Page 1 of 3 123 LastLast
Results 1 to 10 of 22

Thread: Possible False Positive? Win32.SharaQQ.30

  1. #1
    Junior Member
    Join Date
    Jun 2009
    Posts
    7

    Post Possible False Positive? Win32.SharaQQ.30

    Reported Win32.SharaQQ.30 as a Trojan on yesterday's (2009-06-24) update as Scan Results on two separate XP systems (one is rarely used). Latest AVG Anti-Virus shows nothing. Nothing on Symatec or AVG website regarding Win32.SharaQQ.30. Google search shows little info on this Trojan.

    Anyone else showing this?
    Should I try to have Spybot fix the problem?

    Operating System: Windows XP Home
    Browser and Version: Internet Explorer 6
    Version of Spybot S&D: 1.6.2.46
    Date of the latest update: 2009-06-24

    --- Report generated: 2009-06-24 10:09 ---

    Win32.SharaQQ.30: [SBI $78DEFE26] Data (File, nothing done)
    C:\WINDOWS\system32\SVKP.sys
    Properties.size=2368
    Properties.md5=F05028B163B92C302A74409D683AC9B0
    Properties.filedate=1072473531
    Properties.filedatetext=2003-12-26 14:18:51

    Win32.SharaQQ.30: [SBI $962F118B] Settings (Registry key, nothing done)
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SVKP

    Win32.SharaQQ.30: [SBI $F02BC4BB] Settings (Registry key, nothing done)
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SVKP

    Win32.SharaQQ.30: [SBI $75C09369] Settings (Registry key, nothing done)
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WZCSVC

    Win32.SharaQQ.30: [SBI $A65B8F92] Settings (Registry key, nothing done)
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WZCSVC


    --- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

    2009-01-26 blindman.exe (1.0.0.8)
    2009-01-26 SDFiles.exe (1.6.1.7)
    2009-01-26 SDMain.exe (1.0.0.6)
    2009-01-26 SDUpdate.exe (1.6.0.12)
    2009-01-26 SpybotSD.exe (1.6.2.46)
    2009-03-05 TeaTimer.exe (1.6.6.32)
    2009-02-18 unins000.exe (51.49.0.0)
    2009-01-26 Update.exe (1.6.0.7)
    2009-01-26 advcheck.dll (1.6.2.15)
    2007-04-02 aports.dll (2.1.0.0)
    2008-06-14 DelZip179.dll (1.79.11.1)
    2009-01-26 SDHelper.dll (1.6.2.14)
    2008-06-19 sqlite3.dll
    2009-01-26 Tools.dll (2.1.6.10)
    2009-01-16 UninsSrv.dll (1.0.0.0)
    2009-05-19 Includes\Adware.sbi (*)
    2009-06-02 Includes\AdwareC.sbi (*)
    2009-01-22 Includes\Cookies.sbi (*)
    2009-05-19 Includes\Dialer.sbi (*)
    2009-06-02 Includes\DialerC.sbi (*)
    2009-01-22 Includes\HeavyDuty.sbi (*)
    2009-05-26 Includes\Hijackers.sbi (*)
    2009-06-23 Includes\HijackersC.sbi (*)
    2009-06-23 Includes\Keyloggers.sbi (*)
    2009-06-23 Includes\KeyloggersC.sbi (*)
    2009-06-10 Includes\Malware.sbi (*)
    2009-06-23 Includes\MalwareC.sbi (*)
    2009-03-25 Includes\PUPS.sbi (*)
    2009-06-17 Includes\PUPSC.sbi (*)
    2009-01-22 Includes\Revision.sbi (*)
    2009-01-13 Includes\Security.sbi (*)
    2009-06-02 Includes\SecurityC.sbi (*)
    2008-06-03 Includes\Spybots.sbi (*)
    2008-06-03 Includes\SpybotsC.sbi (*)
    2009-04-07 Includes\Spyware.sbi (*)
    2009-06-02 Includes\SpywareC.sbi (*)
    2009-06-08 Includes\Tracks.uti
    2009-06-17 Includes\Trojans.sbi (*)
    2009-06-23 Includes\TrojansC.sbi (*)
    2008-03-04 Plugins\Chai.dll
    2008-03-05 Plugins\Fennel.dll
    2008-02-26 Plugins\Mate.dll
    2007-12-24 Plugins\TCPIPAddress.dll

