False infections?

Discussion in 'Windows Vista General Discussion' started by Danny, Jan 12, 2007.

  1. Danny

    Danny Guest

    I just got round to scanning my system, and I have to say I'm coming up with
    quite a lot of disturbing infections when adware scanners have a look, but
    NOD32 doesn't see any of them.

    Spywarebot (which may or may not be legit itself) claims sysmain.dll is
    infected by smitfraud. Nothing else picks up this infection.

    Noadware reckons wininit.exe is infected by rbot-fkm. When I tried to
    'clean' this, the system gave me a nice bluescreen and complained about
    something happening to Windows Initialisation.

    Thing is though, are these reports false? Are these programs being fooled by
    Vista in some way?

    I'm not sure whether to be paranoid or not.

    Appreciate some advice.
     
    Danny, Jan 12, 2007
    #1
    1. Advertisements

  2. Those reports are likely to be false positives since only one
    application detects it. False positives happen from time to time. I'd
    be wary when messing with files like wininit or winlogon. They can
    cause the system to crash if the process is killed.

    P.S. - I found if spyware has managed to attach itself to winlogon.exe
    then you are pretty screwed in terms of removing it...
     
    Robert Pendell, Jan 12, 2007
    #2
    1. Advertisements

  3. Are you noticing any activity on your PC that leads you to believe it is
    infected? With all of the security changes in Vista, I would not use any
    adware/spyware scanner unless the tool has been updated to specifically work
    with Vista. Vista has built into it Windows Defender. It's definitions get
    updated automatically via Windows Update. Do a full scan with Windows
    Defender if you are concerned.

    Outside of that, the only major adware/spyware scanner that I am aware of
    that claims to support Vista is Spybot Search & Destroy from
    http://www.safer-networking.org/. But so far on my Vista machines I have
    found no need to install anything for adware/spyware other than what comes
    with Vista.

    AV protection is different and you should install a Vista compatible AV
    product, which you have in NOD32.
     
    Tom Porterfield, Jan 12, 2007
    #3
  4. Danny

    Danny Guest

    I'm not exactly keen on giving it the benefit of the doubt, but I may have
    no option.

    I'd
    Correct. As I found out to my cost.
    Thankfully that one appears uninfected.
     
    Danny, Jan 12, 2007
    #4
  5. Danny

    Danny Guest

    Yes. One of the Svhost.exe modules is occasionally active more than it
    should be. Unless of course there's a legitimate reason for this.
    Yup, as a consequence of your advice, I'm doing exactly that.
    Yes, I too have this installed - it actually reported two of the other
    adscanners (noadware and spywarebot) as adware!
    And word surrounding it is it's very reliable. So I trust it.
    I swear by it and wouldn't touch any other AV.

    Thanks for the reply.
     
    Danny, Jan 12, 2007
    #5
  6. Danny

    Danny Guest

    I have done that now, and it found nothing. I also disabled the svchost
    process which was guilty of all the activity, and the system seems to be ok
    now.
     
    Danny, Jan 13, 2007
    #6
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.