FSPro Labs Forum - View topic - Microsoft Security Essentials detects Event Log Explorer FP
FSPro Labs FLEXIBLE SECURITY PRODUCTS FOR HOME AND BUSINESS 
HOME| PRODUCTS| DOWNLOADS| PURCHASE| RESELLERS| CONTACTS| FORUM| LINKS 

 FSPro Labs Discussion Forum

 FAQFAQ   SearchSearch   UsergroupsUsergroups   RegisterRegister  ProfileProfile   Log inLog in 
Microsoft Security Essentials detects Event Log Explorer FP

 
Post new topic   Reply to topic    FSPro.net Forum Index -> Event Log Explorer
View previous topic :: View next topic  
Author Message
YoKenny



Joined: 12 Nov 2006
Posts: 22
Location: Ontario, Canada
PostPosted: Tue Aug 18, 2009 11:07 pm    Post subject: Microsoft Security Essentials detects Event Log Explorer FP Reply with quote
I just had Microsoft Security Essentials (Windows Defender) alert on c:\Program Files\Event Log Explorer\elex.exe as Virus:Win32/Induc.A

http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?name=Virus%3aWin32%2fInduc.A&threatid=2147627628

I am trying to report this as a false positive.
_________________
E5200 2.5GHZ, 4GB RAM, 160GB HD, Windows 7 64bit, avast! V5 Free, IE8 with Finjan SecureBrowsing,
hpHosts, MVPS HOSTS files, MBAM Full, SpeedFan, WinPatrol PLUS
Back to top
View user's profile Send private message
YoKenny



Joined: 12 Nov 2006
Posts: 22
Location: Ontario, Canada
PostPosted: Tue Aug 18, 2009 11:19 pm    Post subject: Reply with quote
I just went to download Event Log Explorer and avast! anti virus detects that it is infected
Quote:
8/18/2009 7:13:01 PM SYSTEM 1704 Sign of "Win32:Induc" has been found in "http://www.eventlogxp.com/download/elex.zip\elex_setup.exe\{app}\elex.exe\[ASProtect]" file.

_________________
E5200 2.5GHZ, 4GB RAM, 160GB HD, Windows 7 64bit, avast! V5 Free, IE8 with Finjan SecureBrowsing,
hpHosts, MVPS HOSTS files, MBAM Full, SpeedFan, WinPatrol PLUS
Back to top
View user's profile Send private message
Dave M



Joined: 20 Aug 2009
Posts: 5
Location: USA
PostPosted: Thu Aug 20, 2009 9:43 pm    Post subject: Reply with quote
elex.exe Version 3.1 scanned and reported to Msft as a potential FP:

