PDA

View Full Version : I know others had FPs of GuardianMonitor, but are mine FPs??



WolvenSpectre
2007-04-30, 06:36
I recently had three very worrying positives in my regular Spybot scans. I was told that GuardianMonitor was on my computer and keylogging my actions to a email box somewhere on the Interweb.

When I would remove it, and check to make sure it is gone, I'd come back later it would be back.

I was getting very concerned and even got into a huge argument with my friends, who are also very computer savvy in their own areas, about what I should do.

Now I am coming through as clean.

I also find I may have been getting false positives.

How do I know if my detections are false.

(I am about to rebuild my system anyway and I am in the middle of rolling my own firewall so I am going to be safe soon anyway, but I need to know whether my information integrity has been compromised)

Yodama
2007-04-30, 10:26
hello,

without having any information on your system it is impossible for us to tell if it is a false positive or a real infection.

Submitting a Spybotreport will show us what has been found as GuardianMonitor.

WolvenSpectre
2007-04-30, 14:59
that is what I was meaning by my posting... what did I need to post for you to analyze.

I can't find a feature in the restore feature to output data, and the bug reporting features always say that you shouldn't use it unless you guys ask for it.

so how/what/where do I send you. do I do the usual "I have a X GHz " yadda yadda. do you want a list of my security programs? I couldn't find a sticky on it and I don't have the time to read the whole board (although I found a fix for that $&^$& Teatimer pop up problem that I hope is employed soon.

tashi
2007-04-30, 18:02
Hello.

Spybot-S&D FAQs and Info; http://forums.spybot.info/showthread.php?t=3922


Announcing betas: TeaTimer / Updater / Vista integration (http://forums.spybot.info/showthread.php?t=9474)

Which fixes the GUI issue previously discussed here: Solution to fix the pop-ups in TeaTimer. (Spybot-S&D V 1.4) (http://forums.spybot.info/showthread.php?t=122)

You can get the beta by Opening Spybot-S&D > Mode > Advanced Mode > Settings.

Go to the settings page, and enable beta updates to be able to see them when you're looking for updates.


Provide a Spybot-S&D log

Produce a short log (showing items flagged)

Open SpyBot.
Check for problems.
When finished, right click and choose copy results (not the full report) to clipboard and post that into topic.


So we can take a quick look here, then also:

Open Spybot-S&D and start a scan ("check for problems").
After the scan, right-click in the results field and choose either "Save full report to file..." or
"Copy full report to clipboard".

Attach the file (or copy the report) to the email and send it to: detections(at)spybot.info (Replace AT with @)


Regards. :)

WolvenSpectre
2007-05-01, 00:06
I have enclsed the scan, before I was removing them immeadiately and only had the copies in the restore area, and as you can imagine I wasn't too keen on restoring a possible keylogger.

I included the diagnosed registry key and sub keys.

The CSLID is identical every time, unlike most malware I have delt with in the past.

Thanks for the heads up on the TeaTimer and the Beta.

PS.
I still couldn't find info on making a scan report in the FAQ link you supplied so thanks for telling me how.

tashi
2007-05-01, 05:36
Hi WolvenSpectre.

I will bring this to a detective's attention for clarification.

Thank you for providing the log. :bigthumb:

Yodama
2007-05-02, 09:50
hi,

thanks for submitting the report.

It is a false positive, it will be corrected with the upcoming update.



@Tashi
thanks for notifying me :D:

WolvenSpectre
2007-05-03, 01:04
THANK YOU, THANK YOU, THANK YOU!!!!!! :yahoo:

yippie yay!

I can put off my reinstall for a little while and not panic about the hardware problems I am having with seting up my Smoothwall Firewall!

:2thumb: