a-square false positives?

[swarfega]

I am wondering about some of a-squares findings on my latest scan. Things like winamp and win7codecs muc surely be clean:

a-squared Free - Version 4.5
Last update: 27/01/2010 12:24:14

Scan settings:

Scan type: Smart Scan
Objects: Memory, Traces, Cookies, C:\Windows\, C:\Program Files (x86)
Scan archives: On
Heuristics: Off
ADS Scan: On

Scan start: 27/01/2010 12:27:47

Value: HKEY_CLASSES_ROOT\CLSID\{44EEAD9B-4EB1-4236-83BC-1273BB4B01EF} --> AppID detected: Trace.Registry.PC Doc Pro!A2
Value: HKEY_CLASSES_ROOT\CLSID\{44EEAD9B-4EB1-4236-83BC-1273BB4B01EF}\InprocServer32 --> ThreadingModel detected: Trace.Registry.PC Doc Pro!A2
Value: HKEY_CLASSES_ROOT\CLSID\{6C9CA10D-E604-47FB-A2F9-C9A013193609}\InProcServer32 --> ThreadingModel detected: Trace.Registry.PC Doc Pro!A2
Value: HKEY_CLASSES_ROOT\CLSID\{892F787F-B650-4A3E-AA5B-2B8021CE4D0A} --> AppID detected: Trace.Registry.PC Doc Pro!A2
Value: HKEY_CLASSES_ROOT\CLSID\{892F787F-B650-4A3E-AA5B-2B8021CE4D0A}\InprocServer32 --> ThreadingModel detected: Trace.Registry.PC Doc Pro!A2
Value: HKEY_CLASSES_ROOT\CLSID\{A0B0E5AB-617C-4A7D-8A94-9937D24B6670} --> AppID detected: Trace.Registry.PC Doc Pro!A2
Value: HKEY_CLASSES_ROOT\CLSID\{A0B0E5AB-617C-4A7D-8A94-9937D24B6670}\InprocServer32 --> ThreadingModel detected: Trace.Registry.PC Doc Pro!A2
Value: HKEY_CLASSES_ROOT\CLSID\{B34CCD89-D1CD-4F9A-BA6C-936BA7F7A239} --> AppID detected: Trace.Registry.PC Doc Pro!A2
Value: HKEY_CLASSES_ROOT\CLSID\{B34CCD89-D1CD-4F9A-BA6C-936BA7F7A239}\InprocServer32 --> ThreadingModel detected: Trace.Registry.PC Doc Pro!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44EEAD9B-4EB1-4236-83BC-1273BB4B01EF} --> AppID detected: Trace.Registry.PC Doc Pro!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44EEAD9B-4EB1-4236-83BC-1273BB4B01EF}\InprocServer32 --> ThreadingModel detected: Trace.Registry.PC Doc Pro!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6C9CA10D-E604-47FB-A2F9-C9A013193609}\InProcServer32 --> ThreadingModel detected: Trace.Registry.PC Doc Pro!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{892F787F-B650-4A3E-AA5B-2B8021CE4D0A} --> AppID detected: Trace.Registry.PC Doc Pro!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{892F787F-B650-4A3E-AA5B-2B8021CE4D0A}\InprocServer32 --> ThreadingModel detected: Trace.Registry.PC Doc Pro!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A0B0E5AB-617C-4A7D-8A94-9937D24B6670} --> AppID detected: Trace.Registry.PC Doc Pro!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A0B0E5AB-617C-4A7D-8A94-9937D24B6670}\InprocServer32 --> ThreadingModel detected: Trace.Registry.PC Doc Pro!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B34CCD89-D1CD-4F9A-BA6C-936BA7F7A239} --> AppID detected: Trace.Registry.PC Doc Pro!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B34CCD89-D1CD-4F9A-BA6C-936BA7F7A239}\InprocServer32 --> ThreadingModel detected: Trace.Registry.PC Doc Pro!A2
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@247realmedia[2].txt detected: Trace.TrackingCookie.247realmedia!A2
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@adtech[1].txt detected: Trace.TrackingCookie.adtech!A2
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@advertising[1].txt detected: Trace.TrackingCookie.advertising!A2
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@bluestreak[1].txt detected: Trace.TrackingCookie.bluestreak!A2
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt detected: Trace.TrackingCookie.bs.serving-sys!A2
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@casalemedia[1].txt detected: Trace.TrackingCookie.casalemedia!A2
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@com[2].txt detected: Trace.TrackingCookie.com!A2
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@doubleclick[1].txt detected: Trace.TrackingCookie.doubleclick!A2
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@fastclick[1].txt detected: Trace.TrackingCookie.fastclick!A2
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@mediaplex[1].txt detected: Trace.TrackingCookie.mediaplex!A2
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@questionmarket[1].txt detected: Trace.TrackingCookie.questionmarket!A2
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@serving-sys[2].txt detected: Trace.TrackingCookie.serving-sys!A2
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@tradedoubler[1].txt detected: Trace.TrackingCookie.tradedoubler!A2
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@tribalfusion[1].txt detected: Trace.TrackingCookie.tribalfusion!A2
C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3635.32303__90ba9c70f846762e\CLI.Component.Dashboard.DLL detected: Trojan-PWS.Win32.FakeAIM!IK
C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3635.32378__90ba9c70f846762e\CLI.Component.Systemtray.DLL detected: Trojan-PWS.Win32.FakeAIM!IK
C:\Program Files (x86)\ArcSoft\TotalMedia Theatre 3\Codec\BDAVNav.ax detected: Win32.SuspectCrc!IK
C:\Program Files (x86)\ArcSoft\TotalMedia Theatre 3\Codec\HDVDNavFilter.ax detected: Win32.SuspectCrc!IK
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Implementation\CLI.Component.Dashboard.dll detected: Trojan-PWS.Win32.FakeAIM!IK
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Implementation\CLI.Component.Systemtray.dll detected: Trojan-PWS.Win32.FakeAIM!IK
C:\Program Files (x86)\FileZilla FTP Client\uninstall.exe detected: Adware.Win32.ALOTToolbar!A2
C:\Program Files (x86)\Win7codecs\Tools\Settings32.exe detected: Packed.Win32.Autoit!A2
C:\Program Files (x86)\Winamp\UninstWA.exe detected: Adware.Win32.ALOTToolbar!A2
C:\Program Files (x86)\Winamp\Uninst_Win7Shell.exe detected: Adware.Win32.ALOTToolbar!A2

 

[swarfega]

no opinions?

 

[swarfega]

Well Ive made the decision to act only on the cookies and leave the programs alone. MSE should pick up any virii I might have.

 

[Airbot]

I can give you an opinion. During the times I've used a squared off and on over the years it's been around, it's not been shy with giving me false positives. Likes to flag safe system or other harmless files as malicious. Before letting it remove anything, I would investigate the file/s it's flagging, and maybe double check with another scanner/s, upload some of those files to virustotal and check against all the other scanners.

 

[swarfega]

yeah I read each one before removing the cookies. Ive left the programs alone. Thanks for the input.