VirSCAN.org Scanned Report :
Scanned time : 2009/08/20 14:16:13 (PDT)
Scanner results: 19% Scanner(7/37) found malware!
File Name : elex.exe
File Size : 2067632 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : fcf4f3c710dd79f53a85214ac6ebe316
SHA1 : 0c544e1ecbdf0a19e2ca37ea7fd3cd87058656bb
Online report : http://virscan.org/report/3a01c1d9684d8817c7dd5f1637accaf6.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20090820220213 2009-08-20 0.67 -
AhnLab V3 2009.08.21.00 2009.08.21 2009-08-21 0.85 -
AntiVir 8.2.1.3 7.1.5.143 2009-08-20 0.31 -
Antiy 2.0.18 20090819.2718903 2009-08-19 0.12 -
Arcavir 2009 200908201624 2009-08-20 0.13 -
Authentium 5.1.1 200908191809 2009-08-19 1.33 W32/Heuristic-210!Eldorado (Heuristic)
AVAST! 4.7.4 090820-0 2009-08-20 0.35 Win32:Induc
AVG 8.5.288 270.13.62/2315 2009-08-20 1.39 -
BitDefender 7.81008.3911197 7.27252 2009-08-21 3.71 Win32.Induc.A
CA (VET) 9.0.0.143 31.6.6688 2009-08-20 6.04 -
ClamAV 0.95.2 9722 2009-08-20 0.32 -
Comodo 3.10 2038 2009-08-20 0.81 -
CP Secure 1.1.0.715 2009.08.21 2009-08-21 12.12 -
Dr.Web 4.44.0.9170 2009.08.20 2009-08-20 5.37 -
F-Prot 4.4.4.56 20090820 2009-08-20 1.27 Possible W32/Heuristic-210!Eldorado (not disinfectable)
F-Secure 7.02.73807 2009.08.20.10 2009-08-20 0.19 -
Fortinet 2.81-3.120 10.737 2009-08-20 0.49 -
GData 19.7274/19.446 20090820 2009-08-20 4.81 Win32:Induc [Engine:B]
ViRobot 20090820 2009.08.20 2009-08-20 0.46 -
Ikarus T3.1.01.68 2009.08.20.73322 2009-08-20 4.18 -
JiangMin 11.0.800 2009.08.20 2009-08-20 3.88 -
Kaspersky 5.5.10 2009.08.20 2009-08-20 0.14 -
KingSoft 2009.2.5.15 2009.8.20.18 2009-08-20 0.74 -
McAfee 5.3.00 5715 2009-08-20 3.11 -
Microsoft 1.4903 2009.08.20 2009-08-20 9.90 Virus:Win32/Induc.A
Norman 6.01.09 6.01.00 2009-08-17 4.01 -
Panda 9.05.01 2009.08.20 2009-08-20 2.44 -
Trend Micro 8.700-1004 6.382.01 2009-08-20 0.24 -
Quick Heal 10.00 2009.08.20 2009-08-20 1.71 -
Rising 20.0 21.43.34.00 2009-08-20 2.05 -
Sophos 2.89.1 4.44 2009-08-21 3.37 -
Sunbelt 5346 5346 2009-08-20 1.53 -
Symantec 1.3.0.24 20090820.003 2009-08-20 0.66 -
nProtect 20090818.01 5093763 2009-08-18 7.45 -
The Hacker 6.3.4.3 v00384 2009-08-20 0.70 -
VBA32 3.12.10.9 20090819.1841 2009-08-19 4.13 Backdoor.XiaoBird.47 (paranoid heuristics) (suspicious)
VirusBuster 4.5.11.10 10.112.10/1800822 2009-08-19 2.78 -
_________________
Regards, Dave
Back to top
View user's profile Send private message
Dave M



Joined: 20 Aug 2009
Posts: 5
Location: USA
PostPosted: Mon Aug 24, 2009 10:35 pm    Post subject: Reply with quote
Thanks for the new Version of Event Log Explorer, Version 3.1.3.615. The detection is now removed.
_________________
Regards, Dave
Back to top
View user's profile Send private message
YoKenny



Joined: 12 Nov 2006
Posts: 22
Location: Ontario, Canada
PostPosted: Tue Aug 25, 2009 3:07 am    Post subject: Reply with quote
Downloading Event Log Explorer, Version 3.1.3.615 is still detected as infected for me.
_________________
E5200 2.5GHZ, 4GB RAM, 160GB HD, Windows 7 64bit, avast! V5 Free, IE8 with Finjan SecureBrowsing,
hpHosts, MVPS HOSTS files, MBAM Full, SpeedFan, WinPatrol PLUS
Back to top
View user's profile Send private message
Dave M



Joined: 20 Aug 2009
Posts: 5
Location: USA
PostPosted: Tue Aug 25, 2009 8:12 am    Post subject: Reply with quote
Microsoft and AVAST! no longer detect it, although three other stragglers still seem to. Those guys probably need to tighten up their heuristics:

