Lavasoft Support Forums > 'SearchFast' ?

Lavasoft Support Forums > Archived Topics > Archives: Resolved/Inactive Topics > Resolved/Inactive General Support Issues

Kavu

Nov 8 2006, 02:04 AM

11/07/06
I ran a scan today w/def file SE1R130 06.11.2006 and came up w/these critical items:

-------------------------------------------
SearchFast Object Recognized!
Type : File
Data : SysInfo.dll
TAC Rating : 5
Category : Malware
Comment :
Object : C:\WINDOWS\downloaded program files\
FileVersion : 1, 0, 0, 4
ProductVersion : 1, 0, 0, 4
ProductName : SysInfo Module
CompanyName : Rapidigm Inc
FileDescription : SysInfo Module
InternalName : SysInfo
LegalCopyright : Copyright 2003
OriginalFilename : SysInfo.DLL

SearchFast Object Recognized!
Type : File
Data : SysInfo.inf
TAC Rating : 5
Category : Malware
Comment :
Object : C:\WINDOWS\downloaded program files\

SearchFast Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{49232000-16e4-426c-a231-62846947304b}

SearchFast Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{8da729b1-b0fc-4fab-9d33-0b004e0f0592}

SearchFast Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : sysinfo.sysdata

SearchFast Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : sysinfo.sysdata.1

SearchFast Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{980bcd41-0313-4693-88be-d036753fa898}

-------------------------------------------------

I did some searching and found an unanswered ref/question at a Lavasoft 'Resolved Issues' forum here:
http://www.lavasoftsupport.com/lofiversion....php/t2013.html
The poster asked whether this was a false positive. I also have HP utilty software and recently used an online HP utility scan to diagnose a HP hardware/software issue.

If someone could determine if these same entries are a false positive or malware/adware as the AdAware scan implied, I would greatly appreciate it. Thank you in advance for your efforts.

Kavu

winchester73

Nov 8 2006, 02:24 AM

I vote for FP ...

The SysInfo.DLL that is planted by the password-stealing Troj/LegMir-AA has a CLSID of {2250D9C6-4CC7-4826-8EFD-1D04AFC7F7F0}

Rapidigm is a legitimate business-to-business consulting company: http://www.rapidigm.com/index.jsp

Kavu

Nov 9 2006, 08:21 PM

(11/09/06)
W/re to the 'SearchFast' malware objects....

Desiring to move on, I have done a System Restore which has eliminated the detections from appearing, both in the prior Definitions file(11/06/06) as well as today's update of Definitions (11/09/06). So the problem is resolved for me, altho there appears to be no determination of whether this was related to possibly being a FP from a Hewlett Packard online support system scan utility.
Kavu

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.