PDA

View Full Version : FP for Smitfraud-C. with 3/7/2007 updates?



antdude
2007-03-08, 07:30
I never had this one before, but I am not sure if it is a false positive or not:

Smitfraud-C.: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SVKP

Smitfraud-C.: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SVKP

DoubleClick: Tracking cookie (Mozilla: ant) (Cookie, fixed)


HitBox: Tracking cookie (Mozilla: ant) (Cookie, fixed)


HitBox: Tracking cookie (Mozilla: ant) (Cookie, fixed)


HitBox: Tracking cookie (Mozilla: ant) (Cookie, fixed)


Statcounter: Tracking cookie (Mozilla: ant) (Cookie, fixed)


Statcounter: Tracking cookie (Mozilla: ant) (Cookie, fixed)


Statcounter: Tracking cookie (Mozilla: ant) (Cookie, fixed)


Statcounter: Tracking cookie (Mozilla: ant) (Cookie, fixed)


Statcounter: Tracking cookie (Mozilla: ant) (Cookie, fixed)


Statcounter: Tracking cookie (Mozilla: ant) (Cookie, fixed)


Statcounter: Tracking cookie (Mozilla: ant) (Cookie, fixed)


Statcounter: Tracking cookie (Mozilla: ant) (Cookie, fixed)


Statcounter: Tracking cookie (Mozilla: ant) (Cookie, fixed)


Statcounter: Tracking cookie (Mozilla: ant) (Cookie, fixed)


Statcounter: Tracking cookie (Mozilla: ant) (Cookie, fixed)


Statcounter: Tracking cookie (Mozilla: ant) (Cookie, fixed)


Statcounter: Tracking cookie (Mozilla: ant) (Cookie, fixed)


Statcounter: Tracking cookie (Mozilla: ant) (Cookie, fixed)


Statcounter: Tracking cookie (Mozilla: ant) (Cookie, fixed)


Statcounter: Tracking cookie (Mozilla: ant) (Cookie, fixed)


HitsLink: Tracking cookie (Mozilla: ant) (Cookie, fixed)


WebTrends live: Tracking cookie (Mozilla: ant) (Cookie, fixed)


CoreMetrics: Tracking cookie (Mozilla: ant) (Cookie, fixed)


CoreMetrics: Tracking cookie (Mozilla: ant) (Cookie, fixed)



--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-06-01 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-01-15 advcheck.dll (1.2.1.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2007-01-02 Tools.dll (2.0.1.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-03-07 Includes\Cookies.sbi (*)
2006-12-08 Includes\Dialer.sbi (*)
2007-03-07 Includes\DialerC.sbi (*)
2007-02-07 Includes\Hijackers.sbi (*)
2007-03-07 Includes\HijackersC.sbi (*)
2006-10-27 Includes\Keyloggers.sbi (*)
2007-03-07 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2007-02-14 Includes\Malware.sbi (*)
2007-03-07 Includes\MalwareC.sbi (*)
2007-01-19 Includes\PUPS.sbi (*)
2007-03-07 Includes\PUPSC.sbi (*)
2007-03-07 Includes\Revision.sbi (*)
2006-12-08 Includes\Security.sbi (*)
2007-03-07 Includes\SecurityC.sbi (*)
2007-02-02 Includes\Spybots.sbi (*)
2007-03-07 Includes\SpybotsC.sbi (*)
2005-02-17 Includes\Tracks.uti
2007-03-07 Includes\Trojans.sbi (*)
2007-03-07 Includes\TrojansC.sbi (*)


What do you think? Thank you in advance. :)

antdude
2007-03-08, 07:32
I exported my registry keys for the suspects:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SVKP]
"Type"=dword:00000001
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):5c,00,3f,00,3f,00,5c,00,43,00,3a,00,5c,00,57,00,49,00,4e,00,\
44,00,4f,00,57,00,53,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,\
00,5c,00,53,00,56,00,4b,00,50,00,2e,00,73,00,79,00,73,00,00,00
"DisplayName"="SVKP"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SVKP\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SVKP\Enum]
"0"="Root\\LEGACY_SVKP\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

--

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SVKP]
"Type"=dword:00000001
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):5c,00,3f,00,3f,00,5c,00,43,00,3a,00,5c,00,57,00,49,00,4e,00,\
44,00,4f,00,57,00,53,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,\
00,5c,00,53,00,56,00,4b,00,50,00,2e,00,73,00,79,00,73,00,00,00
"DisplayName"="SVKP"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SVKP\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

BroTherHooDJz
2007-03-08, 07:56
Me too hav this problem after installing the new updates!

Buster
2007-03-08, 08:30
:oops: Thanks for reporting this false positive. We will fix it as soon as possible. Until that, please tell Spybot to ignore these registry keys. Just rightclick on each entry in the result window and select "Exclude this detection from further searches". :fear:

antdude
2007-03-08, 13:48
:oops: Thanks for reporting this false positive. We will fix it as soon as possible. Until that, please tell Spybot to ignore these registry keys. Just rightclick on each entry in the result window and select "Exclude this detection from further searches". :fear:Thanks!

mercian
2007-03-08, 18:26
Phew, glad I checked the forum, as I was panicking about the smitfraud detection, couldn't understand how I'd acquired it through two firewalls and up to date antivirus software.

tashi
2007-03-08, 19:01
Glad you saw the topic too. :)


couldn't understand how I'd acquired it through two firewalls

Not two software firewalls?

Rule of thumb is one Firewall/AV to avoid conflicts and loss of program efficiency. :alien:

mercian
2007-03-08, 19:50
Netgear router firewall plus on-board McAfee AV/Firewall :bigthumb: