a-squared scan query and Safe Mode in Windows XP

  CurlyWhirly 01:02 26 Jul 2005

I have a possible 'false positive' that was found by running the a-squared scanner namely Antivirus Gold.

click here

I am unsure whether it is a false positive or not but I don't think it is as after doing a Google search I came across a website that mentioned 3 HJT entries namely:

O4 - HKLM\..\Run: [AntivirusGold] C:\Program Files\AntivirusGold\AntivirusGold.exe /h

O4 - HKCU\..\Run: [Intel system tool] C:\WINDOWS\System32\winnook.exe

O4 - HKCU\..\Run: [Intel system tool] C:\WINDOWS\System32\hookdump.exe

After running Hijack This I checked my log and couldn't find these 3 entries so I assume I am clean?

Just to satisfy my curiosity I ran the a-squared scanner in SAFE MODE and when I did this NOTHING was found!

How is this possible?
As it WASN'T found in Safe Mode does this indicate that the suspicious entry IS a false positive after all?

p.s. I have asked this question on the a-squared forum but have so far not received a reply :0(

  Andsome 08:44 26 Jul 2005

Have a look here.

click here=

  CurlyWhirly 10:17 26 Jul 2005

Thanks Andsome but before I do anything I would like to know if it's a false positive or not as last time a-squared highlighted malware it turned out to be false.

  Completealias 13:06 26 Jul 2005

Have you tried checking the registry entry manually? It does state at bleeping computer click here that all those 04 entries may not be present.

Also there are somethings on that list that you may want to check for manually as well. Do you have any other symptons?

  stalion 13:09 26 Jul 2005

it could be a false positive run spybot it's geared for anti-virus gold
click here

  tonyx1302 15:54 26 Jul 2005

I am not going to be of any help to you with your problem other than to say I have exactly the same read out as you after running A2. I had the virus AntivirusGold but thanks to Nellie2 great help, my pc see is once again clean and running smoothly.
The only thing wrong is that I cannot get rid of the same problem as you have, unless after running A2 I delete it, but once I have re booted it always comes back again.I have run everything trying to delete it but it always comes back

Nellie2 tells me it is a 'orphan positive'(???) and it is not doing any harm so it is okay to leave well alone and as I am not experienced enough to go deep into the register and I don't want to trouble Nellie2 again, everytime I run A2 I just delete it. I would though love to get rid of the blessed thing for once and for all.
If you check out my recent post'AntivirusGold' ( sorry don't know how to put the 'click here' thing in ) there may be something there that may be of help.


  CurlyWhirly 00:17 27 Jul 2005

[QUOTE]Have you tried checking the registry entry manually?

Yes I searched the whole registry but nothing was found. This is good news.

  CurlyWhirly 00:25 27 Jul 2005

I ran SpyBot as I haven't run it for over a week and the only 2 entries it found were:

click here

I *think* this is related to my recent choice to disable the Microsoft Security Center option in Administrative tools as I now use the McAfee Security Center instead with a red (or black if disabled) square on the Windows desktop?

If this *is* the case and SpyBot doesn't detect it using the latest updates then it really *must* be a false positive?

  CurlyWhirly 00:29 27 Jul 2005

Nellie2 told me the exact same thing and I (like you) don't really want to delve into the registry either!

I must admit that I haven't deleted the entry yet as it isn't doing any harm as I have NO other symptoms (as Completealias asked above).
By what you have said the entry would keep on coming back anyway!

I will treat this as a 'false positive' but leave this thread open for a bit longer before I green tick it! :0)

  tonyx1302 11:17 27 Jul 2005

I have just opened up your original post to see if any further light had been shed and noted from the time of your last post that you were burning the midnight oil! The problem gave me a few sleepless nights also but am getting used to living with it as there doesn't seem an answer.

Surely there must be a way ( not to technical )of deleting once and for all


  CurlyWhirly 11:36 27 Jul 2005

Yes I think we have to wait for an a-squared update?
I don't even know whether it's a false positive or not but I assume it *is* as SpyBot didn't pick it up so I will green tick!

By the way it *wasnt* this problem that was giving me sleepless nights, it was the fact that after my afternoon shift ended at 10pm last night, I had to do a bit of surfing before I went to bed! lol

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Xiaomi Mi Mix 2 review

What went wrong at the Designs of the Year 2017

iPhone X news: Release date, price, new features & specs

Comment regarder des séries et talk-shows américains en France ?