View Full Version : WinSpy.SpySoftWareX
I just removed winspy, but would like someone to look at my log file. Is it a false positive? Here is the report.
--- Report generated: 2007-04-05 07:29 ---
WinSpy.SpySoftWareX: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\ANSMTP.OBJ
WinSpy.SpySoftWareX: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\ANSMTP.OBJ.1
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-12-03 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-01-15 advcheck.dll (1.2.1.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2007-01-02 Tools.dll (2.0.1.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-04-04 Includes\Cookies.sbi (*)
2006-12-08 Includes\Dialer.sbi (*)
2007-04-04 Includes\DialerC.sbi (*)
2007-04-04 Includes\Hijackers.sbi (*)
2007-04-04 Includes\HijackersC.sbi (*)
2006-10-27 Includes\Keyloggers.sbi (*)
2007-04-04 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2007-03-21 Includes\Malware.sbi (*)
2007-04-04 Includes\MalwareC.sbi (*)
2007-03-21 Includes\PUPS.sbi (*)
2007-04-04 Includes\PUPSC.sbi (*)
2007-04-04 Includes\Revision.sbi (*)
2006-12-08 Includes\Security.sbi (*)
2007-04-04 Includes\SecurityC.sbi (*)
2007-03-21 Includes\Spybots.sbi (*)
2007-04-04 Includes\SpybotsC.sbi (*)
2005-02-17 Includes\Tracks.uti
2007-04-04 Includes\Trojans.sbi (*)
2007-04-04 Includes\TrojansC.sbi (*)
Bill,
I had the same problem, is somebody able to confirm this is a false positive ?
Thanks,
Les
Hi,
We are working on a solution for that problem and it seems as it is a false positive. It will be fixed with the next update scheduled for wednesday. :oops:
regards
Markus
Team Spybot
Hi,
We are working on a solution for that problem and it seems as it is a false positive. It will be fixed with the next update scheduled for wednesday. :oops:
regards
Markus
Team Spybot
Hello!
I have updated Spybot S& D today, 22.04.07. Now, after running the program, it seems that I have also this "WinSpy.SpySoftWareX" Problem. I am not sure, how to handle this. Is this a false positive or not?
If, then it is not fixed until now?
As a precaution I decided to let S&D clean these registry entries with backup.
But I am not sure if this was the right decision.
Sorry for my bad english.
Thanks for your support.
Berni
Hello iusexp,
as MisterW already stated, this is a false positive. But it has already been fixed in an update a few weeks ago. Are you really sure, that we are talking about these registry keys?
WinSpy.SpySoftWareX: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\ANSMTP.OBJ
WinSpy.SpySoftWareX: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\ANSMTP.OBJ.1
In order to avoid any misunderstanding, please attach your scan results to your next post. Just right click into Spybot´s result window and select "Copy results to clipboard" and paste them into your next post.
Hi,
which registry keys or files are detected exactly on your system?
regards,
Markus
Hello again!
These are the registry keys and files which were shown as infected. As you can see I decided to fix them. Until now I do not have a problem with anything since fixing. But maybe it only needs more time. :sad:
WinSpy.SpySoftWareX: Einstellungen (Registrierungsdatenbank-Schlüssel, fixed)
HKEY_CLASSES_ROOT\CLSID\{DF6D6569-5B0C-11D3-9396-008029E9B3A6}
WinSpy.SpySoftWareX: Einstellungen (Registrierungsdatenbank-Schlüssel, fixed)
HKEY_CLASSES_ROOT\CLSID\{DF6D655A-5B0C-11D3-9396-008029E9B3A6}
WinSpy.SpySoftWareX: Einstellungen (Registrierungsdatenbank-Schlüssel, fixed)
HKEY_CLASSES_ROOT\Interface\{DF6D6559-5B0C-11D3-9396-008029E9B3A6}
WinSpy.SpySoftWareX: Einstellungen (Registrierungsdatenbank-Schlüssel, fixed)
HKEY_CLASSES_ROOT\Interface\{DF6D6568-5B0C-11D3-9396-008029E9B3A6}
WinSpy.SpySoftWareX: Einstellungen (Registrierungsdatenbank-Schlüssel, fixed)
HKEY_CLASSES_ROOT\Interface\{DF6D656E-5B0C-11D3-9396-008029E9B3A6}
WinSpy.SpySoftWareX: Einstellungen (Registrierungsdatenbank-Schlüssel, fixed)
HKEY_CLASSES_ROOT\TypeLib\{DF6D6558-5B0C-11D3-9396-008029E9B3A6}
WinSpy.SpySoftWareX: Root class (Registrierungsdatenbank-Schlüssel, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\vbVidC60.ezVidCap
WinSpy.SpySoftWareX: Class ID (Registrierungsdatenbank-Schlüssel, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{DF6D6569-5B0C-11D3-9396-008029E9B3A6}
WinSpy.SpySoftWareX: Root class (Registrierungsdatenbank-Schlüssel, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\vbVidC60.ICapCallBack
WinSpy.SpySoftWareX: Class ID (Registrierungsdatenbank-Schlüssel, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{DF6D655A-5B0C-11D3-9396-008029E9B3A6}
WinSpy.SpySoftWareX: Bibliothek (Datei, fixed)
C:\WINDOWS\system32\ezVidC60.ocx
I do not know anything about ezVidC60.ocx for example.