VirSCAN.org Scanned Report :
Scanned time : 2009/08/25 00:50:10 (PDT)
Scanner results: 8% Scanner(3/37) found malware!
File Name : elex.exe
File Size : 2068656 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 8c13a007a9418c9bdf1473b81a18dfde
SHA1 : 64f92d9ad443a8a538f542f06a3cefbea8aafd76
Online report : http://virscan.org/report/6840965b46bfbcfdb2c93f7113f3087a.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20090824170206 2009-08-24 1.44 -
AhnLab V3 2009.08.25.00 2009.08.25 2009-08-25 1.01 -
AntiVir 8.2.1.3 7.1.5.156 2009-08-24 7.02 -
Antiy 2.0.18 20090824.2730530 2009-08-24 0.12 -
Arcavir 2009 200908241822 2009-08-24 0.13 -
Authentium 5.1.1 200908242130 2009-08-24 1.33 W32/Heuristic-210!Eldorado (Heuristic)
AVAST! 4.7.4 090824-0 2009-08-24 0.44 -
AVG 8.5.288 270.13.65/2324 2009-08-24 1.43 -
BitDefender 7.81008.3913341 7.27334 2009-08-25 3.94 -
CA (VET) 9.0.0.143 31.6.6697 2009-08-25 6.56 -
ClamAV 0.95.2 9733 2009-08-25 0.33 -
Comodo 3.10 2088 2009-08-25 0.88 -
CP Secure 1.1.0.715 2009.08.23 2009-08-23 0.01 -
Dr.Web 4.44.0.9170 2009.08.25 2009-08-25 5.70 -
F-Prot 4.4.4.56 20090824 2009-08-24 1.30 Possible W32/Heuristic-210!Eldorado (not disinfectable)
F-Secure 7.02.73807 2009.08.24.10 2009-08-24 0.13 -
Fortinet 2.81-3.120 10.754 2009-08-24 0.79 -
GData 19.7367/19.450 20090825 2009-08-25 6.65 -
ViRobot 20090824 2009.08.24 2009-08-24 0.77 -
Ikarus T3.1.01.68 2009.08.25.73349 2009-08-25 4.42 -
JiangMin 11.0.800 2009.08.25 2009-08-25 4.93 -
Kaspersky 5.5.10 2009.08.25 2009-08-25 0.13 -
KingSoft 2009.2.5.15 2009.8.25.14 2009-08-25 5.11 -
McAfee 5.3.00 5719 2009-08-24 3.23 -
Microsoft 1.4903 2009.08.24 2009-08-24 12.58 -
Norman 6.01.09 6.01.00 2009-08-24 4.00 -
Panda 9.05.01 2009.08.24 2009-08-24 5.57 -
Trend Micro 8.700-1004 6.392.02 2009-08-24 0.23 -
Quick Heal 10.00 2009.08.25 2009-08-25 2.17 -
Rising 20.0 21.44.10.00 2009-08-25 2.54 -
Sophos 2.89.1 4.44 2009-08-25 3.39 -
Sunbelt 5353 5353 2009-08-24 2.77 -
Symantec 1.3.0.24 20090824.002 2009-08-24 0.78 -
nProtect 20090823.01 5123017 2009-08-23 9.71 -
The Hacker 6.3.4.3 v00387 2009-08-24 1.28 -
VBA32 3.12.10.10 20090824.1625 2009-08-24 3.73 Backdoor.XiaoBird.47 (paranoid heuristics) (suspicious)
VirusBuster 4.5.11.10 10.112.15/1802658 2009-08-24 2.74 -
_________________
Regards, Dave
Back to top
View user's profile Send private message
YoKenny



Joined: 12 Nov 2006
Posts: 22
Location: Ontario, Canada
PostPosted: Tue Aug 25, 2009 10:05 am    Post subject: Reply with quote
Microsoft Security Essentials still reports it for me!
Quote:
Category: Virus

Description: This program is dangerous and replicates by infecting other files.

Recommendation: Remove this software immediately.

Microsoft Security Essentials detected programs that may compromise your privacy or damage your computer. You can still access the files that these programs use without removing them (not recommended). To access these files, select the 'Allow' action and click 'Apply actions'. If this option is not available, log on as administrator or ask the local administrator for help.

