Sign in to follow this  
John_E

False Positive "Diaremover"

Recommended Posts

Using new 9-13-06 update have this showing up. Thread on DSL Reports/Security Forum thinks this is a false positive. I have not yet removed. Any official news on this?

 

Thanks...

 

Diaremover Object Recognized!

Type : Regkey

Data :

TAC Rating : 10

Category : Malware

Comment :

Rootkey : HKEY_USERS

Object : S-1-5-21-1935655697-1336601894-725345543-1004\software\microsoft\windows\currentversion\ext\stats\{72267f6a-a6f9-11d0-bc94-00c04fb67863}

Share this post


Link to post
Share on other sites

Same for me... :P

 

Started registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Diaremover Object Recognized!

Type : Regkey

Data :

TAC Rating : 10

Category : Malware

Comment :

Rootkey : HKEY_USERS

Object : S-1-5-21-242286658-708711241-2795454051-1008\software\microsoft\windows\currentversion\ext\stats\{72267f6a-a6f9-11d0-bc94-00c04fb67863}

 

Registry Scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 1

Objects found so far: 1

Share this post


Link to post
Share on other sites

I ran a scan after downloading these new defs. and the following showed up:

 

Diaremover Object Recognized!

Type : Regkey

Data :

TAC Rating : 10

Category : Malware

Comment :

Rootkey : HKEY_USERS

Object :

S-1-5-21-3794558544-1586108263-2986091475-1007\software\microsoft\windows\currentversion\ext\stats\{72267f6a-a6f9-11d0-bc94-00c04fb67863}

 

Registry Scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 1

Objects found so far: 1

 

I qurantined the item but would like to know if this is a FALSE POSITIVE.

 

Thanks

Share this post


Link to post
Share on other sites

Same here. I ran a scan after downloading these new defs. and the following showed up:

 

Diaremover Object Recognized!

Type : Regkey

Data :

TAC Rating : 10

Category : Malware

Comment :

Rootkey : HKEY_USERS

Object :

S-1-5-21-3794558544-1586108263-2986091475-1007\software\microsoft\windows\currentversion\ext\stats\{72267f6a-a6f9-11d0-bc94-00c04fb67863}

 

Registry Scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 1

Objects found so far: 1

 

I qurantined the item but would like to know if this is a FALSE POSITIVE.

 

Thanks

Share this post


Link to post
Share on other sites

Yes, I believe that is a False Positive. It has been reported and Research will take a look at it and issue an update if needed.

 

Meanwhile, we have had numerous reports on this so do not delete that item right now.

Share this post


Link to post
Share on other sites

Using the 9-13-06 update, I scanned today and found this variation of the Diaremover. Another false positive? I'm leaving it alone until Lavasoft reviews this regkey. Thanks for any info on this.

 

-----------------------------

Diaremover Object Recognized!

Type : Regkey

Data :

TAC Rating : 10

Category : Malware

Comment :

Rootkey : HKEY_USERS

Object : S-1-5-21-226701682-3786526400-3767819693-1006\software\microsoft\windows\currentversion\ext\stats\{72267f6a-a6f9-11d0-bc94-00c04fb67863}

 

--------------------------------

Share this post


Link to post
Share on other sites
SE1R123 14.09.2006 Is Now Available, New Definition file for Ad-Aware SE

 

============================================

Definition file Notification - Lavasoft News

============================================

SE1R123 14.09.2006

 

This fixes a False Positive in Diaremover

 

TY! :unsure:

Share this post


Link to post
Share on other sites

Thanks for reporting this everybody. Now that the issue has been resolved, I'll go ahead and move this and the other threads like it to the "resolved" section (read only). If you should have any further issues, please feel free to start a new topic. ^_^

Share this post


Link to post
Share on other sites
Sign in to follow this