PDA

View Full Version : Smitfraud-c Toolbar888



vanderhoff
2007-01-03, 22:03
Hi, Can someone please tell me if the Spybot result showing Smitfraud-C Toolbar888 as a Reg entry HKEY_USERS\S-1-5-21-4190550987-2138113849-4060233106-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A}, is in fact a false positive or not? It has a 'value not set' in Reg Editor, and have never had any pop-ups, page redirections, or slow downs.

Thanks

MisterW
2007-01-04, 15:18
I can confirm that it is a false positive that will be fixed with the next update scheduled for friday :oops:

regards,
Markus

stiofan2
2007-01-04, 20:01
Similarly, I got HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ showing as Smitfraud-c.toolbar888, but I haven't noticed any obvious problems. Is this a false positive as well? Did I do any damage by allowing Spybot to fix this? If so, how can I undo it?

Thanks.

Anon1234
2007-01-07, 20:34
I get what I believe to be a false positive after installing a program called CatSpy (www.catspy.de) which is a web camera monitoring tool.

I've never had any popups, etc. Here's the report from spybot:

Smitfraud-C.Toolbar888: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\CatSpyWinlogonNP

--- Spybot - Search && Destroy version: 1.3 ---

Buster
2007-01-08, 08:11
Please download the latest updates. This should solve the problem. If you do not know how to use the update function yet, here's a short tutorial including a screenshot: http://www.safer-networking.org/en/howto/update.html

md usa spybot fan
2007-01-08, 08:21
Anon1234:

Unless you are running Windows 95 you should also upgrade to Spybot-S&D 1.4.

stiofan2
2007-01-10, 17:19
Okay, I upgraded from 1.3 to 1.4, also updated the definitions from 12/29/06 to 1/5/07. Then did a Recover to undo the fix that S&D 1.3 did on 1/3/07. This restored the value "C:\Windows\System32\Rename.exe" to the registry keys HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ and HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\. Finally, did a scan using 1.4 and the latest updates, which showed no problem.

Thanks to all for the helpful information!