Surface Pro (2017) vs Surface Pro 4
I have a possible 'false positive' that was found by running the a-squared scanner namely Antivirus Gold.
I am unsure whether it is a false positive or not but I don't think it is as after doing a Google search I came across a website that mentioned 3 HJT entries namely:
O4 - HKLM\..\Run: [AntivirusGold] C:\Program Files\AntivirusGold\AntivirusGold.exe /h
O4 - HKCU\..\Run: [Intel system tool] C:\WINDOWS\System32\winnook.exe
O4 - HKCU\..\Run: [Intel system tool] C:\WINDOWS\System32\hookdump.exe
After running Hijack This I checked my log and couldn't find these 3 entries so I assume I am clean?
Just to satisfy my curiosity I ran the a-squared scanner in SAFE MODE and when I did this NOTHING was found!
How is this possible?
As it WASN'T found in Safe Mode does this indicate that the suspicious entry IS a false positive after all?
p.s. I have asked this question on the a-squared forum but have so far not received a reply :0(
Thanks Andsome but before I do anything I would like to know if it's a false positive or not as last time a-squared highlighted malware it turned out to be false.
Have you tried checking the registry entry manually? It does state at bleeping computer click here that all those 04 entries may not be present.
Also there are somethings on that list that you may want to check for manually as well. Do you have any other symptons?
it could be a false positive run spybot it's geared for anti-virus gold
I am not going to be of any help to you with your problem other than to say I have exactly the same read out as you after running A2. I had the virus AntivirusGold but thanks to Nellie2 great help, my pc see is once again clean and running smoothly.
The only thing wrong is that I cannot get rid of the same problem as you have, unless after running A2 I delete it, but once I have re booted it always comes back again.I have run everything trying to delete it but it always comes back
Nellie2 tells me it is a 'orphan positive'(???) and it is not doing any harm so it is okay to leave well alone and as I am not experienced enough to go deep into the register and I don't want to trouble Nellie2 again, everytime I run A2 I just delete it. I would though love to get rid of the blessed thing for once and for all.
If you check out my recent post'AntivirusGold' ( sorry don't know how to put the 'click here' thing in ) there may be something there that may be of help.
[QUOTE]Have you tried checking the registry entry manually?
Yes I searched the whole registry but nothing was found. This is good news.
I ran SpyBot as I haven't run it for over a week and the only 2 entries it found were:
I *think* this is related to my recent choice to disable the Microsoft Security Center option in Administrative tools as I now use the McAfee Security Center instead with a red (or black if disabled) square on the Windows desktop?
If this *is* the case and SpyBot doesn't detect it using the latest updates then it really *must* be a false positive?
Nellie2 told me the exact same thing and I (like you) don't really want to delve into the registry either!
I must admit that I haven't deleted the entry yet as it isn't doing any harm as I have NO other symptoms (as Completealias asked above).
By what you have said the entry would keep on coming back anyway!
I will treat this as a 'false positive' but leave this thread open for a bit longer before I green tick it! :0)
I have just opened up your original post to see if any further light had been shed and noted from the time of your last post that you were burning the midnight oil! The problem gave me a few sleepless nights also but am getting used to living with it as there doesn't seem an answer.
Surely there must be a way ( not to technical )of deleting once and for all
Yes I think we have to wait for an a-squared update?
I don't even know whether it's a false positive or not but I assume it *is* as SpyBot didn't pick it up so I will green tick!
By the way it *wasnt* this problem that was giving me sleepless nights, it was the fact that after my afternoon shift ended at 10pm last night, I had to do a bit of surfing before I went to bed! lol
This thread is now locked and can not be replied to.