes by deletion this:

Realsearch.Forte: User settings (Registry value, fixed)
HKEY_USERS\S-1-5-21-430653855-1147806647-1590194639-48196\Software\Microsoft\Windows\ShellNoRoam\MUICache\*\x.exe

This entry points to the executable for a Xoftware X-server (v5.0), a NetManage product).
The registry entry appears (is created) each time the X-server is started
(unless it is already present). The value data is:
XoftWare® X Server for Windows® and Win32

There does not appear to be anything harmful going on with or without
the entry. I have checked for any of the many documented "signature"
realsearch registry entries, exe files, and dll files, but do not find any of them
anywhere on my machine.

This leads me to believe that this may be a false positive.

Any thoughts?

Thanks.

sd000

**sd000** · 2007-03-20, 19:18

A littlie bit of further info --

Prior to "fixing" this realsearch "hit" with sb, I have also scanned
my computer with the following:

HijackThis
AdawareSE
Trojan Hunter
Trojan Remover
CA eTrust

None of them found anything.

sd000

**Yodama** · 2007-03-22, 08:20

hi,

this is a false positive, it will be fixed with the next update scheduled for next wednesday.

Fixing the entry won't harm the application since it is only a record within the registry about which app has been run.
You can also exclude the entry from further searches the next time it is found.

**sd000** · 2007-03-22, 16:23

Thanks.

sd000

**sd000** · 2007-03-29, 17:55

I am now using the 3/28/07 update, and this fp still appears.

sd000

**Yodama** · 2007-03-30, 07:36

hm, this is odd the fp should be resolved with the update from 2007-03-28.
Could you scan again and attach the scanlog to your next post if it still occurs?

**sd000** · 2007-03-30, 16:28

seems to be ok now.

here's what happened.

prior to scanning yesterday, i did a check for updates and got an indication that there were none. knowing that i had not updated for a week, i went to the website and did a manual download/update for 3/28/07. i then ran the scan which gave me the fp.

after seeing your response today, i once again checked for updates prior to doing another scan. this time the update check indicated that there were updates (two of them, one of which was a 3/28/07 definitions file). i did the auto update, and then performed another scan. this time the fp did not show up.

so it appears that the fp may indeed be fixed.

thanks.

sd000

Thread: realsearch false positive?

Thread Tools

Display

realsearch false positive?

additional info

thanks

Posting Permissions