  2. #2
    Senior Member Yodama's Avatar
    Join Date
    Oct 2005
    Location
    Buchenheim
    Posts
    1,110

    Default

    This is no false positive, you should fix this on both of your computers.
    This Trojan horse is contacting malicious domains in background.
    born in the shadow to die in the shadow, that is the fate of the shinobi

    Spybot S&D Downloads

    Please help us improve Spybot and download our distributed testing client.

  3. #3
    Junior Member
    Join Date
    Jun 2009
    Posts
    7

    Default Possible False Positive? Win32.SharaQQ.30

    Should I just let Spybot try to fix it or is there something else that I should also do?

  4. #4
    Senior Member Yodama's Avatar
    Join Date
    Oct 2005
    Location
    Buchenheim
    Posts
    1,110

    Default

    Fixing it with Spybot S&D should be enough. If removal should fail for some reason try to fix it in Windows safe mode (press F8 before 1st Windows loading screen to enter Windows safe mode).
    born in the shadow to die in the shadow, that is the fate of the shinobi

    Spybot S&D Downloads

    Please help us improve Spybot and download our distributed testing client.

  5. #5
    Junior Member
    Join Date
    Jun 2009
    Posts
    7

    Default Possible False Positive? Win32.SharaQQ.30

    Worked like a charm without having to go into safe mode!

    Thank you! Thank you!

  6. #6
    Junior Member
    Join Date
    Jun 2008
    Posts
    7

    Default

    Hi,

    also ich habe heute genau die selbe Meldung über den Win32.SharaQQ.30 bekommen, wie jgs57.
    Ich habe die svkp.sys (Dateiversion 4.0.1381.1) seit dem 02. Februar 2009 auf meinem Rechner.
    Wieso ist das jetzt plötzlich ein Trojaner.

    Geronimo104
    ...

  7. #7
    Senior Member Yodama's Avatar
    Join Date
    Oct 2005
    Location
    Buchenheim
    Posts
    1,110

    Default

    Hallo Geronimo104,

    die Datei ist nicht plötzlich ein trojanisches Pferd geworden, sie ist erst jetzt von uns als solcher erkannt worden. Es liegt leider in der Natur von trojanischen Pferden sich zu tarnen und zu verstecken um möglichst lange der Erkennung zu entgehen.

    Bei der Erkennung von schädlichen Dateien spielt nicht nur der Dateiname eine Rolle sondern viele andere Attribute der Datei.

    Wenn Dein Scanergebnis wie bei jgs57 die gleiche md5 aufweist, handelt es sich um eine genau identische SVKP.sys welche entfernt werden sollte.

    Win32.SharaQQ.30: [SBI $78DEFE26] Data (File, nothing done)
    C:\WINDOWS\system32\SVKP.sys
    Properties.size=2368
    Properties.md5=F05028B163B92C302A74409D683AC9B0 <- MD5
    born in the shadow to die in the shadow, that is the fate of the shinobi

    Spybot S&D Downloads

    Please help us improve Spybot and download our distributed testing client.

  8. #8
    Junior Member
    Join Date
    Jun 2008
    Posts
    7

    Default

    Hi,

    ich habe die SVKP.sys mit Spybot entfernt.
    Reicht das ...

    Geronimo104
    ...

  9. #9
    Junior Member
    Join Date
    Jun 2009
    Posts
    7

    Default Possible False Positive? Win32.SharaQQ.30

    I see there are 3 new post to my intial question regarding Win32.SharaQQ.30. Unfortuantely they appear to be in German and I'm sorry, but I don't read German. Can anyone help me? Do these state anything important that I should know?

  10. #10
    Junior Member
    Join Date
    Jun 2008
    Posts
    7

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •