Probable FP of SpyBossPro keylogger

[rain40]

Code:

--- Search result list ---
SpyBossPro: [SBI $73400C3C]  Data (File, nothing done)
  C:\WINDOWS\system32\Memman.vxd


--- Spybot - Search & Destroy version: 1.5.2  (build: 20080128) ---

2008-01-28 blindman.exe (1.0.0.7)
2008-01-28 SDDelFile.exe (1.0.2.4)
2008-01-28 SDMain.exe (1.0.0.5)
2007-10-07 SDShred.exe (1.0.1.2)
2008-01-28 SDUpdate.exe (1.0.8.8)
2008-01-28 SDWinSec.exe (1.0.0.11)
2008-01-28 SpybotSD.exe (1.5.2.20)
2008-01-28 TeaTimer.exe (1.5.2.16)
2005-11-06 unins000.exe (51.41.0.0)
2008-02-09 unins001.exe (51.49.0.0)
2008-01-28 Update.exe (1.4.0.6)
2007-08-31 _SpybotSD.exe (1.5.1.15)
2008-01-28 advcheck.dll (1.5.4.5)
2007-04-02 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2007-11-17 DelZip179.dll (1.79.7.4)
2008-01-28 SDFiles.dll (1.5.1.19)
2008-01-28 SDHelper.dll (1.5.0.11)
2008-01-28 Tools.dll (2.1.3.3)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2008-04-16 Includes\Adware.sbi (*)
2008-05-28 Includes\AdwareC.sbi (*)
2008-05-21 Includes\Beta.sbi (*)
2007-11-06 Includes\Beta.uti
2008-05-28 Includes\Cookies.sbi (*)
2007-12-26 Includes\Dialer.sbi (*)
2008-05-28 Includes\DialerC.sbi (*)
2008-05-28 Includes\HeavyDuty.sbi (*)
2008-05-28 Includes\Hijackers.sbi (*)
2008-05-28 Includes\HijackersC.sbi (*)
2008-04-30 Includes\Keyloggers.sbi (*)
2008-05-28 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2008-05-28 Includes\Malware.sbi (*)
2008-05-28 Includes\MalwareC.sbi (*)
2008-03-26 Includes\PUPS.sbi (*)
2008-05-28 Includes\PUPSC.sbi (*)
2008-05-28 Includes\Revision.sbi (*)
2008-01-09 Includes\Security.sbi (*)
2008-05-28 Includes\SecurityC.sbi (*)
2008-04-16 Includes\Spybots.sbi (*)
2008-05-28 Includes\SpybotsC.sbi (*)
2008-04-16 Includes\Spyware.sbi (*)
2008-05-28 Includes\SpywareC.sbi (*)
2007-11-06 Includes\Tracks.uti
2008-05-28 Includes\Trojans.sbi (*)
2008-05-28 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2008-12-24 Plugins\TCPIPAddress.dll

Same Memman.vxd as mentioned in this thread:
http://forums.spybot.info/showthread.php?t=28544

I was unable to find additional information on this keylogger, but I'm assuming it requires more than just the one file to work, therefore my diagnosis.

[md usa spybot fan]

rain40:

You may be entirely correct that the detection of "C:\WINDOWS\system32\Memman.vxd" as "SpyBossPro" is a false positive. I also realize that the detections of the file "Memman.vxd" has been identified as a false positives in the past. With that in mind, I offer the following.

Firstly, when I detect what I consider a possible false positive, I submitted the file to both of the following online scanners to ensure that it is not being detected by other anti-malware products:

• Online malware scan (virusscan.jotti.org)
• VIRUSTOTAL - Free Online Virus and Malware Scan (Virustotal.com)

Secondly, I suggest that you follow the recommendations in post #2 of the thread you referenced and send a copy of the file to Team Spybot so that they can analyze the file and determine:

• If it is in fact a false positive or not.
  --- and/or
• How to improve the detection signatures to separated possible from the real detections vs. false detections.

If you decide to send a copy of the file to Team Spybot, please reference this thread so that they have some background information.

... I was unable to find additional information on this keylogger, …

A Google search for the file "Memman.vxd" yields many hits.

... but I'm assuming it requires more than just the one file to work, therefore my diagnosis.

Possibly, but a .vdx file is a Virtual Device Driver (also called Value-added Driver) and is used in association with .exe files and therefore may constitute an actual threat.

[Yodama]

hello,

sorry for this reoccurring false positive, I forgot to check if this file was detected by another rule set. This will be fixed asap.