Page 3 of 3 FirstFirst 123
Results 21 to 22 of 22

Thread: Possible False Positive? Win32.SharaQQ.30

  1. #21
    Senior Member Yodama's Avatar
    Join Date
    Oct 2005
    Location
    Buchenheim
    Posts
    1,110

    Default

    Quote Originally Posted by jgs57 View Post
    Well I have never used TweakXP so what should I do? Are there other program involved using that file? Everything seems to be working OK right now.
    It is possible that an other application brought this SVKP service with it. However no current application appears to be using it. If all of your applications work fine you can leave it as is.
    born in the shadow to die in the shadow, that is the fate of the shinobi

    Spybot S&D Downloads

    Please help us improve Spybot and download our distributed testing client.

  2. #22
    Junior Member
    Join Date
    Jul 2009
    Location
    Puget Sound, Washington USA
    Posts
    2

    Default

    Firstly: mega-kudo's to Salim38 for your diligence in this matter. On this occasion, I simply wasn't curious enough to invest the time necessary to perform the unavoidable, labor intensive deduction you accomplished in order to determine the source program, but I'm very appreciative you were. Not coincidentally, I indeed previously had the TweakXP utility installed on my target system (~2 years ago).

    Secondly: kudo's also to Yodama for the professionalism shown in admitting error ... "So I have to admit that I was wrong here". Because frankly, that statement is not true. You didn't "HAVE to admit" you were wrong, but rather, in a timely and direct manner, you CHOSE to. That PROVES character, whereas merely being right proves nothing other than you happen to be right.

    Thirdly: to jgs57 ... is it possible that like me, your system did (past tense) have TweakXP installed at some point? After all, as I stated and detailed in my first post, your scan disposition is IDENTICAL to mine: the filename, path, filesize, REG-keys, and (most importantly), MD5 checksum's all match. Therefore, ipso-facto, if I'm OK, then you're OK. Regardless, if you have already allowed SpyBot S&D to "fix" and quarantine the subject file and REG-keys, AND you have not experienced any repercussion (as you report), my advice would be simply to leave in quarantine ... or hell, restore ... either way, it "ain't no thang".

    Lastly: For what it's worth, I did come across one rather old 2005 forum discussion related to SVKP.sys as a malware. Its particular M.O. (modus operandi) was to place one or more of the following files on your system drive:

    msdirectx.sys
    xz.bat
    lockx.exe

    If so inclined, simply execute a search on your system drive (typically C:\) for these files (msdirectx.sys OR xz.bat OR lockx.exe), and if not found, you can safely rule that remote possibility out.
    "Today's the best day of my life ... and now you're part of it!"

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •