Ewido finds Spyware.IEDriver in registry

flimbo · Feb 6, 2006, 06:11 PM

Ewido anti-malware finds Spyware.IEDriver in my registry. After checking this out it appears to be something to do with the KX drivers. I'm using "kxdrv3538j-full_" downloaded from this site.
I've let Ewido skip this for now.
Any ideas?

Maddogg6 · Feb 6, 2006, 09:23 PM

can you post the Ewido report on this?

And, how did you come tp the conclusion it was KX related?

flimbo · Feb 6, 2006, 09:29 PM

Here is the Ewido report. There is a mention of kx_wave3 at the end of the entry. I let ewido ignore it for now.

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 21:27:46, 06/02/2006
+ Report-Checksum: F868D663

+ Scan result:

HKLM\SYSTEM\ControlSet001\Control\DeviceClasses\{6 994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_1102&DEV_0004&SUBSYS_005 11102&REV_03#4&2AF9ED5&0&08F0#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#kx_wave3\Device Parameters\Mixer\2\Controls\0 -> Spyware.IEDriver : Ignored

::Report End

Maddogg6 · Feb 6, 2006, 10:14 PM

well, Im no expert - but I do have this key also -

You may want to try other spyware scanners - I think its a false positive...

Maybe someone more knowledgable with registry can explain / confirm.??

Russ · Feb 7, 2006, 12:44 AM

What specific entry under that key does it think is IEDriver?
Those keys are generally plug and play device info, and ControlSet001 is data from a previous boot. Did it detect the same key under CurrentControlSet as spyware?
As far as I know IEDriver does not modify these keys in the regsitry so I would think that it is a false positive.
Personally I use Ad-Aware, and it never reported anything about that key, but I am still wondering which entry specifically you are talking about. Under that key (not that exact key as mine is a little different as I have a different hardware than you), I have 5 binary entries: 'Channel Count', 'Channel0', 'Channel1', 'Control Type', and 'Multiple Items', do you have different/additonal items under that key?

**dj_stick** · Feb 7, 2006, 01:03 AM

i use adaware/spywareblaster/spybot/ms antispy and never anything shown in relation to kX, so false positive is my guess too

flimbo · Feb 7, 2006, 11:02 AM

I use SpywareBlaster, Spybot, Ad-Aware, Ewido and AVG. All are up to date and scanning with these shows nothing, so I'm guessing it must be a false positive too.
I have exactly the same 5 entries under that key as Russ.

Feb 6, 2006, 06:11 PM	#1
flimbo DriverHeaven Newbie Join Date: Jan 2006 Posts: 11 Rep Power: 0	Ewido finds Spyware.IEDriver in registry Ewido anti-malware finds Spyware.IEDriver in my registry. After checking this out it appears to be something to do with the KX drivers. I'm using "kxdrv3538j-full_" downloaded from this site. I've let Ewido skip this for now. Any ideas?

Feb 7, 2006, 12:44 AM	#5
Russ HardwareHeaven Extreme Member Join Date: Jan 2005 Posts: 5,563 Rep Power: 62	What specific entry under that key does it think is IEDriver? Those keys are generally plug and play device info, and ControlSet001 is data from a previous boot. Did it detect the same key under CurrentControlSet as spyware? As far as I know IEDriver does not modify these keys in the regsitry so I would think that it is a false positive. Personally I use Ad-Aware, and it never reported anything about that key, but I am still wondering which entry specifically you are talking about. Under that key (not that exact key as mine is a little different as I have a different hardware than you), I have 5 binary entries: 'Channel Count', 'Channel0', 'Channel1', 'Control Type', and 'Multiple Items', do you have different/additonal items under that key? Last edited by Russ; Feb 7, 2006 at 12:59 AM.

Feb 7, 2006, 11:02 AM	Thread Starter #7
flimbo DriverHeaven Newbie Join Date: Jan 2006 Posts: 11 Rep Power: 0	False positive? I use SpywareBlaster, Spybot, Ad-Aware, Ewido and AVG. All are up to date and scanning with these shows nothing, so I'm guessing it must be a false positive too. I have exactly the same 5 entries under that key as Russ. Last edited by flimbo; Feb 7, 2006 at 11:09 AM.

Feb 6, 2006, 09:23 PM	#2
Maddogg6 Tail Razer Join Date: Jun 2005 Location: Bernyurass, AZ - USA Posts: 4,027 Rep Power: 0	can you post the Ewido report on this? And, how did you come tp the conclusion it was KX related?

Feb 6, 2006, 09:29 PM	Thread Starter #3
flimbo DriverHeaven Newbie Join Date: Jan 2006 Posts: 11 Rep Power: 0	Here is the Ewido report. There is a mention of kx_wave3 at the end of the entry. I let ewido ignore it for now. --------------------------------------------------------- ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 21:27:46, 06/02/2006 + Report-Checksum: F868D663 + Scan result: HKLM\SYSTEM\ControlSet001\Control\DeviceClasses\{6 994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_1102&DEV_0004&SUBSYS_005 11102&REV_03#4&2AF9ED5&0&08F0#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#kx_wave3\Device Parameters\Mixer\2\Controls\0 -> Spyware.IEDriver : Ignored ::Report End

Feb 6, 2006, 10:14 PM	#4
Maddogg6 Tail Razer Join Date: Jun 2005 Location: Bernyurass, AZ - USA Posts: 4,027 Rep Power: 0	well, Im no expert - but I do have this key also - You may want to try other spyware scanners - I think its a false positive... Maybe someone more knowledgable with registry can explain / confirm.??