Could this be a False positive?

  • Thread starter Thread starter Luis I. Gomez
  • Start date Start date
L

Luis I. Gomez

Holar.G Trojan more information...
Status: Ignored
High threat - High risk threats typically are remotely
exploitable vulnerabilities, which can lead to system
compromise. Successful exploitation does not normally
require any interaction. May open up communication ports,
use polymorphic tactics, stealth installations, and/or
anti-spy counter measures. May us a security flaw in the
operating system to gain access to your computer.

Infected registry keys/values detected
HKEY_CLASSES_ROOT\clsid\{3df2ae35-26a8-11d4-bdd2-
00104bfec09f}
HKEY_CLASSES_ROOT\clsid\{3df2ae35-26a8-11d4-bdd2-
00104bfec09f}\VERSION 7.0
HKEY_CLASSES_ROOT\clsid\{3df2ae35-26a8-11d4-bdd2-
00104bfec09f} SMTPControl.SMTP
HKEY_CLASSES_ROOT\smtpcontrol.smtp
HKEY_CLASSES_ROOT\smtpcontrol.smtp\Clsid {3DF2AE35-26A8-
11D4-BDD2-00104BFEC09F}
HKEY_CLASSES_ROOT\smtpcontrol.smtp SMTPControl.SMTP
HKEY_CLASSES_ROOT\typelib\{3df2ae33-26a8-11d4-bdd2-
00104bfec09f}
HKEY_CLASSES_ROOT\typelib\{3df2ae33-26a8-11d4-bdd2-
00104bfec09f}\7.0\0\win32 C:\WINDOWS\system32\SMTP.ocx
HKEY_CLASSES_ROOT\typelib\{3df2ae33-26a8-11d4-bdd2-
00104bfec09f}\7.0\FLAGS 2
HKEY_CLASSES_ROOT\typelib\{3df2ae33-26a8-11d4-bdd2-
00104bfec09f}\7.0\HELPDIR C:\WINDOWS\system32
HKEY_CLASSES_ROOT\typelib\{3df2ae33-26a8-11d4-bdd2-
00104bfec09f}\7.0 SMTPControl
HKEY_CLASSES_ROOT\clsid\{3df2ae35-26a8-11d4-bdd2-
00104bfec09f}\Control
HKEY_CLASSES_ROOT\clsid\{3df2ae35-26a8-11d4-bdd2-
00104bfec09f}\InprocServer32 C:\WINDOWS\system32\SMTP.ocx
HKEY_CLASSES_ROOT\clsid\{3df2ae35-26a8-11d4-bdd2-
00104bfec09f}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\clsid\{3df2ae35-26a8-11d4-bdd2-
00104bfec09f}\MiscStatus\1 148881
HKEY_CLASSES_ROOT\clsid\{3df2ae35-26a8-11d4-bdd2-
00104bfec09f}\MiscStatus 0
HKEY_CLASSES_ROOT\clsid\{3df2ae35-26a8-11d4-bdd2-
00104bfec09f}\ProgID SMTPControl.SMTP
HKEY_CLASSES_ROOT\clsid\{3df2ae35-26a8-11d4-bdd2-
00104bfec09f}\ToolboxBitmap32 C:\WINDOWS\system32
\SMTP.ocx, 30000
HKEY_CLASSES_ROOT\clsid\{3df2ae35-26a8-11d4-bdd2-
00104bfec09f}\TypeLib {3DF2AE33-26A8-11D4-BDD2-
00104BFEC09F}



The component came from:
http://www.ostrosoft.com/smtp_component/smtp_vb.asp


It is a component created for sending E-Mail via an SMTP
server, and I imagine it could be abused by other
programs, but alone, it is not a trojan
 
You might let the folks at Ostrosoft know about the issue, and see what you
can do to verify that what you have in place is the code as they distribute
it.

There's a vendor dispute form at the end of this KB article:

http://support.microsoft.com/kb/892340 Microsoft Windows AntiSpyware (Beta)
identifies a program as a spyware threat (Listing criteria and Dispute
process)

which they can use to get in touch with Microsoft about the false positive
on their product.
 
Back
Top