This week I have to work in the evening hours, maybe I need a day or two for answering if you have any more questions. I am sorry for that but sometimes I am too tired.
Bye
Berni
Hello,
I don't think that these keys are false positives. It looks like a real infection and if you fixed it and you do not have any problem yet everything seems ok :bigthumb:
regards
Markus
I updated Spybot S&D at 8am this morning (UK time) and ran the search.
winspy.spysoftwarex was reported.
There seems to be some confusion in the thread as to whether this is a false positive.
I have fixed the problem with Spybot, but would like confirmation that this was an infection that needed to be removed.
The report generated the following:
WinSpy.SpySoftWareX: Settings (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{DF6D6569-5B0C-11D3-9396-008029E9B3A6}
WinSpy.SpySoftWareX: Settings (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{DF6D655A-5B0C-11D3-9396-008029E9B3A6}
WinSpy.SpySoftWareX: Settings (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{DF6D6559-5B0C-11D3-9396-008029E9B3A6}
WinSpy.SpySoftWareX: Settings (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{DF6D6568-5B0C-11D3-9396-008029E9B3A6}
WinSpy.SpySoftWareX: Settings (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{DF6D656E-5B0C-11D3-9396-008029E9B3A6}
WinSpy.SpySoftWareX: Settings (Registry key, fixed)
HKEY_CLASSES_ROOT\TypeLib\{DF6D6558-5B0C-11D3-9396-008029E9B3A6}
WinSpy.SpySoftWareX: Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\vbVidC60.ezVidCap
WinSpy.SpySoftWareX: Class ID (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{DF6D6569-5B0C-11D3-9396-008029E9B3A6}
WinSpy.SpySoftWareX: Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\vbVidC60.ICapCallBack
WinSpy.SpySoftWareX: Class ID (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{DF6D655A-5B0C-11D3-9396-008029E9B3A6}
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-10-21 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-04-18 advcheck.dll (1.5.1.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2007-01-02 Tools.dll (2.0.1.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-04-18 Includes\Cookies.sbi (*)
2006-12-08 Includes\Dialer.sbi (*)
2007-04-18 Includes\DialerC.sbi (*)
2007-04-04 Includes\Hijackers.sbi (*)
2007-04-18 Includes\HijackersC.sbi (*)
2006-10-27 Includes\Keyloggers.sbi (*)
2007-04-18 Includes\KeyloggersC.sbi (*)
2007-03-21 Includes\Malware.sbi (*)
2007-04-18 Includes\MalwareC.sbi (*)
2007-03-21 Includes\PUPS.sbi (*)
2007-04-18 Includes\PUPSC.sbi (*)
2007-04-18 Includes\Revision.sbi (*)
2006-12-08 Includes\Security.sbi (*)
2007-04-18 Includes\SecurityC.sbi (*)
2007-03-21 Includes\Spybots.sbi (*)
2007-04-18 Includes\SpybotsC.sbi (*)
2005-02-17 Includes\Tracks.uti
2007-04-11 Includes\Trojans.sbi (*)
2007-04-18 Includes\TrojansC.sbi (*)
I updated Spybot S&D at 8am this morning (UK time) and ran the search.
winspy.spysoftwarex was reported.
There seems to be some confusion in the thread as to whether this is a false positive.
I have fixed the problem with Spybot, but would like confirmation that this was an infection that needed to be removed.
...
...
It is the same as in my case if I have properly understood. The same registry keys, a real infection.
I am a little bit concerned about how long this spyware was active on my computer. No idea, where I "catched" it.
But neither my firewall nor my antivir reported anything suspicious since I remember.
Bye
Berni
Hello.
From Post #4 down we are not speaking of a false positive, however there is no way of knowing how long the machine was infected.
Regards. :)
Tips:
So how did I get infected in the first place? ( http://forums.spybot.info/showthread.php?t=279 )