Items:
containerfile:C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{BCF9A069-A390-4B91-8D79-E31BC94D98E7}-elex.zip
containerfile:C:\Suspect\elex.zip
file:C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{BCF9A069-A390-4B91-8D79-E31BC94D98E7}-elex.zip->elex_setup.exe->(inno#000000)
file:C:\Suspect\elex.zip->elex_setup.exe->(inno#000000)
filelocalcopy:C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{BCF9A069-A390-4B91-8D79-E31BC94D98E7}-elex.zip->elex_setup.exe->(inno#000000)
webfile:C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{BCF9A069-A390-4B91-8D79-E31BC94D98E7}-elex.zip|http://www.eventlogxp.com/download/elex.zip
webfile:C:\Suspect\elex.zip|http://www.eventlogxp.com/download/elex.zip
http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?name=Virus%3aWin32%2fInduc.A&threatid=2147627628

MSE fully updated.
_________________
E5200 2.5GHZ, 4GB RAM, 160GB HD, Windows 7 64bit, avast! V5 Free, IE8 with Finjan SecureBrowsing,
hpHosts, MVPS HOSTS files, MBAM Full, SpeedFan, WinPatrol PLUS
Back to top
View user's profile Send private message
Dave M



Joined: 20 Aug 2009
Posts: 5
Location: USA
PostPosted: Tue Aug 25, 2009 5:25 pm    Post subject: Reply with quote
MSE is in Beta, a bug(?), or could it be looking at a quarantine of the previous zip? What about AVAST, now? VirusTotal currently gives the elex.exe a completly clean scan and its scanners include both Microsoft and AVAST:

File elex.exe received on 2009.08.25 16:52:43 (UTC)

Result: 0/41 (0%)

File size: 2068656 bytes
MD5...: 8c13a007a9418c9bdf1473b81a18dfde
SHA1..: 64f92d9ad443a8a538f542f06a3cefbea8aafd76
SHA256: cf48eb3d93dfc0dadffc661db85221770aafd7b241dbc7207dfa08382bc3da57
ssdeep: 49152:UG0F2kCG0MKu6TkHBuOv7lpr/l8CyHmvtI9B:UG0F1Z5Ku6TkHBuOv7lpr
/9yHb

PEiD..: -
RDS...: NSRL Reference Data Set
_________________
Regards, Dave
Back to top
View user's profile Send private message
YoKenny



Joined: 12 Nov 2006
Posts: 22
Location: Ontario, Canada
PostPosted: Wed Aug 26, 2009 3:37 am    Post subject: Reply with quote
avast! does not detect it now but MSE still does even with the latest updates.
_________________
E5200 2.5GHZ, 4GB RAM, 160GB HD, Windows 7 64bit, avast! V5 Free, IE8 with Finjan SecureBrowsing,
hpHosts, MVPS HOSTS files, MBAM Full, SpeedFan, WinPatrol PLUS
Back to top
View user's profile Send private message
YoKenny



Joined: 12 Nov 2006
Posts: 22
Location: Ontario, Canada
PostPosted: Wed Aug 26, 2009 9:39 am    Post subject: Reply with quote
On my old XP Home system I un-installed MSE and rebooted then installed Windows Defender and just updated its defenitions and did a Quick scan and Event Log Explorer was not detected as bad.
_________________
E5200 2.5GHZ, 4GB RAM, 160GB HD, Windows 7 64bit, avast! V5 Free, IE8 with Finjan SecureBrowsing,
hpHosts, MVPS HOSTS files, MBAM Full, SpeedFan, WinPatrol PLUS
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    FSPro.net Forum Index -> Event Log Explorer All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Powered by phpBB © 2001, 2005 phpBB Group

Privacy Statement | Partnership opportunities | Company | Contact us
Copyright © 2001-2006 FSPro Labs, All rights reserved