A
Anonymous Bob
I perceive a need for better threat analysis and much better consistency in
now items are reported.
My connection is wireless and PCANDIS5.SYS is part of that connection. If
it's deleted I would be dead in the water. The advice below to immediately
remove this file is very misguided and will cause many users extreme pain as
this file is widely used by many vendors.
**From the history display:
Description:
This program has potentially unwanted behavior.
Advice:
Allow this detected item only if you trust the program or the software
publisher.
Resources:
driver:
PCANDIS5
file:
F:\WINNT\system32\PCANDIS5.SYS
Category:
Not Yet Classified
**From the Event log:
Event Type: Warning
Event Source: WinDefend
Event Category: None
Event ID: 3004
Date: 3/13/2006
Time: 7:25:21 PM
User: N/A
Computer: You don't need to know that.<g>
Description:
Windows Defender Real-Time Protection agent has detected potential malware.
For more information please see the following:
http://www.microsoft.com
Scan ID: {902C1C5B-E401-4205-99BC-CD8F9538F2F8}
User: You don't need to know that, either.<g>
Threat Name: Unknown
Threat Id:
Threat Severity:
Threat Category:
Path Found: driver
CANDIS5;file:F:\WINNT\system32\PCANDIS5.SYS
Threat Classification: Unknown
Detection Type:
Event Type: Information
Event Source: WinDefend
Event Category: None
Event ID: 3005
Date: 3/13/2006
Time: 7:25:21 PM
User: N/A
Computer: You don't need to know that.<g>
Description:
Windows Defender Real-Time Protection agent has taken action to protect
this machine from potential malware.
For more information please see the following:
http://www.microsoft.com
Scan ID: {902C1C5B-E401-4205-99BC-CD8F9538F2F8}
User: You don't need to know that.<g>
Threat Name: Unknown
Threat Id:
Threat Severity:
Threat Category:
Threat Classification: Unknown
Action: Ignore
**From allowed items:
It's identified as Winlog with the following:
Description:
This program has potentially unwanted behavior.
Advice:
Remove this software immediately.
Resources:
Not available
Category:
Trojan
Respectfully,
Bob Vanderveen
now items are reported.
My connection is wireless and PCANDIS5.SYS is part of that connection. If
it's deleted I would be dead in the water. The advice below to immediately
remove this file is very misguided and will cause many users extreme pain as
this file is widely used by many vendors.
**From the history display:
Description:
This program has potentially unwanted behavior.
Advice:
Allow this detected item only if you trust the program or the software
publisher.
Resources:
driver:
PCANDIS5
file:
F:\WINNT\system32\PCANDIS5.SYS
Category:
Not Yet Classified
**From the Event log:
Event Type: Warning
Event Source: WinDefend
Event Category: None
Event ID: 3004
Date: 3/13/2006
Time: 7:25:21 PM
User: N/A
Computer: You don't need to know that.<g>
Description:
Windows Defender Real-Time Protection agent has detected potential malware.
For more information please see the following:
http://www.microsoft.com
Scan ID: {902C1C5B-E401-4205-99BC-CD8F9538F2F8}
User: You don't need to know that, either.<g>
Threat Name: Unknown
Threat Id:
Threat Severity:
Threat Category:
Path Found: driver
CANDIS5;file:F:\WINNT\system32\PCANDIS5.SYSThreat Classification: Unknown
Detection Type:
Event Type: Information
Event Source: WinDefend
Event Category: None
Event ID: 3005
Date: 3/13/2006
Time: 7:25:21 PM
User: N/A
Computer: You don't need to know that.<g>
Description:
Windows Defender Real-Time Protection agent has taken action to protect
this machine from potential malware.
For more information please see the following:
http://www.microsoft.com
Scan ID: {902C1C5B-E401-4205-99BC-CD8F9538F2F8}
User: You don't need to know that.<g>
Threat Name: Unknown
Threat Id:
Threat Severity:
Threat Category:
Threat Classification: Unknown
Action: Ignore
**From allowed items:
It's identified as Winlog with the following:
Description:
This program has potentially unwanted behavior.
Advice:
Remove this software immediately.
Resources:
Not available
Category:
Trojan
Respectfully,
Bob Vanderveen