PDA

View Full Version : WinSpy.SpySoftWareX


bill117
2007-04-05, 15:51
I just removed winspy, but would like someone to look at my log file. Is it a false positive? Here is the report.

--- Report generated: 2007-04-05 07:29 ---

WinSpy.SpySoftWareX: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\ANSMTP.OBJ

WinSpy.SpySoftWareX: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\ANSMTP.OBJ.1


--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-12-03 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-01-15 advcheck.dll (1.2.1.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2007-01-02 Tools.dll (2.0.1.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-04-04 Includes\Cookies.sbi (*)
2006-12-08 Includes\Dialer.sbi (*)
2007-04-04 Includes\DialerC.sbi (*)
2007-04-04 Includes\Hijackers.sbi (*)
2007-04-04 Includes\HijackersC.sbi (*)
2006-10-27 Includes\Keyloggers.sbi (*)
2007-04-04 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2007-03-21 Includes\Malware.sbi (*)
2007-04-04 Includes\MalwareC.sbi (*)
2007-03-21 Includes\PUPS.sbi (*)
2007-04-04 Includes\PUPSC.sbi (*)
2007-04-04 Includes\Revision.sbi (*)
2006-12-08 Includes\Security.sbi (*)
2007-04-04 Includes\SecurityC.sbi (*)
2007-03-21 Includes\Spybots.sbi (*)
2007-04-04 Includes\SpybotsC.sbi (*)
2005-02-17 Includes\Tracks.uti
2007-04-04 Includes\Trojans.sbi (*)
2007-04-04 Includes\TrojansC.sbi (*)
les35
2007-04-06, 13:00
Bill,

I had the same problem, is somebody able to confirm this is a false positive ?

Thanks,

Les
MisterW
2007-04-06, 16:46
Hi,
We are working on a solution for that problem and it seems as it is a false positive. It will be fixed with the next update scheduled for wednesday. :oops:

regards

Markus
Team Spybot
iusexp
2007-04-22, 20:50
Hi,
We are working on a solution for that problem and it seems as it is a false positive. It will be fixed with the next update scheduled for wednesday. :oops:

regards

Markus
Team Spybot


Hello!

I have updated Spybot S& D today, 22.04.07. Now, after running the program, it seems that I have also this "WinSpy.SpySoftWareX" Problem. I am not sure, how to handle this. Is this a false positive or not?
If, then it is not fixed until now?
As a precaution I decided to let S&D clean these registry entries with backup.
But I am not sure if this was the right decision.

Sorry for my bad english.

Thanks for your support.

Berni
Buster
2007-04-23, 08:57
Hello iusexp,

as MisterW already stated, this is a false positive. But it has already been fixed in an update a few weeks ago. Are you really sure, that we are talking about these registry keys?

WinSpy.SpySoftWareX: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\ANSMTP.OBJ

WinSpy.SpySoftWareX: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\ANSMTP.OBJ.1

In order to avoid any misunderstanding, please attach your scan results to your next post. Just right click into Spybot´s result window and select "Copy results to clipboard" and paste them into your next post.
MisterW
2007-04-23, 08:59
Hi,
which registry keys or files are detected exactly on your system?

regards,
Markus
iusexp
2007-04-24, 03:08
Hello again!

These are the registry keys and files which were shown as infected. As you can see I decided to fix them. Until now I do not have a problem with anything since fixing. But maybe it only needs more time. :sad:


WinSpy.SpySoftWareX: Einstellungen (Registrierungsdatenbank-Schlüssel, fixed)
HKEY_CLASSES_ROOT\CLSID\{DF6D6569-5B0C-11D3-9396-008029E9B3A6}

WinSpy.SpySoftWareX: Einstellungen (Registrierungsdatenbank-Schlüssel, fixed)
HKEY_CLASSES_ROOT\CLSID\{DF6D655A-5B0C-11D3-9396-008029E9B3A6}

WinSpy.SpySoftWareX: Einstellungen (Registrierungsdatenbank-Schlüssel, fixed)
HKEY_CLASSES_ROOT\Interface\{DF6D6559-5B0C-11D3-9396-008029E9B3A6}

WinSpy.SpySoftWareX: Einstellungen (Registrierungsdatenbank-Schlüssel, fixed)
HKEY_CLASSES_ROOT\Interface\{DF6D6568-5B0C-11D3-9396-008029E9B3A6}

WinSpy.SpySoftWareX: Einstellungen (Registrierungsdatenbank-Schlüssel, fixed)
HKEY_CLASSES_ROOT\Interface\{DF6D656E-5B0C-11D3-9396-008029E9B3A6}

WinSpy.SpySoftWareX: Einstellungen (Registrierungsdatenbank-Schlüssel, fixed)
HKEY_CLASSES_ROOT\TypeLib\{DF6D6558-5B0C-11D3-9396-008029E9B3A6}

