Page 1 of 3 123 LastLast
Results 1 to 10 of 22

Thread: Tablet PC functionality incorrectly labeled at Smitfraud-C

  1. #1
    Junior Member
    Join Date
    Nov 2006
    Posts
    7

    Default Tablet PC functionality incorrectly labeled at Smitfraud-C

    The latest updates for Spybot (most dated 3 November) seem to recognize some key Tablet PC functionality as a threat and delete it. The damage can be undone with Windows XP System Restore.

    Spybot detects what it refers to as "Smitfraud-C.Toolbar888", and flags the following registry entries as problems:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\TabBtnWL
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\Sebring

    It offers to fix the "problem", and if you then re-boot you find that the "Change tablet and pen settings" icon is missing from the tray and many Tablet buttons are disabled (on Motion Computing LS800 the Escape, Function, 5-way directional control button, Motion Dashboard button and Rotate Display button, yet the programs seem to launch properly if invoked by clicking on shortcuts).

    System Restore to a time immediately before running Spybot fixes the problem.

    I've reproduced this problem in a case in which the only item I allowed Spybot to fix was "Smitfraud-C.Toolbar888".

  2. #2
    Junior Member
    Join Date
    Nov 2006
    Posts
    2

    Default

    I agree with this. SpyBot detect

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\Sebring as "Smitfraud-C.Toolbar888".

    It only depends on this value if SpyBot found the Toolbar or not. If i disable the Sebring (LgNofity.dll) Value, there's no alarm.

    But i see too, SpyBot isn't able to delete this file...
    I could check it, it's say, it try's or will does, but in real it doesn't do anything to the value of Sebring...

    So, 1 Day lost, because I'm so paranoid of this. Nobody (virustotal) found anything, but wanted to get save in this information..

    So long, and sorry for my english.. ;-)

  3. #3
    Member of Team Spybot Buster's Avatar
    Join Date
    Oct 2005
    Location
    Bochum/Germany
    Posts
    389

    Default

    We will fix this false positive as soon as possible. Thanks for reporting!
    "The advantage of wisdom is that you can always act the fool. The opposite is quite tough."

    K. Tucholsky

    _______________________________________________________________

    Please help us improve Spybot and download our distributed testing client.

  4. #4
    Junior Member
    Join Date
    Nov 2006
    Posts
    10

    Default

    Quote Originally Posted by Buster View Post
    We will fix this false positive as soon as possible. Thanks for reporting!
    Thanks for actioning this quickly, Buster - caused me some puzzlement yesterday - http://www.tek-tips.com/viewthread.c...1298163&page=1

    I hope it's updated soon

  5. #5
    Junior Member
    Join Date
    Nov 2006
    Posts
    1

    Default Help!!

    Quote Originally Posted by Buster View Post
    We will fix this false positive as soon as possible. Thanks for reporting!
    HELP- I ran the scan on my HP 4200 and now my tablet features are disabled. I cannot do a system restore. Can you walk me through a reg edit to fix this???

  6. #6
    Junior Member
    Join Date
    Nov 2006
    Posts
    10

    Default

    Quote Originally Posted by refractorygod View Post
    HELP- I ran the scan on my HP 4200 and now my tablet features are disabled. I cannot do a system restore. Can you walk me through a reg edit to fix this???
    I've had a quick dig around but only come up with:-
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\TabBtnWL
    ?
    ?
    and:-
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\Sebring
    Dllname: C:\WINDOWS\System32\LgNotify.dll
    Logon: SebringUserLogon


    I'll reboot to XP and see what I have ... back soon.

  7. #7
    Spybot Advisor Team [Retired] md usa spybot fan's Avatar
    Join Date
    Oct 2005
    Posts
    5,859

    Default

    refractorygod:

    Did you check in Spybot > Recovery and see if the removed entries can be restored?

    Getting an answer is one thing, learning is another.


    Microsoft Windows XP Home Edition running on a 2.40GHz IntelŪ PentiumŪ 4 Processor with 512 MB of RAM and a 533 MHz System Bus.

  8. #8
    Junior Member
    Join Date
    Nov 2006
    Posts
    10

    Default

    Quote Originally Posted by md usa spybot fan View Post
    refractorygod:

    Did you check in Spybot > Recovery and see if the removed entries can be restored?
    And have you tried System Restore?

    (my Registry entries may not match those removed from your PC)

  9. #9
    Spybot Advisor Team [Retired] md usa spybot fan's Avatar
    Join Date
    Oct 2005
    Posts
    5,859

    Default

    satrow:

    refractorygod indicated:

    Quote Originally Posted by refractorygod View Post
    ... I cannot do a system restore. ...

    Getting an answer is one thing, learning is another.


    Microsoft Windows XP Home Edition running on a 2.40GHz IntelŪ PentiumŪ 4 Processor with 512 MB of RAM and a 533 MHz System Bus.

  10. #10
    Junior Member
    Join Date
    Nov 2006
    Posts
    10

    Default

    Point taken, I missed it.

    Often happens that SR will work the next time or the following day even though it fails first time (if that's what happened in this case).

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •