FP for Smitfraud-C. with 3/7/2007 updates?

A

antdude

New member
Alpha Testers
I never had this one before, but I am not sure if it is a false positive or not:

Smitfraud-C.: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SVKP

Smitfraud-C.: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SVKP

DoubleClick: Tracking cookie (Mozilla: ant) (Cookie, fixed)


HitBox: Tracking cookie (Mozilla: ant) (Cookie, fixed)


HitBox: Tracking cookie (Mozilla: ant) (Cookie, fixed)


HitBox: Tracking cookie (Mozilla: ant) (Cookie, fixed)


Statcounter: Tracking cookie (Mozilla: ant) (Cookie, fixed)


Statcounter: Tracking cookie (Mozilla: ant) (Cookie, fixed)


Statcounter: Tracking cookie (Mozilla: ant) (Cookie, fixed)


Statcounter: Tracking cookie (Mozilla: ant) (Cookie, fixed)


Statcounter: Tracking cookie (Mozilla: ant) (Cookie, fixed)


Statcounter: Tracking cookie (Mozilla: ant) (Cookie, fixed)


Statcounter: Tracking cookie (Mozilla: ant) (Cookie, fixed)


Statcounter: Tracking cookie (Mozilla: ant) (Cookie, fixed)


Statcounter: Tracking cookie (Mozilla: ant) (Cookie, fixed)


Statcounter: Tracking cookie (Mozilla: ant) (Cookie, fixed)


Statcounter: Tracking cookie (Mozilla: ant) (Cookie, fixed)


Statcounter: Tracking cookie (Mozilla: ant) (Cookie, fixed)


Statcounter: Tracking cookie (Mozilla: ant) (Cookie, fixed)


Statcounter: Tracking cookie (Mozilla: ant) (Cookie, fixed)


Statcounter: Tracking cookie (Mozilla: ant) (Cookie, fixed)


Statcounter: Tracking cookie (Mozilla: ant) (Cookie, fixed)


HitsLink: Tracking cookie (Mozilla: ant) (Cookie, fixed)


WebTrends live: Tracking cookie (Mozilla: ant) (Cookie, fixed)


CoreMetrics: Tracking cookie (Mozilla: ant) (Cookie, fixed)


CoreMetrics: Tracking cookie (Mozilla: ant) (Cookie, fixed)



--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-06-01 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-01-15 advcheck.dll (1.2.1.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2007-01-02 Tools.dll (2.0.1.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-03-07 Includes\Cookies.sbi (*)
2006-12-08 Includes\Dialer.sbi (*)
2007-03-07 Includes\DialerC.sbi (*)
2007-02-07 Includes\Hijackers.sbi (*)
2007-03-07 Includes\HijackersC.sbi (*)
2006-10-27 Includes\Keyloggers.sbi (*)
2007-03-07 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2007-02-14 Includes\Malware.sbi (*)
2007-03-07 Includes\MalwareC.sbi (*)
2007-01-19 Includes\PUPS.sbi (*)
2007-03-07 Includes\PUPSC.sbi (*)
2007-03-07 Includes\Revision.sbi (*)
2006-12-08 Includes\Security.sbi (*)
2007-03-07 Includes\SecurityC.sbi (*)
2007-02-02 Includes\Spybots.sbi (*)
2007-03-07 Includes\SpybotsC.sbi (*)
2005-02-17 Includes\Tracks.uti
2007-03-07 Includes\Trojans.sbi (*)
2007-03-07 Includes\TrojansC.sbi (*)


What do you think? Thank you in advance. :)
 
I exported my registry keys for the suspects:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SVKP]
"Type"=dword:00000001
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):5c,00,3f,00,3f,00,5c,00,43,00,3a,00,5c,00,57,00,49,00,4e,00,\
44,00,4f,00,57,00,53,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,\
00,5c,00,53,00,56,00,4b,00,50,00,2e,00,73,00,79,00,73,00,00,00
"DisplayName"="SVKP"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SVKP\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SVKP\Enum]
"0"="Root\\LEGACY_SVKP\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

--

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SVKP]
"Type"=dword:00000001
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):5c,00,3f,00,3f,00,5c,00,43,00,3a,00,5c,00,57,00,49,00,4e,00,\
44,00,4f,00,57,00,53,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,\
00,5c,00,53,00,56,00,4b,00,50,00,2e,00,73,00,79,00,73,00,00,00
"DisplayName"="SVKP"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SVKP\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
 
:oops: Thanks for reporting this false positive. We will fix it as soon as possible. Until that, please tell Spybot to ignore these registry keys. Just rightclick on each entry in the result window and select "Exclude this detection from further searches". :fear:
 
Buster said:
:oops: Thanks for reporting this false positive. We will fix it as soon as possible. Until that, please tell Spybot to ignore these registry keys. Just rightclick on each entry in the result window and select "Exclude this detection from further searches". :fear:
Click to expand...
Thanks!
 
Phew, glad I checked the forum, as I was panicking about the smitfraud detection, couldn't understand how I'd acquired it through two firewalls and up to date antivirus software.
 
Glad you saw the topic too. :)

mercian said:
couldn't understand how I'd acquired it through two firewalls
Click to expand...

Not two software firewalls?

Rule of thumb is one Firewall/AV to avoid conflicts and loss of program efficiency. :alien:
 
You must log in or register to reply here.
Back
Top