WinSpy.SpySoftWareX: Root class (Registrierungsdatenbank-Schlüssel, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\vbVidC60.ezVidCap

WinSpy.SpySoftWareX: Class ID (Registrierungsdatenbank-Schlüssel, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{DF6D6569-5B0C-11D3-9396-008029E9B3A6}

WinSpy.SpySoftWareX: Root class (Registrierungsdatenbank-Schlüssel, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\vbVidC60.ICapCallBack

WinSpy.SpySoftWareX: Class ID (Registrierungsdatenbank-Schlüssel, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{DF6D655A-5B0C-11D3-9396-008029E9B3A6}

WinSpy.SpySoftWareX: Bibliothek (Datei, fixed)
C:\WINDOWS\system32\ezVidC60.ocx

I do not know anything about ezVidC60.ocx for example.

This week I have to work in the evening hours, maybe I need a day or two for answering if you have any more questions. I am sorry for that but sometimes I am too tired.

Bye
Berni
MisterW
2007-04-24, 16:41
Hello,
I don't think that these keys are false positives. It looks like a real infection and if you fixed it and you do not have any problem yet everything seems ok :bigthumb:

regards
Markus
Ray24bd
2007-04-25, 10:14
I updated Spybot S&D at 8am this morning (UK time) and ran the search.

winspy.spysoftwarex was reported.

There seems to be some confusion in the thread as to whether this is a false positive.

I have fixed the problem with Spybot, but would like confirmation that this was an infection that needed to be removed.


The report generated the following:

WinSpy.SpySoftWareX: Settings (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{DF6D6569-5B0C-11D3-9396-008029E9B3A6}

WinSpy.SpySoftWareX: Settings (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{DF6D655A-5B0C-11D3-9396-008029E9B3A6}

WinSpy.SpySoftWareX: Settings (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{DF6D6559-5B0C-11D3-9396-008029E9B3A6}

WinSpy.SpySoftWareX: Settings (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{DF6D6568-5B0C-11D3-9396-008029E9B3A6}

WinSpy.SpySoftWareX: Settings (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{DF6D656E-5B0C-11D3-9396-008029E9B3A6}

WinSpy.SpySoftWareX: Settings (Registry key, fixed)
HKEY_CLASSES_ROOT\TypeLib\{DF6D6558-5B0C-11D3-9396-008029E9B3A6}

WinSpy.SpySoftWareX: Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\vbVidC60.ezVidCap

WinSpy.SpySoftWareX: Class ID (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{DF6D6569-5B0C-11D3-9396-008029E9B3A6}

WinSpy.SpySoftWareX: Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\vbVidC60.ICapCallBack

WinSpy.SpySoftWareX: Class ID (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{DF6D655A-5B0C-11D3-9396-008029E9B3A6}


--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-10-21 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-04-18 advcheck.dll (1.5.1.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2007-01-02 Tools.dll (2.0.1.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-04-18 Includes\Cookies.sbi (*)
2006-12-08 Includes\Dialer.sbi (*)
2007-04-18 Includes\DialerC.sbi (*)
2007-04-04 Includes\Hijackers.sbi (*)
2007-04-18 Includes\HijackersC.sbi (*)
2006-10-27 Includes\Keyloggers.sbi (*)
2007-04-18 Includes\KeyloggersC.sbi (*)
2007-03-21 Includes\Malware.sbi (*)
2007-04-18 Includes\MalwareC.sbi (*)
2007-03-21 Includes\PUPS.sbi (*)
2007-04-18 Includes\PUPSC.sbi (*)
2007-04-18 Includes\Revision.sbi (*)
2006-12-08 Includes\Security.sbi (*)
2007-04-18 Includes\SecurityC.sbi (*)
2007-03-21 Includes\Spybots.sbi (*)
2007-04-18 Includes\SpybotsC.sbi (*)
2005-02-17 Includes\Tracks.uti
2007-04-11 Includes\Trojans.sbi (*)
2007-04-18 Includes\TrojansC.sbi (*)
iusexp
2007-04-27, 00:44
I updated Spybot S&D at 8am this morning (UK time) and ran the search.

winspy.spysoftwarex was reported.

There seems to be some confusion in the thread as to whether this is a false positive.

I have fixed the problem with Spybot, but would like confirmation that this was an infection that needed to be removed.
...
...



It is the same as in my case if I have properly understood. The same registry keys, a real infection.
I am a little bit concerned about how long this spyware was active on my computer. No idea, where I "catched" it.
But neither my firewall nor my antivir reported anything suspicious since I remember.

Bye
Berni
tashi
2007-04-27, 01:53
Hello.

From Post #4 down we are not speaking of a false positive, however there is no way of knowing how long the machine was infected.

Regards. :)

Tips:
So how did I get infected in the first place? ( http://forums.spybot.info/showthread.php?t=279 )