Are These Infections Harmful or False Positives?

1) I ran Anti-Malware scan on my laptop and I get these 2 infections (please see attached screen shot). Having made some check on the internet, it says that these are part of Anti-Malware program not harmful and once deleted after the scan, it will NOT appear again. But every time I ran a scan, this always appear.
a) what are these ?
b) also, more importantly, is it true that what was said that these are harmless and part of Malware program ?

2) I use SpywareDoc to ran a deep scan and again, each time I deleted these items (see attached), they appear again after each scan.
a) What are the programs that are causing these, especially the PC Activity monitor
b) how do I delete these programs and
c) will deleting them cause harm my laptop system ?

By the way, when I ran a scan using AVG 2012 or MSE, these did not show up. (But not both of these installed on my Sony laptop at the same time). I am using Windows XP Pro with SP3 and IE7

Any clarifications and advise will be greatly appreciated and thanks in advanced.

 

Are you running software such as System Mechanic? that might be where those HKCRs are coming from in Malwarebytes.

Solved: Malwarebytes' "false positive?" - Tech Support Guy Forums

 

Yes, I am using the trial version of System Mechanic. That explains it as I've just uninstalled that and did another Malware run and nothing showed up. You're spot on ! Thanks.

But what about the result from the SpywareDr scan, especially the Activity Monitor ?

 

Googling the full string (HKEY_USERS\......\Software\Microsoft\....) should come up with results. I wouldn't know unless I saw the full string.

 

I tried that, but no joy. The missing part of the string (in between the words Microsoft..) is attached together with another report when I click to expand it (though I don't think that is helpful - to me anyway.) Just for your info, I do not have this PC Activity Monitor installed (I assume this is a 3rd party program ? I'm quite a newbie on this. So apologies for the ignorance).

I can re-run the scan again if necessary, but it did took over 2 hours to complete the scan. Let me know, though, if this is necessary. Thanks

 

much chat about spyware doctor ages ago as there was a dodgy version out which opened the door for infections.

delete spyware doc and download Malwarebytes : Free anti-malware, anti-virus and spyware removal download

 

Definitely recommend Malwarebytes. Using it with MSE and my laptop has never had an infection (also thanks to safe browsing habits).

 

Thanks for this info. I was not aware about a dodgy version of SpywareDr. But I have ran Malware and came up with nothing as mentioned earlier on here.

 

I have also ran MSE as per my first post here, and came up clean. But I still get the feeling there's something not right.

I ran a scanning program from AVAST -aswMBR (as instructed by a member in another forum) and it came up with this "SUSPICIOUS" message:

14:44:28.140 Disk 0 scanning C:\WINDOWS\system32\drivers
14:44:35.453 Service scanning
14:44:51.312 Modules scanning
14:44:54.234 Module: C:\WINDOWS\system32\DRIVERS\GLEXPORT.SYS **SUSPICIOUS**
14:44:58.625 Disk 0 trace - called modules:
14:44:58.671 ntkrnlpa.exe CLASSPNP.SYS disk.sys vsflt53.sys hal.dll ACPI.sys atapi.sys pciide.sys PCIIDEX.SYS
14:44:58.671 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ab26ab8]
14:44:58.687 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> [0x8ab5bd68]

But I have not heard back as to its imterperation or what to do next. I googled it and there is a fix for this GLEXPORT.SYS error. But this scan result didn't say it is a ERROR. I am assuming it is a sort of Virus or Malware ?? Any clarification ?

 

no idea. not heard of that one before.
did you run the mse scan in safe mode.

 

No, I have not run MSE in Safe Mode. But on normal mode, I get a clean bill of health. So I think running it in Safe Mode won't make any diff, will it ?

Reason I asked it I've deleted MSE and gone back to using AVG as I have been using this for ages and feel comfortable with it. But I can uninstall AVG and reinstall MSE to run it if it makes a difference between running this on Safe Mode and Normal. I would have expected if running in Normal Mode indicates a virus, then running a Safe Mode after that would confirm the presence of a virus if Safe Mode indicates this also, and not the other way round or am I mistaken ?

 

If you copy the Glexport.sys file and upload it to VirusTotal.com, any other AV giving a hit?

 

Thanks for the link about Virustotal.com. I did as you suggested, but the result does not say anything or it just seems useless to me, being a novice. Have a look at this link where the result is and let me know if you can make anything out of it.

https://www.virustotal.com/file/46b...8c26cfaaf20ecc09d5150a3b7855d32a6ce/analysis/

I've also ran AVAST scan and it didn't picked up anything also.

 

Actually, the VT result is good, zero detection by those 42 scanners. However, VT uses those AV's 'on-demand'; they don't use the full AV functions.
While you seem to have an FP, I'd run HitmanPro3 once, to do a very fast scan, HMP3 also does a thorough MBR and bootkit scan.

(The best answers however come from the AV/AM folks themselves though or specialized removal forums like Bleeping computer link, asking at Avast or MBAM forum and/or uploading a file to them directly will give a final answer fastest).

 

Thanks for your feeback on the VT results. It's a relief to know.

I ran Hitman Pro 3.5.6 about 10 days ago and came up with nothing bad. But since then, my laptop started to behave a bit strange, which prompted me to use other antivirus programs to scan as my usual ones, AVG did not picked up anything. This was when all this "false" positives from various AV program starts me to ask on this forum.

I just ran HMP again and only thing that came up are the usual Tracking Cookies which I deleted.

But thanks for your comments on the VT result.