Hello MikeSW17,
Confirmed. This typelib rule is a FP, we will remove this item from the signature database this week on Wednesday.
Thanks for reporting.
Kind regards,
roberto.
Type: Posts; User: roberto; Keyword(s):
Hello MikeSW17,
Confirmed. This typelib rule is a FP, we will remove this item from the signature database this week on Wednesday.
Thanks for reporting.
Kind regards,
roberto.
Hello Tika,
what Windows version are you running? Is there any update log available?
C:\ProgramData\Spybot - Search & Destroy\Logs\updates.log
Kind regards,
roberto.
Hello Karmar,
we updated the signatures for Win32.Small.azl today. RogueKiller64.exe should not be triggered anymore.
Thanks for reporting this issue.
Kind regards,
Roberto.
Hello Hankt,
I could reproduce this behaviour. So we have updated the detection signatures for "Win32.Qhost.ahnj". The new rules should solve your scanning problem. We will publish this update on...
Hello Kolobokk,
this is not a genuine FP. The domain oldoctober.com is not blacklisted. Live Protection detected this URL as a 'Possible URL Spoofing (Cross Site)' and displayed a warning.
A user...
Hello nespony05,
we can confirm, that flagging this key...
without other SpySheriff items found is a fp (false positive). We will fix this in the next update. Thanks for reporting this.
...
Hello,
Ad.FLVPlayer rules are part of the first signatures that are tested. If the scanner does not progress, it is possible the scanner service crashed. This should be visible within the...
Hello yellowspoon,
We cannot reproduce this issue. We need either the Rule-ID or the sample itself. Please commit the scanner logs and/or the mentioned VisualBasic6 program to fp@spybot.info for...
Hello,
this FP (Win32.Palevo, Trojans-006, Rule id: C5E0F385) was caused by the use of an undefined environment variable. It was fixed with the updates on 2015-04-01.
Thanks for reporting this...
Hello,
tested the latest "NoVirusThanks Anti-Rootkit" installer with our antispyware and antivirus engines. Nothing found with our 2015-01-06 signatures. Please update your scanners and retry.
...
Hello,
we checked the Ad.FLVPlayer rules.
Your scenario was not reproducible in our environment. I tweaked one Ad.FLVPlayer rule to enhance the scan performance and added some more to...
Hello GraceG,
we added signatures for a few 'dosearches.com' variants to our database on 2013-11-20. Please update and rescan your system. E.g. Win32.Agent.exq should be triggered on your system....
Hello drghughes,
thanks for checking this. We did not add detection rules for the installer, since the installer contains also legit files. The adware and PUPS files are optional. We extracted the...
Hello drghughes,
no there is no known fingerprint problem. You just found an installer with an unknown OpenCandy variant.
This installer contains an OCSetupHlp library from 2012 which is dropped...
Hello tekel,
JDownloader is classified as PUP/PUPS, a potentially unwanted program. You may restore your installation from the recovery/quarantine archives.
I decode your post as a 'Request...
Hello,
thanks for reporting this issue. I will write a bug ticket for our development team. Do you have a more detailed 'Autorun' example?
Tested the 'Jump to location' feature on Win 8.1-64...
Hi,
I checked your log. We are sorry. There are some failed copy procedures in the log: 'File operation failed ...'. We posted the log to our development team together with a bug report ticket.
...
Hallo Mops21,
danke für deinen Vorschlag. Wir haben den Wunsch nach Vereinheitlichung an die Entwicklungsabteilung weitergereicht. Aktuell wird an einer 2.3 Version gearbeitet.
Beta Updates und...
Hello,
thanks for reporting the large font issue. I will add a feature request to our bug/issue tracking system.
Kind regards,
Roberto.
Thanks for reporting this issue. This is a bug. We will investigate the issue. Are you able to reach http://av.safer-networking.org or to ping av.safer-networking.org from your PC? Maybe something is...
Hello,
the 'Tarma Installer' is a software package to create Windows Installer packages (MSI) or proprietary Tarma installer packages. Anyone can use an installation creator like 'Tarma Installer'...
Thank you very much for reporting this issue. We have updated our PUPSC database.
