Friday, March 2, 2007

a-squared Free 2.1 found Trace.File.PC Tattletale on Vista

I run a scan using a-squared Free 2.1.0.12 on Windows Vista and found Trace.File.PC Tattletale with the trace: C:\Windows\system32\winload.exe.

The only problem is that winload.exe is the boot loader in Windows Vista and should not be removed just like that.

Windows Vista includes new boot loader components that are designed to load Windows quicker and more securely. The traditional Windows NT boot loader, ntldr, is replaced by three components:

  • Windows Boot Manager (Bootmgr.exe)
  • Windows operating system loader (Winload.exe)
  • Windows resume loader (Winresume.exe)

winload.exe is also the name of a spyware program, PC Tattletale. This program has nothing to do with the Windows Vista startup process.

1 comment:

  1. Restored comment
    by Chris Quirke
    Jenny: It doesn't matter what it's "supposed" to be used for; it's stealth software that acts against the user's interests - and that makes it malware, IMO.

    Many of these intrusions start with some justification like "oh, it's just to keep the kids safe", etc. and then you find the snoopware being used by ex-partners, stalkers etc. so AFAIK, I'm glad it gets detected.

    The problem is that if A-Squared is not rigorous enough to sanity-check against internal parts of Vista that are required to boot the OS, a mis-detection and clean-up could kill the system.

    ReplyDelete