SpyLantern

[jceac]

Hi

Windows XP Home
Firefox 2.0.0.12
Spybot S&D Ver. 1.5.1.16, last updated 2/13/2008

The result I'm questioning is SpyLantern. There were two entries detected in HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Srv and HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Srv.

I was wondering if these could be false positives. I'm a pretty safe browser and I stick pretty much to a routine number of sites I visit (about 10-15) and have never encountered problems before.

Scan was done today, 2/14/2008 at about 11:00AM.
I don't rememeber seeing any messages from TeaTimer.

Here are the result logs:

Checks.080214-1046.log:
14.02.2008 10:46:26 - ##### check started #####
14.02.2008 10:46:26 - ### Version: 1.5
14.02.2008 10:46:26 - ### Date: 2/14/2008 10:46:26 AM
14.02.2008 10:46:27 - ##### checking bots #####
14.02.2008 10:49:24 - found: SpyLantern Settings
14.02.2008 10:49:24 - found: SpyLantern Settings
14.02.2008 11:01:23 - ##### check finished #####

Checks.080214-1101.txt:
--- Report generated: 2008-02-14 11:01 ---

SpyLantern: [SBI $F42C2B15] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Srv

SpyLantern: [SBI $B2FE1E71] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Srv


--- Spybot - Search & Destroy version: 1.5 (build: 20070924) ---

2007-08-31 blindman.exe (1.0.0.6)
2007-08-31 SDMain.exe (1.0.0.4)
2007-08-31 SDUpdate.exe (1.0.6.4)
2007-08-31 SDWinSec.exe (1.0.0.8)
2007-09-24 SpybotSD.exe (1.5.1.16)
2007-08-31 TeaTimer.exe (1.5.0.9)
2007-10-23 unins000.exe (51.46.0.0)
2007-08-31 Update.exe (1.4.0.5)
2007-08-31 advcheck.dll (1.5.3.0)
2007-04-02 aports.dll (2.1.0.0)
2007-04-02 DelZip179.dll (1.79.5.3)
2007-08-31 SDHelper.dll (1.5.0.8)
2007-08-31 Tools.dll (2.1.2.0)
2008-02-13 Includes\Cookies.sbi (*)
2007-12-26 Includes\Dialer.sbi (*)
2008-02-13 Includes\DialerC.sbi (*)
2008-02-13 Includes\HeavyDuty.sbi (*)
2008-02-13 Includes\Hijackers.sbi (*)
2008-02-13 Includes\HijackersC.sbi (*)
2008-02-13 Includes\Keyloggers.sbi (*)
2008-02-13 Includes\KeyloggersC.sbi (*)
2008-02-13 Includes\Malware.sbi (*)
2008-02-13 Includes\MalwareC.sbi (*)
2007-10-24 Includes\PUPS.sbi (*)
2008-02-13 Includes\PUPSC.sbi (*)
2008-02-13 Includes\Revision.sbi (*)
2008-01-09 Includes\Security.sbi (*)
2008-02-13 Includes\SecurityC.sbi (*)
2008-02-13 Includes\Spybots.sbi (*)
2008-02-13 Includes\SpybotsC.sbi (*)
2007-11-06 Includes\Tracks.uti
2008-02-13 Includes\Trojans.sbi (*)
2008-02-13 Includes\TrojansC.sbi (*)
2008-12-24 Plugins\TCPIPAddress.dll

Fixes.080214-1101.txt:
--- Report generated: 2008-02-14 11:01 ---

SpyLantern: [SBI $F42C2B15] Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Srv

SpyLantern: [SBI $B2FE1E71] Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Srv


--- Spybot - Search & Destroy version: 1.5 (build: 20070924) ---

2007-08-31 blindman.exe (1.0.0.6)
2007-08-31 SDMain.exe (1.0.0.4)
2007-08-31 SDUpdate.exe (1.0.6.4)
2007-08-31 SDWinSec.exe (1.0.0.8)
2007-09-24 SpybotSD.exe (1.5.1.16)
2007-08-31 TeaTimer.exe (1.5.0.9)
2007-10-23 unins000.exe (51.46.0.0)
2007-08-31 Update.exe (1.4.0.5)
2007-08-31 advcheck.dll (1.5.3.0)
2007-04-02 aports.dll (2.1.0.0)
2007-04-02 DelZip179.dll (1.79.5.3)
2007-08-31 SDHelper.dll (1.5.0.8)
2007-08-31 Tools.dll (2.1.2.0)
2008-02-13 Includes\Cookies.sbi (*)
2007-12-26 Includes\Dialer.sbi (*)
2008-02-13 Includes\DialerC.sbi (*)
2008-02-13 Includes\HeavyDuty.sbi (*)
2008-02-13 Includes\Hijackers.sbi (*)
2008-02-13 Includes\HijackersC.sbi (*)
2008-02-13 Includes\Keyloggers.sbi (*)
2008-02-13 Includes\KeyloggersC.sbi (*)
2008-02-13 Includes\Malware.sbi (*)
2008-02-13 Includes\MalwareC.sbi (*)
2007-10-24 Includes\PUPS.sbi (*)
2008-02-13 Includes\PUPSC.sbi (*)
2008-02-13 Includes\Revision.sbi (*)
2008-01-09 Includes\Security.sbi (*)
2008-02-13 Includes\SecurityC.sbi (*)
2008-02-13 Includes\Spybots.sbi (*)
2008-02-13 Includes\SpybotsC.sbi (*)
2007-11-06 Includes\Tracks.uti
2008-02-13 Includes\Trojans.sbi (*)
2008-02-13 Includes\TrojansC.sbi (*)
2008-12-24 Plugins\TCPIPAddress.dll

Thanks for any input!

[Smilin Jack]

Same issue this morning as above.
SB version 1.5.1.17 with updates done just prior to scanning this morning 2-15-2008.

[tashi]

Thank you, I left a note for our detectives with a link to this topic.

Regards.

[Reiley321]

Got today after installing updates from the 13th

[Yodama]

Thank you for reporting this false positive.
This will be corrected with the next detection update.

[jceac]

i already "fixed" this when i got the detection, does this mean i can recover it safely? were these two entries anything important?

[Yodama]

i already "fixed" this when i got the detection, does this mean i can recover it safely? were these two entries anything important?

Yes you can safely recover these entries. They are related to Windows network sharing.