A trojan trace was found in registry.

On demand scan with an AV found trace in reg. Alerted to it. Trace ref'd 2 files on disk. One was good and clean OS critical file. Other had already been quarantined by other AV.

Good thing I checked the good file with virustotal.com ( 0/42 ) and looked it up on uniblue site to discover it was good guy.

Lucky I removed it from quarantine BEFORE rebooting.

Maybe this was a "semi-false-positive" :confused:

A trojan trace was found in registry.

On demand scan with an AV found trace in reg. Alerted to it. Trace ref'd 2 files on disk. One was good and clean OS critical file. Other had already been quarantined by other AV.

Good thing I checked the good file with virustotal.com ( 0/42 ) and looked it up on uniblue site to discover it was good guy.

Lucky I removed it from quarantine BEFORE rebooting.

Maybe this was a "semi-false-positive" :confused:
And the wayward AV program was.......... ?

And the wayward AV program was.......... ?
It might have been my fault. Maybe I did not understand the alert correctly.

Maybe the report on the registry entry just meant to tell me that the critical program (userinit.exe) was invoking a malware (that had already been removed).

It happened to be Malwarebytes, but as I say, maybe the problem was me.

The main "take away" probably should be "don't trust yourself" AND don't trust the AV.

Probably all AV's have false positives SOMETIMES.

Unrelated to my AV problem, BUT ... OUCH!
http://isc.sans.org/diary.html?storyid=8464&rss
BitDefender 2010 Update Problem
Share |
Published: 2010-03-20,
Last Updated: 2010-03-21 00:44:19 UTC
by Scott Fendley (Version: 2)
0 comment(s)

We have started to receive reports this morning concerning a popular consumer antivirus product has caused some grief today. BitDefender 2010 appears to have released a set of bad definitions. Unfortunately, these bad virus definitions appear to detect core DLL files and even parts of BitDefender, itself, as infected by "Trojan.FakeAlert.5". There is quite a thread discussing this issue on the BitDefender Forums.

If you or your organization uses BitDefender, I would heavily recommend that you disable auto-update of the definitions until corrected ones are released soon. Also, I would recommend preparing to do a lot of hands-on clean up to reverse those files which were quarantined by accident.

Update: BitDefender has been sharing more information about this incident involving 64-bit architecture via their twitter account. They point users to their knowledge base for more details on how to recover from this problem. I hope that beyond the initial response of this major issue, BitDefender and all antivirus vendors will recheck how they test, do quality assurance, and prepare to use social media as a communication tool for their customers in the case of an emergency.

Scott Fendley ISC Handler