Thank you very much for reporting this issue. We have updated our MalwareC database. It will be published today, 2013-09-11.
I wrote a bug ticket for our development team.
Hello,
we are sorry. Updates are postponed one day because of the holidays.
Happy holidays,
roberto.
Hello,
we are sorry. Updates are postponed one day because of the holidays.
Happy holidays,
roberto.
Hallo,
keine Sorge. ACL bedeutet Access Control List/Zugriffssteuerungsliste. Fehlende Adminrechte können auf eine Sicherheitsverletzung hinweisen. In deinem Fall zeigen sie lediglich auf...
Hello,
Please verify the status of your "Close this window after opening link" check box within Start Center.
Broken means they were outdated after an itegrity check?
Hello henriette,
you' re using the latest public version which can be download from
http://forums.spybot.info/downloads.php?id=8
Of course, we are working on a new rootkit scanner. Our...
Thanks. We got your sample for analysis. The file is using kernel functions but at this moment we are not sure, if this really is a rootkit. This could be a part of a legit software. We give this...
Hi Matt,
bitte pruefe einmal die Regel/
please check the following rule:
File:"<$FILE_EXE>","SYS32DLL"
Dem File ist kein Pfad zugeordnet, zudem fehlt die Dateiendung/
There is no file...
Hallo Matt,
Du kannst auch gern auf Deutsch schreiben, aber dann verstehen dich halt weniger Menschen hier im Forum.
[HJT-Kommentare]
Es ist einfacher nachzuvollziehen, was gemeint war.
Hallo Matt,
with a german paragraph:
> AutoRun:"2cc32117","<$SYSDIR>\bumokoju.dll","flagifnofile=1"
If "2cc32117" is a variable name field, a generic approach would be better.
Hallo Matt,
especially for Matt in German:
Wir sind in einem englischsprachigen Subforum. Ich dachte vielleicht beteiligt sich jemand Drittes, der kein Deutsch versteht. Es wäre hilfreich,...
Hi Matt,
1) Please open regedit.exe and click to:
HKEY_LOCAL_MACHINE\SOFTWARE\System\CurrentControlSet
Are you sure this is a legit path?
2) RegyKey deletes a registry key. Usually we...
Hallo Matt,
sieht gut aus. Zwei marginale Änderungsvorschläge:
1) Das Leerzeichen vor "filesize>=1" entfernen.
2) Für "c:\windows\system32\" kannst du auch die Systemvariable "<$SYSDIR>\"...
Hallo,
> Weiß man, woher das gekommen sein könnte bzw. was das überhaupt war?
Castlecops führt als Beschreibung "CDS protection" auf. Vielleicht ist das ein Kopierschutz?
...
Hallo fradiot,
es liegt kein Fehlarlarm vor. Du hast dir vermutlich ein Zlob-Rootkit eingefangen.
zu 1) 85.255.112.110 und 85.255.112.104 sind betrügerische DNS-Server und bekannte...
Hallo fradiot,
Um zu klären, ob ein Fehlalarm vorliegt bitte folgende Schritte ausführen:
1) regedit.exe aufrufen.
Über Start/Ausführen/regedit.exe starten.
Bitte einmal zu...
Hi,
there must be a unknown file which reinstalls the infection.
Please run a Kaspersky Online Scan and post next the report.
Kind regards,
Roberto.
Hi,
What Spybot S&D version are you using? Did You update your Spybot S&D with the Beta detection rules?
I need the exact dialog or error messages to give you further assistance.
Please run...
Hi,
Run HijackThis and place a check beside each of the following. Detete all entries:
O2 - BHO: (no name) - {54ae9386-48a5-445a-b4d2-2abd1ab820e0} - C:\WINDOWS\system32\efsomn.dll (file...
Hi,
Run HijackThis and place a check beside each of the following.:
O3 - Toolbar: etlrlws - {F6960268-5DC1-40B2-A236-F380F3329D7B} - C:\WINDOWS\etlrlws.dll (file missing)
O20 - Winlogon...
Hallo mczincila,
As a first solution, please update your copy of Spybot-S&D to make sure you're not referring to a problem that has been solved recently.
Spybot-S&D 1.4 is available; if you are...