PDA

View Full Version : nsi83.tmp FP for HotsearchBar



jmorlan
2007-02-01, 18:41
Latest defs reported this FP. It is actually file created by OnDemand.exe OnDemand is a small program that loads PopFile and your email client at the same time and exits PopFile after you exit your email client. In this case I had OnDemand running while Spybot was scanning and it picked it up. Exiting OnDemand removed the temporary file.

HotsearchBar: Temporary file (File, nothing done)
C:\Documents and Settings\User\Local Settings\Temp\nsi83.tmp

--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-05-31 TeaTimer_original.exe (1.4.0.2)
2005-06-01 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-01-15 advcheck.dll (1.2.1.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2007-01-02 Tools.dll (2.0.1.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-01-26 Includes\Cookies.sbi (*)
2006-12-08 Includes\Dialer.sbi (*)
2007-01-26 Includes\DialerC.sbi (*)
2006-11-24 Includes\Hijackers.sbi (*)
2007-01-26 Includes\HijackersC.sbi (*)
2006-10-27 Includes\Keyloggers.sbi (*)
2007-01-26 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2007-01-12 Includes\Malware.sbi (*)
2007-01-26 Includes\MalwareC.sbi (*)
2004-08-11 Includes\plugin-ignore.ini
2007-01-19 Includes\PUPS.sbi (*)
2007-01-26 Includes\PUPSC.sbi (*)
2007-01-26 Includes\Revision.sbi (*)
2006-12-08 Includes\Security.sbi (*)
2007-01-26 Includes\SecurityC.sbi (*)
2007-01-26 Includes\Spybots.sbi (*)
2007-01-26 Includes\SpybotsC.sbi (*)
2005-02-17 Includes\Tracks.uti
2006-12-08 Includes\Trojans.sbi (*)
2007-01-26 Includes\TrojansC.sbi (*)

Buster
2007-02-02, 08:33
First of all, as it is only a .tmp file it won´t do any harm to delete this file. But to adjust our detection rules I would like to take a closer look at the nsi83.tmp. Please send an email to detections(at)spybot.info with that file attached. Thanks in advance! ;)

jmorlan
2007-02-02, 18:44
The filename apparently changes when OnDemand.exe runs. I have sent you a copy of nsd72.tmp the filename created by OnDemand today. I don't know how it may differ from yesterday's nsi83.tmp which caused the false positive, but I just tested it with Spybot S&D and got the same FP with it.

These temporary files cannot be easily deleted or copied while OnDemand is running and they disappear when OnDemand closes. I used Unlocker to copy this file for you.

Thank you for your interest.