Tech Support Forum - View Single Post

MicroBell · 07-10-2005, 10:47 PM

Again..the logs are clean. This entry...

HKLM\HARDWARE\ACPI\FADT\GATEWA\04DT043_\20041215

Is the 20041215 a folder? If so...open it. Whats listed in the right side pane? Any entrys?

The normal folders for that location are..

HKLM\HARDWARE\ACPI\FADT
HKLM\HARDWARE\ACPI\RSDT
HKLM\HARDWARE\ACPI\DSDT
HKLM\HARDWARE\ACPI\RSDT

Since the next folder in is a Gateway folder it's unlikely any malware would use that directory. I think this is a false positive from the Ewido scan. Again...since this area is for motherboard chipset versions and bios info I don't think it's malware related.

Are you being hijacked to other sites when you start IE? Bascially thats what CWS is designed to do.

07-10-2005, 10:47 PM	#5 (permalink)
MicroBell Manager Emeritus - Security Center, Expert Analyst, Moderator - Security Team; Rangemaster, TSF Academy & Supporter Join Date: Sep 2004 Location: Carmichaels, PA-USA Posts: 6,962 OS: Windows XP-Pro SP2	Again..the logs are clean. This entry... HKLM\HARDWARE\ACPI\FADT\GATEWA\04DT043_\20041215 Is the 20041215 a folder? If so...open it. Whats listed in the right side pane? Any entrys? The normal folders for that location are.. HKLM\HARDWARE\ACPI\FADT HKLM\HARDWARE\ACPI\RSDT HKLM\HARDWARE\ACPI\DSDT HKLM\HARDWARE\ACPI\RSDT Since the next folder in is a Gateway folder it's unlikely any malware would use that directory. I think this is a false positive from the Ewido scan. Again...since this area is for motherboard chipset versions and bios info I don't think it's malware related. Are you being hijacked to other sites when you start IE? Bascially thats what CWS is designed to do. __________________ We Are The BORG Spyware KILLER and Adware Destroyer! Spyware/Adware Removal Tools Hijackthis Ad-aware SE Spybot Search&Destroy SpywareBlaster CWShredder