CastleCops® Prevx 2 says OK, but...

Need help? Click here to register for free! Absolutely zero advertisements on this site!

	Donation/Premium

	Donations. Become Premium Today!

	Security Central

	· Home · PIRT/Fried Phish · MIRT · SIRT · Deutsch · Wiki · Newsletter · O16/ActiveX · CLSID List · Contest2007 · Downloads · Feedback (send) · Forums · HijackThis · Hijacktrend · LSPs · My Downloads · O18 · O20 · O21 · O22 · O23 · O9 · Premium · Private Messages · Proxomitron · Reviews · Search · StartupList · Stories Archive · Submit News · WsIRT · Your Account · Acceptable Use Policy

Forum FAQ

Usergroups

Profile

Select FavForums

Prevx 2 says OK, but...

All -> FavForums -> Prevx

[del.icio.us!] [digg it!] [reddit!]

View previous topic :: View next topic

Author

Message

Elliston

Cadet
Cadet

Joined: Jun 15, 2007
Posts: 1
Location: USA

Posted: Fri Jun 15, 2007 2:19 pm Post subject: Prevx 2 says OK, but...

The following file appears every day upon login since a fresh Windows XP installation was installed on my computer: C:\Documents and Settings\username\Local Settings\Temp\~RomDmp1\romdump.com Having not seen this file before, I was suspicious. Scanning with Symantec, AdAware, Spybot, and Windows Defender returned no results. My computer is up to date with all Microsoft updates. Since the only security software website I found any information on the file was at Prevx.com: http://spywarefiles.prevx.com/RRCJHI662592/romdump%252Ecom.html and http://spywarefiles.prevx.com/ssCJHI662592/ROMDmore.html I downloaded Prevx 2 and scanned everything twice, under the advanced settings for scanning every file. Nothing turned up, from this file or anything else. It would appear the files are one of the benign versions listed on the page from the second link listed above (the file location is the same as one of the Green versions of the file). It would seem the Bad evaluation for one version of the file is due to the "File and Path Structure: Suspicious, unusually high number of file and path combinations" since there is no activity recorded by Prevx for the file. My questions are: 1. Were the scans sufficient for Prevx 2 to determine if files are good/bad? Or does it need to evaluate system behavior over time? 2. Has anyone else encountered these files? Other people have encountered them with the game Act of War, but that's never been on my computer. I am sure I am just being paranoid, but I wanted to check to make sure there's nothing amiss. Thanks!

ctrlaltdelete

Corporal

Joined: Nov 26, 2006
Posts: 66
Location: Netherlands

Posted: Fri Jun 15, 2007 4:04 pm Post subject:

A quick search with Google tells me it could be some sort of a copy protection file installed by ...?... and it seems it's not compatible with windows x64. Most romdump.com files in the Prevx links are all different in size... Check the file on www.virustotal.com and save the results. Do not forget to save the information on the bottom of the screen (MD5 etc..) it's the only way to compare it with another romdump.com -edit- Just found that not only Act of War but also another program is using romdump.com for copy protection; inSpeak Communicator (2.2.1.441) -edit-

	All -> FavForums -> Prevx	All times are GMT
Page 1 of 1

You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


	2002-2008 � Computer Cops LLC dba CastleCops®. All rights reserved. Acceptable Use Policy. Use signifies your agreement. 152ppm 0.353s (0.06s) Making cybercriminals unhappy since 2002*