Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: False Positive? DriveCleaner 2006

13 May 2010   #1
TVeblen

Microsoft Community Contributor Award Recipient

Windows 7 64 Bit Home Premium SP1
 
 
False Positive? DriveCleaner 2006

Every time I run Spybot S&D it comes out clean except for one entry: DriveCleaner 2006, (SBI $7E4EDB6E) Class Id, located at HKCR > CLSID > InpocServer32(64 bit).

Clicking to "Fix Selected Problems" results in: "Some problems couldn't be fixed; the reason is that the associated files could still be in use (in memory). This could be fixed after a restart."
Restarting does nothing.

The only thing in the InprocServer32 key is:
C:\programs\AutoCad 2010\AdComFolder\watch.dll
> Threading Model: Both

I know DriveCleaner is a nasty piece of business, but I have scoured my system for any evidence of an infection and have found nothing.

I'm just checking to see if anyone here gets this to see if it is a known false positive result.

Thanks


My System SpecsSystem Spec
.
13 May 2010   #2
Bill2

Windows 7 x64 pro/ Windows 7 x86 Pro/ XP SP3 x86
 
 

Try following the instructions on this site.

Remove Drive Cleaner, removal instructions
My System SpecsSystem Spec
13 May 2010   #3
Bill

Windows 7 Enterprise x64
 
 

Did you try scanning with malwarebytes?

Bill
My System SpecsSystem Spec
.

13 May 2010   #4
kucing13

 

ive faced the same prob only with different string on my reg. CC cleaner failed to delete it and so as other software. i tried manual delete on regedit,failed. last, i just left it there as my system still works normal. As long the dead reg didn't give any problems, i just let it sit silent there
My System SpecsSystem Spec
13 May 2010   #5
Dinesh

Windows® 8 Pro (64-bit)
 
 

My System SpecsSystem Spec
13 May 2010   #6
TVeblen

Microsoft Community Contributor Award Recipient

Windows 7 64 Bit Home Premium SP1
 
 

Thing is... I have run many AV's and cleaners and they don't detect anything. Only Spybot. And I have gone down that list of files, folders, and registry keys that are associated with the actual worm with a manual search and none of them show up. And none of the processes associated with DriveCleaner are running. I am pretty sure the system is clean.

I am wondering if Spybot is looking at that watch.dll file and confusing it for DriveCleaner.
My System SpecsSystem Spec
17 May 2010   #7
TVeblen

Microsoft Community Contributor Award Recipient

Windows 7 64 Bit Home Premium SP1
 
 
Follow Up

I posted this issue on Safer Networking's "False Positives" forum, including a key description:
"In my HKCR > CLSID > InProcServer32 registry key I do have this:
C:\Programs\AutoCAD 2010\AdComFolder\Watch.dll
Threading Model: Both
Could this be the cause of a false positive for Drive Cleaner 2006?"

And I got this response:

"
hello,

thank you for reporting this issue.
It is quite unexpected to have any legit software with a registry entry at

Code:
HKEY_CLASSES_ROOT\CLSID\InprocServer32

We will regard this as a false positive, it will be corrected with the next detection update scheduled for Wednesday 2010-05-19."
My System SpecsSystem Spec
17 May 2010   #8
CarlTR6

Windows 7 Ultimate 32 bit
 
 

Quote   Quote: Originally Posted by TVeblen View Post
I posted this issue on Safer Networking's "False Positives" forum, including a key description:
"In my HKCR > CLSID > InProcServer32 registry key I do have this:
C:\Programs\AutoCAD 2010\AdComFolder\Watch.dll
Threading Model: Both
Could this be the cause of a false positive for Drive Cleaner 2006?"

And I got this response:

"
hello,

thank you for reporting this issue.
It is quite unexpected to have any legit software with a registry entry at

Code:
HKEY_CLASSES_ROOT\CLSID\InprocServer32

We will regard this as a false positive, it will be corrected with the next detection update scheduled for Wednesday 2010-05-19."
That was a good reply from them and an appropriate response.
My System SpecsSystem Spec
17 May 2010   #9
philosofik

64-bit
 
 

I have just gone through this exact same thing, until I thankfully came across this thread! HAHAHAHA

...Sevenforums saves the day... AGAIN
My System SpecsSystem Spec
17 May 2010   #10
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

It's always best to go to the program's forum and ask!
My System SpecsSystem Spec
Reply

 False Positive? DriveCleaner 2006




Thread Tools




Similar help and support threads
Thread Forum
AVAST False Positive?
I started up my computer and Dell Backup and Recovery started by itself as usual and all of a sudden AVAST moved a file associated with Dell Backup and Recovery that was in the folder for it. Is this a false positive or is it actually malware? The reason why I am keeping this software that could be...
System Security
False positive or real
On several browsers, Avast is alerting with this message when I use my browser to check my juno email. There is nothing in my inbox or other folders at the time. AV says it has blocked a possible virus. :confused: ...
System Security
Malwarebytes False Positive
HKCU\Software\Microsoft\Windows\CurrentVersion\Run (Trojan.Agent) Got this alert on both my systems after Malwarebytes updated to database v2012.06.14.01. In just a few minuets Malwarebytes had two updates. The latest is v2012.06.14.03 and the alert is gone. I guess they got there definition...
System Security
Is this a false positive?
Hi Folks, Just wondering if anyone else has had this particular situation....I ve attached two "bad boys" MSE detected...so here's the interesting scenario (at least for me!)...it was caught by MSE while or just after (literally mintues after) I did a full scan using Malwarebytes....and the...
System Security
False positive
How do I add a exception in norton 2011 Internet security?
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 01:39.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App