Jump to content


Photo

Mistaken identity and questions


  • Please log in to reply
3 replies to this topic

#1 joemccarron

joemccarron

    Member

  • Full Member
  • Pip
  • 2 posts

Posted 14 August 2008 - 09:17 AM

Hello I installed the cyclope internet filter and this file was flagged by avira as well.

This is what it said:

The file 'C:\System Volume Information\_restore{2E3AE599-C217-443C-A466-02EACE051E5C}\RP29\A0004978.exe'
contained a virus or unwanted program 'DR/Amplusnet.H.5' [dropper]
Action(s) taken:
The file was moved to '48d1b307.qua'!

I deleted it and the filter still seems to run. Is this malware or is it just part of the program? The program does have monitoring tools for employers to make sure employees do not waste time on non-work related surfing sites.
I'm not sure what to make of it.

Any info would be appreciatated.

#2 Budfred

Budfred

    Malware Hound

  • Administrators
  • PipPipPipPipPip
  • 21,574 posts

Posted 14 August 2008 - 09:06 PM

joemccarron,

I am not seeing how your question relates to the new item posted by apluswebmaster... If you are concerned about malware, please read the FAQ and post a log in Malware Removal... Please post back here on what you have chosen to do and I will delete posts that are not relevant to this topic...
Budfred

Helpful link: SpywareBlaster...

MS MVP 2006 and ASAP Member since 2004

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

#3 joemccarron

joemccarron

    Member

  • Full Member
  • Pip
  • 2 posts

Posted 15 August 2008 - 11:38 AM

Hi Budfred
I'm trying to find out if this is a false positive from the same company.

I admit to some confusion from AplusWebMaster's post. I really am not sure whether he thinks this is a FP or real malware from this company. (I'm not sure why his name matches the name of the company - I wasn't sure if he had any connection with them) The program itself is supposed to monitor employee web activities so I was not sure if it is an FP or not.

If you follow the link he posted it links to a product I evaluated from them called "Cyclope Internet Filtering Proxy" It does seem to be a different product (but similar function) and a different malware but from same company. Maybe I should let people know in seperate thread. If that is the case please feel free to paste the following in a different thread or allow me to do that. This is what I reported on the Avira website forum and their response and then my response:

possible false positive?? cyclope internet filterI installed the cyclope internet filter. This filter does have a tracking ability as well to be sure employees are not surfing the web for non work related matters.

Here is the link to the product:
amplusnet.com/products/internet-filtering/overview.htm

I had the 3 following events:

The file 'C:\utilities\cyclope\internetfilter.exe'
contained a virus or unwanted program 'DR/Amplusnet.H.5' [dropper]
Action(s) taken:
The file was moved to '4915b34f.qua'!

The file 'C:\System Volume Information\_restore{2E3AE599-C217-443C-A466-02EACE051E5C}\RP29\A0004978.exe'
contained a virus or unwanted program 'DR/Amplusnet.H.5' [dropper]
Action(s) taken:
The file was moved to '48d1b307.qua'!

The file 'C:\Documents and Settings\jmccarron.MCCARRONLAWOFFI\Local Settings\Temporary Internet Files\Content.IE5\2CDH1E4P\internetfilter[1].exe'
contained a virus or unwanted program 'DR/Amplusnet.H.5' [dropper]
Action(s) taken:
The file was moved to '4915ad0f.qua'!

Since the software is produced by "amplusnet" and it does trojan type functions I am wondering if this is a false positive. Is the program simply doing what I want it to do or is it doing something unknown and possibly malicious?
Any advise is appreciated.

Quote
Report


--------------------------------------------------------------------------------
Nicolae Moldoveanu

Avira GmbH



Date of registration:
May 22nd 2006



Version: Avira Prem. Security Suite



Location: Bucharest




2
Today, 8:59am
Hi,
Please send us C:\utilities\cyclope\internetfilter.exe It might be a FP.
The next two files might not be a FP. You can also send them to us using this link Nicolae Moldoveanu
Avira GmbH

Quote
Report


--------------------------------------------------------------------------------
jmcc28

Blue


Date of registration:
Aug 14th 2008



Version: Avira Prem. Security Suite




3
Today, 7:16pm
Hello
I sent them to avira and then deleted them. It would have been on august 12th or 13th. I will send the exe file again. The other two files were installed by running the exe. I would prefer not to install it again until I can find out if they are trojans. Here is the link to download:

cyclope-series.com/setups/internetfilter.exe

The website in my post is where I did get the program. I also asked them about this and this was their response:



Hello



Thank you for trying Cyclope Internet Filtering Proxy



. There were no similar issues reported among our costumers. Further test are being performed as we speak. We provide our costumers with secure quality solutions.



Best Regards



Bogdan Dumbrava



Cyclope-Series Team

edit: Ok I see the original poster does not have an "m" between the "a" and the "plus" so now I see its unlikely that there is any connection. Sorry.

Edit to disable dangerous links...

Edited by Budfred, 15 August 2008 - 02:00 PM.


#4 Budfred

Budfred

    Malware Hound

  • Administrators
  • PipPipPipPipPip
  • 21,574 posts

Posted 15 August 2008 - 02:03 PM

A case of mistaken identity and posting potentially dangerous links in the forum... Please be more careful... As I said earlier, I will remove these posts since they are really not about this topic... I suggest that you post whatever questions you have in Malware Removal after reading the FAQ and include a log...
Budfred

Helpful link: SpywareBlaster...

MS MVP 2006 and ASAP Member since 2004

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"




Member of UNITE
Support SpywareInfo Forum - click the button