Page 2 of 2 FirstFirst 12
Results 11 to 19 of 19

Thread: "Phoenix" False Positive

  1. #11
    Junior Member
    Join Date
    Dec 2005
    Location
    Salem, OR
    Posts
    4

    Default

    It does still flag the folder and a registry entry for the start menu. I do know that on the 2005-11-25 release it flagged one more directory (Which was the Start Menu folder) than with the 2005-12-2 release.

    But it is still flagging the Phoenix folder in Program Files and the registry entry HKEY_USERS\S-1-5-21-183062753-716789552-782984527-1054\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Phoenix.

  2. #12
    Junior Member mustbethedecaf's Avatar
    Join Date
    Dec 2005
    Location
    East Coast USA
    Posts
    1

    Default Just Making Sure I understand this...

    (12/8/05) I just want to be clear on this before I continue ignoring the popup (because I'm reinstalling a computer and it's programs, and I can't reinstall a program if I keep deleting it's 'setup' SS&D-flagged-Phoenix file.)

    Again, the public should still believe this is definitely a false positive, if a Setup.exe or a Setup1.exe is being flagged post 11/25 as Phoenix by an up-to-date install of SS&D (which *same exact file* was not flagged prior on the same system, and while at the same time all other current day security software today does not flag the same file), am I correct ?

    Thanks for the clarification.


    (Update 12/10/05) Just a quick note: as of just now, both a full scan and Resident no longer flag this. Appreciate all the hard work you do, and wishing you all a wonderful weekend!
    Last edited by mustbethedecaf; 2005-12-10 at 17:12.

  3. #13
    Junior Member
    Join Date
    Dec 2005
    Location
    Salem, OR
    Posts
    4

    Default Phoenix

    With the new release from 2005-12-09 it is still flagging the Phoenix folder in Program Files and a registry entry.

    Just letting you know.

  4. #14
    Spybot Advisor Team [Retired] md usa spybot fan's Avatar
    Join Date
    Oct 2005
    Posts
    5,859

    Default

    Mike_F:

    Please post the actual detection(s) that you are receiving and perhaps Buster can figure out what’s wrong with the detections and get the problem fixed with the next update.

    Run another scan. After you are done, right click on the results list and select "Copy results to clipboard" then paste the clipboard into a new post.

    Getting an answer is one thing, learning is another.


    Microsoft Windows XP Home Edition running on a 2.40GHz Intel® Pentium® 4 Processor with 512 MB of RAM and a 533 MHz System Bus.

  5. #15
    Member of Team Spybot Buster's Avatar
    Join Date
    Oct 2005
    Location
    Bochum/Germany
    Posts
    389

    Default

    @Mike_F
    I just send you a pm!
    "The advantage of wisdom is that you can always act the fool. The opposite is quite tough."

    K. Tucholsky

    _______________________________________________________________

    Please help us improve Spybot and download our distributed testing client.

  6. #16
    Junior Member
    Join Date
    Dec 2005
    Location
    Salem, OR
    Posts
    4

    Default

    I sent you out a PM Buster.

  7. #17
    Junior Member GladToBeGrey's Avatar
    Join Date
    Dec 2005
    Location
    Dorset, England
    Posts
    4

    Exclamation

    Yesterday I tried again to install Earthwatch 4.01 (see earlier entries in this thread), and again SSD Resident flagged the Setup as Phoenix and killed it. :(

    Got the same popup message as given in the earlier thread entry - #7.

    The properties of the 'offending' program are given as

    Description: Setup Bootstrap for Visual Basic Setup Toolkit
    Version: 6.0.81.69
    Copyright: Copyright © 1987-1998 Microsoft Corp.

    The program name is : setup.exe.

    Disabling SSDR allowed the setup to run. Subsequent SSD (2005-12-9 update), Ad-Aware and AVG scans report no problems
    Last edited by GladToBeGrey; 2005-12-14 at 11:28.

  8. #18
    Member of Team Spybot Buster's Avatar
    Join Date
    Oct 2005
    Location
    Bochum/Germany
    Posts
    389

    Default

    I finally found the entry which is responsible for the fp with earthwatch. It will be fixed in the next update going to be released tomorrow.
    "The advantage of wisdom is that you can always act the fool. The opposite is quite tough."

    K. Tucholsky

    _______________________________________________________________

    Please help us improve Spybot and download our distributed testing client.

  9. #19
    Junior Member GladToBeGrey's Avatar
    Join Date
    Dec 2005
    Location
    Dorset, England
    Posts
    4

    Default Earthwatch FP banished

    Buster, just to confirm that I have reinstalled Earthwatch successfully - the false positive has gone

    Thanks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •