emmon.exe

Last post 07-31-2009 10:30 AM by vkundakci. 3 replies.

Page 1 of 1 (4 items)
	Sort Posts: Previous Next

07-31-2009 7:37 AM

vkundakci
Joined on 12-25-2008
Posts 27

emmon.exe

Reply Contact

I have suddenly gotten 4 cases of Trojan (malware found) for emmon.exe in 4 different directories of Pinnacle's PCTV. I have had this software installed on my system for months, so I suspect the latest AV updates are causing this. Are these false positives? Thanks. /V


Malware Name	W32/Harnig.LKO
Triggered by	C:\WINDOWS\system32\DRVSTORE\PCTVEMPV_2F7BD2C4E47BED8624A9FFC3F25FE600C17EEB60\emMON.exe

Malware Name	W32/Harnig.LKO
Triggered by	C:\Program Files\Pinnacle\TVCenter Pro\Drivers\PCTVEMP\emmon.exe

Malware Name	W32/Harnig.LKO
Triggered by	C:\Documents and Settings\Vace\Pinnacle\TVCenterProSetup\Driver\PCTV 70e 80e 100e 320e 330e 800e\32 bit\emmon.exe

Malware Name	W32/Harnig.LKO
Triggered by	C:\Documents and Settings\Vace\Pinnacle\TVCenterProSetup\Driver\PCTV 70e 80e 100e 320e 330e 800e\64 bit\emmon.exe

Filed under: emmon.exe

07-31-2009 7:41 AM In reply to

Blue1978
Joined on 06-07-2007
Posts 1,181

Re: emmon.exe

Reply Contact

vkundakci:
Are these false positives?

More than likely if you have had the software that long. Take a look at the post located here about retrieving quarantined files in Blink and taking action on them:

http://forums.eeye.com/forums/t/1058.aspx

07-31-2009 7:58 AM In reply to

vkundakci
Joined on 12-25-2008
Posts 27

Re: emmon.exe

Reply Contact

Blue1978:

vkundakci:
Are these false positives?

More than likely if you have had the software that long. Take a look at the post located here about retrieving quarantined files in Blink and taking action on them:

http://forums.eeye.com/forums/t/1058.aspx

Thanks. This are the same instructions you get when you look at the Blink log entries, right?

By the way, I also got a new spyware notification during the latest scan which is also new and confusing since the specified registry key is not found nor Blink was able to disinfect. I think the AV definiitions that were loaded yesterday afternoon are a little broken.

Also note that the backslash is missing in the registry key. I don't know if that is always the case.

Is this the right support forum to discuss these issues? /V

body { background-image: url("C:\Program Files\eEye Digital Security\Blink\Templates\watermark.gif"); background-repeat: no-repeat; background-attachment: fixed; background-position: bottom right; } .Grid .value { border-bottom: 1px solid #f0f0f0; }

Malware : Malware found - FraudLoad.do

7/30/2009 11:13:15 PM

Event ID:

BLINK-MAL-205

Severity:

High

Description:

Blink has found a malware application

Alert:

Yes

MalwareID:

1582

Name:

FraudLoad.do

Item found:

HKEY_LOCAL_MACHINESOFTWARE\Classes\TacOnlyOne

Action:

Repair

Second Action:

Quarantine

Malware Description:

This is a unwanted rogue security program that claims it detects and removes viruses; spyware and intruders; yet it is bundled other malware.

Category:

Spyware

Malware : Malware disinfection error

7/30/2009 11:13:18 PM

Event ID:

BLINK-ENG-203

Severity:

High

Description:

Blink has failed to disinfect a malware package

Alert:

MalwareID:

1582

Name:

FraudLoad.do

Action:

Disinfection Error

Item Found:

HKEY_LOCAL_MACHINESOFTWARE\Classes\TacOnlyOne

Error:

The system cannot open the file.

07-31-2009 10:30 AM In reply to

vkundakci
Joined on 12-25-2008
Posts 27

Re: emmon.exe

Reply Contact

Let me respond to myself. I don't think the HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TacOnlyOne being recognized as malware is new. I believe this is a false positive and this registry entry as well as HKCR\TacOnlyOne is created by a program called URLSnooper. /V

Page 1 of 1 (4 items)