Hi guys, basically I was running anti spyware on my Outpost Firewall Pro, and it picked up Winvestigator. I did little research and its a terrible program, so without hesitation, I did a full network reformat. I reformatted every single computer.
Everything seemed to be fine, mind you I never had problems, and never could find any problems on the pc, thats with running NOD32 paid, AVG Free, Avast 4.8 etc. No problems with spybot nor Ad ware.
Unfortunately I just scanned one of my machines now, and had the same issue, Mind this is a clean install, server, so with barely any software installed. So I figured ok something is wrong, either someone is hacking my network, or this is a false positive. No one appears to be hacking me, so seems to be a false positive.
Anyhow Outpost when it quarentines, this file, is shows as a registry key.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\wvFile
That suposely Winvestigator uses, this is the key outpost quarantined. This time I did not delete the thing, I restored it and traced it back into Windows Registry editor. I went then to see what this file points at, and it says WavPack Lossless Audio, I think its from the Combined Community Pack. Its the only thing aside from the basic software installed that I installed and that was installed in this pc and before and after reformating.
Also when I reformated, I grabbed all new EXE's from trusted sources, etc. So I am pretty perplexed. Could this be a false positive? Thanks!
ps. Inside of the key its pointing to windows media player 11.
pss. I checked another PC, it doesnt seem to be CCCP, I used the same Executables for both installs, and the other computer doesn't have the vwfile key, I am a bit lost now , no problems on any anti virus or spyware scans. Outpost is the only one that picks this up. The real question is how was this thing installed, and from what program. I used the same programs on both computers, yet this one has that key, the other doesn't. I am hoping someone chimes in. ALL software is legit and paid for, not sure honestly
Everything seemed to be fine, mind you I never had problems, and never could find any problems on the pc, thats with running NOD32 paid, AVG Free, Avast 4.8 etc. No problems with spybot nor Ad ware.
Unfortunately I just scanned one of my machines now, and had the same issue, Mind this is a clean install, server, so with barely any software installed. So I figured ok something is wrong, either someone is hacking my network, or this is a false positive. No one appears to be hacking me, so seems to be a false positive.
Anyhow Outpost when it quarentines, this file, is shows as a registry key.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\wvFile
That suposely Winvestigator uses, this is the key outpost quarantined. This time I did not delete the thing, I restored it and traced it back into Windows Registry editor. I went then to see what this file points at, and it says WavPack Lossless Audio, I think its from the Combined Community Pack. Its the only thing aside from the basic software installed that I installed and that was installed in this pc and before and after reformating.
Also when I reformated, I grabbed all new EXE's from trusted sources, etc. So I am pretty perplexed. Could this be a false positive? Thanks!
ps. Inside of the key its pointing to windows media player 11.
pss. I checked another PC, it doesnt seem to be CCCP, I used the same Executables for both installs, and the other computer doesn't have the vwfile key, I am a bit lost now , no problems on any anti virus or spyware scans. Outpost is the only one that picks this up. The real question is how was this thing installed, and from what program. I used the same programs on both computers, yet this one has that key, the other doesn't. I am hoping someone chimes in. ALL software is legit and paid for, not sure honestly
Last edited: