Teatimer 1.6.6.32 False Positives

[metaed]

I installed Adobe Reader 9.1 today. (This was because of a security advisory for 9.0 reported by Secunia PSI.)

I received a security alert from TeaTimer similar to the one above, but for Cydoor. Here is the log entry:

3/17/2009 9:15:11 AM Encountered and terminated Cydoor in C:\Program Files\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A91000000001}\AirShareInstaller.exe!

This alert occurred once at the end of the Adobe Reader installation. It has not yet occurred again.

My operating system is Windows XP Home Edition SP3.

My browser is Google Chrome 1.0.154.48.

About TeaTimer gives 1.6.2.0, system settings protector 1.6.6.32. Info & License gives 1.6.2.46, latest detection update 3/11/2009.

Best wishes,

Edward

[Yodama]

hello,
thank you for reporting this issue.

I still have not been able to recreate the circumstances which provokes these false positives. Since Teatimer identifies the same AirShareInstaller.exe as Cydoor now it is very likely that Teatimer was not able to properly determine the file properties and went wrong.
Are you running other active protection software or other software in background which may scan and/or lock files on access? If that is the case we may have an incompatibility issue.

[129260]

@yodama:

Thank you. I just thought that this is really odd behavior for teatimer. Also, maybe this might help, since you mentioned there is a possible issue with incompatibility with another program.

I run the following security programs:

Windows defender, spybot (of course), Avast!, and malware bytes. Although malware bytes is scan only and does not run unless the program is launched, i thought i would still mention it. I was not running any scans or anything during that time. Just installing the latest update for adobe.

@metaed:

It's interesting that you and I have this flagged by teatimer as something different. Like Yodama stated, it might be a compatibility issue. Can you check and see if you have the same security software that i have above listed?

[metaed]

These two other applications are also resident on my PC and scanning files for signatures.

Secunia PSI 1.0.0.3
Avast On-Access Scanner, part of Avast 4.8 Professional, build Feb2009 (4.8.1335)

[Yodama]

Thank you for your information on this.
Since both of you have Avast installed I will check on this first to see if there are any issues combined with Teatimer.
I will keep you updated on the results.

[Yodama]

Test with Avast and Teatimer is done and they do not appear to collide.

Looks like I have to continue checking on the other apps.

[129260]

I also forgot to mention that i had secunia psi installed as well, that is what offered me the update to adobe. I just noticed that the other user had that as well. I wonder if secunia psi is the root of the compatibility issue? I highly doubt it, but it might be worth a look...

Also, thanks Yodama for looking into this. Hopefully we can figure out what is going on here with teatimer.

[spy1]

I got a similar thing yesterday afternoon:

3/18/2009 11:35:07 PM Allowed (based on user decision) value "Adobe Reader Speed Launcher" (new data: ""C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"") added in System Startup global entry!
3/18/2009 11:35:07 PM Encountered and terminated PestCapture in C:\WINDOWS\System32\msiexec.exe!

Pest Capture? Both log entries have identical times and it happened during the Adobe automatic update.

This is on a WinXP Pro system, SP3 - SpyBot 1.6.2.0, System Settings Protector 1.6.6.32

Sunbelt Personal Firewall, IDBlaster, MRUBlaster, KeyScrambler, NOD32, TH Guard all running resident. Pete

[spy1]

I forgot to mention that I have Secunia PSI running here, too. Pete

[Yodama]

thank you for the additional information.

I checked Secunia PSI. There is no indication that it is involved in the Teatimer issue. There appear to be no issues between Teatimer and Secunia PSI.

Maybe I have to look at this issue from a different angle.