False infections?

  • Thread starter Thread starter Danny
  • Start date Start date
D

Danny

I just got round to scanning my system, and I have to say I'm coming up with
quite a lot of disturbing infections when adware scanners have a look, but
NOD32 doesn't see any of them.

Spywarebot (which may or may not be legit itself) claims sysmain.dll is
infected by smitfraud. Nothing else picks up this infection.

Noadware reckons wininit.exe is infected by rbot-fkm. When I tried to
'clean' this, the system gave me a nice bluescreen and complained about
something happening to Windows Initialisation.

Thing is though, are these reports false? Are these programs being fooled by
Vista in some way?

I'm not sure whether to be paranoid or not.

Appreciate some advice.
 
Danny said:
I just got round to scanning my system, and I have to say I'm coming up
with quite a lot of disturbing infections when adware scanners have a
look, but NOD32 doesn't see any of them.

Spywarebot (which may or may not be legit itself) claims sysmain.dll is
infected by smitfraud. Nothing else picks up this infection.

Noadware reckons wininit.exe is infected by rbot-fkm. When I tried to
'clean' this, the system gave me a nice bluescreen and complained about
something happening to Windows Initialisation.

Thing is though, are these reports false? Are these programs being
fooled by Vista in some way?

I'm not sure whether to be paranoid or not.

Appreciate some advice.
Click to expand...

Those reports are likely to be false positives since only one
application detects it. False positives happen from time to time. I'd
be wary when messing with files like wininit or winlogon. They can
cause the system to crash if the process is killed.

P.S. - I found if spyware has managed to attach itself to winlogon.exe
then you are pretty screwed in terms of removing it...
 
Danny said:
I just got round to scanning my system, and I have to say I'm coming up
with quite a lot of disturbing infections when adware scanners have a
look, but NOD32 doesn't see any of them.

Spywarebot (which may or may not be legit itself) claims sysmain.dll is
infected by smitfraud. Nothing else picks up this infection.

Noadware reckons wininit.exe is infected by rbot-fkm. When I tried to
'clean' this, the system gave me a nice bluescreen and complained about
something happening to Windows Initialisation.

Thing is though, are these reports false? Are these programs being fooled
by Vista in some way?

I'm not sure whether to be paranoid or not.
Click to expand...

Are you noticing any activity on your PC that leads you to believe it is
infected? With all of the security changes in Vista, I would not use any
adware/spyware scanner unless the tool has been updated to specifically work
with Vista. Vista has built into it Windows Defender. It's definitions get
updated automatically via Windows Update. Do a full scan with Windows
Defender if you are concerned.

Outside of that, the only major adware/spyware scanner that I am aware of
that claims to support Vista is Spybot Search & Destroy from
http://www.safer-networking.org/. But so far on my Vista machines I have
found no need to install anything for adware/spyware other than what comes
with Vista.

AV protection is different and you should install a Vista compatible AV
product, which you have in NOD32.
 
Robert Pendell said:
Those reports are likely to be false positives since only one
application detects it. False positives happen from time to time.
Click to expand...

I'm not exactly keen on giving it the benefit of the doubt, but I may have
no option.

I'd
be wary when messing with files like wininit or winlogon. They can
cause the system to crash if the process is killed.
Click to expand...

Correct. As I found out to my cost.
P.S. - I found if spyware has managed to attach itself to winlogon.exe
then you are pretty screwed in terms of removing it...
Click to expand...

Thankfully that one appears uninfected.
 
Tom Porterfield said:
Are you noticing any activity on your PC that leads you to believe it is
infected?
Click to expand...

Yes. One of the Svhost.exe modules is occasionally active more than it
should be. Unless of course there's a legitimate reason for this.
With all of the security changes in Vista, I would not use any
adware/spyware scanner unless the tool has been updated to specifically
work with Vista. Vista has built into it Windows Defender. It's
definitions get updated automatically via Windows Update. Do a full scan
with Windows Defender if you are concerned.
Click to expand...

Yup, as a consequence of your advice, I'm doing exactly that.
Outside of that, the only major adware/spyware scanner that I am aware of
that claims to support Vista is Spybot Search & Destroy from
http://www.safer-networking.org/.
Click to expand...

Yes, I too have this installed - it actually reported two of the other
adscanners (noadware and spywarebot) as adware!
And word surrounding it is it's very reliable. So I trust it.
But so far on my Vista machines I have found no need to install anything
for adware/spyware other than what comes with Vista.

AV protection is different and you should install a Vista compatible AV
product, which you have in NOD32.
Click to expand...

I swear by it and wouldn't touch any other AV.

Thanks for the reply.
 
Tom Porterfield said:
Are you noticing any activity on your PC that leads you to believe it is
infected? With all of the security changes in Vista, I would not use any
adware/spyware scanner unless the tool has been updated to specifically
work with Vista. Vista has built into it Windows Defender. It's
definitions get updated automatically via Windows Update. Do a full scan
with Windows Defender if you are concerned.
Click to expand...

I have done that now, and it found nothing. I also disabled the svchost
process which was guilty of all the activity, and the system seems to be ok
now.
 
Back
Top